Most Valuable Hacker at a HackerOne Live Hacking Event is the most prestigious award in the bug bounty space today. Douglas Day won it at H1-305 earlier this year in 2024 and has shared his experience in this blog post. I especially liked this part, which is very...
Bug Bounty
How a top hunter figures out a complex target
We all read bug bounty write-ups and learn from them. However, the bug is always the culmination of the bug hunting process. We never see the initial phase, where the hunter is confused with everything and only learns how to use and understand the parameters. Ron Chan...
Story of a Cloud Architecture Diagramming Tool gone wrong
This blog post goes over a story of one of Google’s applications that eventually led it to be taken down because of XSSes, path traversals, and a lot of data disclosure. Basically, everything. https://jdomeracki.github.io//2024/11/09/sketchy_cheat_sheet/
Switching from pentesting to bug bounty – 6 things I had to change
If you’re a web pentester, you’re hacking web applications. If you want to do web bug bounty, you’re also going to hack web applications. It sounds like it should be an easy transition. However, for many, it isn't. It certainly wasn't for me. I like to draw an...
Oh Sh*t bug bounty moments
Bug bounty is means hacking is mostly done on production targets. And we can be as careful as possible, we’ll still break things at times. Here’s a thread with some Oh Sh*t bug bounty moments from the community. https://x.com/hacker_/status/1509986966384877569
200K $ in 2 weeks : A clickbait title but (hopefully) valuable advice
If you want to learn more about LHEs, this blogpost is great. Doomerhunter describes how he got into Live Hacking Events and how he, with Geluchat, made $200k on AWS during the H1-0131. It’s a nice, honest advice and I can only agree with everything that has been said...
From easy wins to epic challenges: Bounty hunter edition
A lot of you enjoyed the Q&A with Jhaddix and Blaklis that I published on my channel last week. If you’d like to familiarise yourself more with Blaklis’ methodology (and trust me, you should), his talk from DEFCON is now public....
5 things that skyrocketed by bug bounty progress in 2024
My bug bounty game skyrocketed in 2024 compared to previous years. After only 3 quarters, I already submitted many more reports than in 2023 and earned over double of my 2023 bug bounty income. I also participated in two rounds of the Hackerone Ambassador World Cup...
Monke’s Guide to Bug Bounty Methodology
Monke disclosed his whole bug bounty methodology and included many interesting topics like program selection, scope selection or tools used but also important non-technical aspects like mental health and collaboration....
The 3 biggest lessons from my first LHE
I’ve been a participant of the h1-702 Live Hacking Event in Las Vegas and it was an unforgettable experience! This one week profoundly changed the way I see bug bounty. In this article, I’ll describe my biggest lessons from the LHE. Of course, most technical things...