Leader-Board :-https://cyber.comolho.com/researcher-community/

Profile :- https://cyber.comolho.com/researcher/profile/rajankumarbarik143/

Introduction

Hey everyone! If you don’t know me yet, let me introduce myself. I’m Rajan Kumar Barik, but most people in the cybersecurity know me as ANONDGR. I work full-time as a bug bounty hunter, diving deep into vulnerabilities, breaking things (ethically!), and helping secure the internt (100+ valid vulnerabilities )

About this Blog

Before we dive into the topic, I want to make something clear: this article isn’t about technical breakdowns or vulnerabilities. Instead, it’s a story — my full journey from being a complete beginner to becoming the 4th top bug bounty hunter on Comolho’s global leaderboard.

My goal is simple: to share the mindset, motivation, and lessons that helped me grow, hoping they’ll inspire you on your own path too.

This story is packed with struggles, emotions, hard work, mindset shifts, and real experiences. So if you don’t have enough time right now, go ahead and bookmark it — you’ll definitely want to come back later.

Background

Going back to those earlier days, everything really began around the end of July 2025. I had just completed my BCA degree and was struggling to land my first job. I kept applying everywhere, but all I received were silence, no callbacks, or straight-up rejections. It was frustrating, and honestly, it started to drain my confidence.

That’s when I decided to try bug bounty hunting — at least to earn enough to pay my Wi-Fi bill. With no big plan in mind, I chose the Comolho bug bounty platform as my starting point… for absolutely no specific reason. I just felt like giving it a shot.

Motivation

The motivation behind all of this wasn’t just about making money. Sure, earning a little to cover my Internet bill was a practical start, but deep down, there was something much bigger driving me. I was drawn to the respect, skillset, and personal growth that the cybersecurity and bug bounty world offers.

There’s something powerful about knowing that your work directly helps secure real systems used by real people. The idea that a single bug I found could prevent a major security incident gave me a sense of purpose I had never experienced before. And in a field where skills speak louder than degrees, I realized that every hour I invested would come back to me as knowledge, confidence, and professional credibility.

More than anything, I wanted to prove to myself that I wasn’t just another unemployed graduate waiting for someone to give me a chance. I wanted to create my own opportunity — and bug bounty felt like that one door I could push open with pure dedication.

Challenges

Now came the real beginning of my tech struggle. After getting into Comolho, my mind was filled with questions — the same ones every newcomer quietly asks themselves:

1. Which program should I choose?
2. How much can I realistically earn from this?
3. What kind of vulnerabilities will I even find?
4. How do I properly write and submit a report?

All those doubts were running through my head nonstop.

As I explored the platform, I saw tons of bug bounty programs. Some were private, meaning I had no access. Some were elite programs reserved for top hackers. And then there were public programs — but those were already crowded and heavily hunted by experienced researchers. For a beginner like me, it felt almost impossible to find a good bug in a public program. The competition was intense, and I honestly felt like a total noob.

And yes, technically this wasn’t my first bounty on Comolho — I had already earned one back in late April (you can read about it here). But despite that, it didn’t make the journey any easier. I was still starting from scratch, still clueless about where to begin, and still unsure about what direction to take.

Eventually, I knew I had to pick something, even if it felt overwhelming. So I decided to target Zerodha, mainly because it offered comparatively good payouts on Comolho. It felt like a reasonable place to start — not too small, not too elite, just enough to give me a fighting chance.

Discoveries

After spending more than a week on recon, I still hadn’t found anything particularly juicy. Nothing big, nothing impressive — just the usual noise. But somewhere in that noise, I stumbled upon a rate-limit issue on a sensitive login endpoint.

Now, I know what you’re thinking: “Rate limit? Seriously?”
Yes — it’s an underrated vulnerability, and most programs don’t even reward it. But that’s exactly where the real hunter mindset kicks in.

