Draft of a night walk: the diagnosis of a researcher’s quest for success
Published:
I’m coming back from a long nighttime walk with a friend, during which we had several interesting discussions. One of them seemed relevant enough to turn into the short draft you’re reading now. This friend has been training in offensive web security for almost a year. He’s an intelligent and particularly studious person, yet despite that, he’s struggling to find his first vulnerability during his bug bounty sessions, and we were trying to identify the potential reasons behind it.
To be honest, I don’t think I’m the most qualified person to do so, as I haven’t practiced bug bounty in a “classic” way for quite some time now, my work being largely focused on zero-day research through code review. And although these practices share some common ground, the realities and challenges of these relatively distinct approaches are not necessarily the same.
That said, I’m familiar with some of his habits, or rather, his reflexes, such as his tendency to take far too many notes during his research, to apply a more or less rigid and systematic to-do list made up of various scripts and processes, or even to quickly retreat into learning when his research seems to stall.
Far be it from me to play the psychoanalyst, these behaviors resonate with me and, to some extent, remind me of a personal struggle I face daily in my attempt to improve my craft: being sincere in my research. Allow me to clarify these somewhat hazy statements and to shed light on their connection with the aforementioned habits of my dear friend, at the risk of being perceived as some sort of New Age personal development guru. This will certainly not speak to everyone, it is highly subjective, or perhaps, for some, naively obvious.
Topics related to mental health are often brought up in the field. They are not subjects on which I am particularly educated and/or sensitized, but I believe that a domain such as research, in the broadest sense of the term, being non-deterministic by nature, is naturally prone to them. It is a raw and unforgiving pursuit, often experienced in solitude, or in the company of doubt, uncertainty, and constant self-questioning. Without frequent results, our reward system is forced into a long, sinuous fast whose end is unknown, potentially giving rise to curious “survival” mechanisms.
To return to my friend’s reflexes, they are, in my view, at least partially the product of these mechanisms, and they make it possible to maintain a false sense of accomplishment. Human is the need to feel satisfaction at the end of a long day’s work, to feel that one is moving forward, in order to escape a reality that is sometimes far harsher and more bitter. And what is not always possible becomes even rarer depending on the specialty, which can quickly become draining.
These mechanisms, though particularly present in thankless fields, are nothing special and are found almost everywhere, even in more traditional practices with zero entropy. I still remember, a few years ago, in a past life during a study trip, sitting with a book and taking far too many notes from it. All this, to reassure myself and create the mistaken impression and satisfaction of having fully absorbed it. And then there are those colleagues who spend more time decorating their notes with highlighters than actually studying them. Anyway, there are countless variations of these behaviors, starting with the overuse of so-called productivity apps or anything that falls into the aesthetics of “well-done” work or study.
The consequences of excessive note-taking, rigidly following to-do lists, or any other action driven by these “survival mechanisms” are obviously not dramatic in themselves, but in my humble opinion, they are problematic for several reasons. On one hand, the precious time lost, but above all, the self-sabotage inflicted, leading to a lack of sincerity in the research itself. The more time passes without results, the more one shifts from a truthful approach of deep exploration to a pursuit of results for the sake of results, gradually trading substance for a form adorned with comforting and/or falsely self-congratulatory causes.
And although this may give the illusion of helping with what was mentioned earlier, or may occasionally work by accident, it cannot be viable in the long term, nor for any serious project. Certain vulnerabilities, whose complexity leaves no room for luck to act as an opportunistic ally, will remain unreachable, casting a shadow over anyone guilty of intellectual laziness or of a breach of sincerity, imposing a near-glass ceiling.
I believe that excelling in the field of research requires an obsessive curiosity for internal mechanisms and an intense cognitive engagement, both of which are inherently conditioned by a pure sincerity in one’s undertakings. These qualities cannot be simulated, and although some people may be endowed with them at birth, the era in which we live is, in any case, hardly the greatest support when it comes to sustained and rigorous analytical focus.
As for me, I am not naturally endowed with these qualities, I think I operate in phases, although I’m not entirely sure yet. Sometimes, I find myself engaging in “incidental actions”, like writing preliminary outlines of potential leads on my whiteboard, or testing things that don’t really make sense, often a sign of a long crossing of the desert. When this happens, I tend to have a rather harsh internal dialogue, seeing myself fall into something I despise.
Other times, the immersion is total, time flows unusually fast, and my curiosity leads the way. This state usually results in discoveries, or at the very least, in interesting leads. Losing oneself in the quest for understanding, without having to force it, coupled with the points mentioned earlier, is the form of sincerity I am referring to. It is probably the most perfect state for research, and it is, in fact, what has enabled, when taking a step back, the greatest discoveries of this world. Their authors often exhibited a level of obsessive behavior bordering on the pathological, and a lifestyle completely at odds with the healthy-living advice of our era, but that is another story.
I also believe that being too procedural can be detrimental. Research, or hacking in general, requires a certain freedom and flexibility. While I can understand that it may be reassuring to create a to-do list, surely drawn from various courses taken here and there, this is constraining, and therefore contrary to the philosophy of freedom required in this context. It is likely more relevant to prioritize a form of organized anarchy rather than absolute organization.
I hope it is clear that each of these individual actions, which are by no means exhaustive here, is not problematic in itself, but rather for what motivates it and the consequences it brings.
As for you, my friend who will surely read this, I ask the Lord to ease your path and to grant you His blessings.
Thank you for reading.
Al hamduliLlah
Published in January 2026