Instead of ignoring it, I decided to chain that simple rate-limit flaw with a couple of other minor vulnerabilities. And surprisingly, the combined impact turned out to be huge — far bigger than the organization ever expected. In simple words, I managed to overwhelm their support system and escalate a tiny P5/P4-level bug into a solid P3 impact.

(If you’re interested in the technical POC breakdown, drop a comment — I’ll write a dedicated blog explaining everything in detail on my next blog.)

With that momentum, I went on to report 4–5 more P3 and P4 vulnerabilities on Zerodha, all of which were later accepted and rewarded.

But that was just the beginning.
Till now, I’ve submitted 100+ valid reports and received acknowledgments and rewards from organizations like TATA Motors, HDFC, Maruti Suzuki, CK Birla Hospital, Orient Electric, and more.

I’ve also reported 2 P1s and 4 P2s, and these high-impact submissions played a huge role in pushing my rank to the top.

Recognition

1. P2 verify here
2. P3 verify here

and all other achievements you can find here :- Profile

Ranking

To be honest, I never imagined I’d reach a rank like this. My goal in the beginning was simple earn a few bounties and keep myself afloat. But the thing about growth is… once you start moving, you grow from all sides — skills, mindset, consistency, and confidence. That’s exactly how I slowly climbed the leaderboard.

Out of 14,000+ researchers, my journey looked something like this:

• 200th → 27th
• 27th → 14th
• 14th → 7th
• 7th → 4th (current position)

Watching these numbers shift felt surreal. Every step forward was a mix of hard work, learning, and persistence and none of it happened overnight.

Let’s see where this path takes me in the future. I’m excited to keep growing, keep hunting, and keep improving.

Learning

Over the past few months, I’ve learned a lot on this journey and not just about tools, recon tricks, or technical methodologies. What I really discovered was the mindset and agenda behind all of this. Some people may agree, some might not, and that’s okay , everyone has their own dictionary of wisdom in cybersecurity.

But here’s what I’ve realized:

In cybersecurity, if you have the right skills and you know how to present them in the right place, in front of the right people, nobody can stop you from earning your success.
You don’t need to master everything.
You just need to be really good at one thing ,good enough to stand out from a small group. And trust me, that’s more than enough to survive and grow in this field.

And to be completely straight about bug bounty:
It’s mostly about impact, not just the severity label attached to a bug. Severity is just a number impact is what truly matters. It all depends on the organization you’re hunting on, their business model, their priorities, and how much they care about a particular vulnerability.

When your aim is to create real impact, even a small bug can turn into something big.

Tips

I often receive DMs on LinkedIn and emails from people asking for tips and tricks to find impactful vulnerabilities. But to be completely honest, there’s no magic formula or secret trick that guarantees high-impact bugs or big payouts. Bug bounty isn’t a shortcut it’s a craft.

Still, since so many people ask, here are a few pieces of advice that might help you, depending on where you are in your journey:

For Beginners

• Build strong fundamentals first.
  Understand the basics of web technologies, networking, Linux, HTTP, and how applications really work.
• Practice on labs.
  Platforms like PortSwigger Academy and TryHackMe are great places to sharpen your skills in a safe environment.
• Start hunting on real platforms.
  Join bug bounty platforms like Comolho and begin with simple programs to build confidence.

(Here’s my referral invite link to Comolho — if you sign up using it, you’ll earn some initial points that can help you stand out in the beginning.)

For Pros

You already know the drill what to do, how to do it, and where to look.
If you think I missed something or you have better advice to share, feel free to drop a comment. I’m always open to learning from others in the community too.

Conclusion

Alright, so we’ve finally reached the end of this amazing blog not the end of our journey, of course. There’s still so much I want to share with you. I know it took me a long time to put this out, but I’ve been busy building something exciting behind the scenes.

I promise that in my next blog, I’ll break down some of my high-impact findings with full technical details, insights, and everything in between.

Until then, stay tuned — the journey is just getting started.