Bug Bounty

Bug bounty hunting insights, strategies, and experiences from a full-time hunter on YesWeHack, HackerOne, and Intigriti.

Motivation, Choosing the right program, Running

Not every week is productive. Cassim discusses motivation struggles as a solo worker, why he gave up a private program he loved, and squeezing in a running race before heading to Asia.

First Year full-time and no mouse setup

A full review of Cassim's first year as a full-time bug bounty hunter since September 2023, with figures, honest thoughts, and a new no-mouse productivity experiment.

Vacation, Expertise, and Thoughts

Working from the beach with friends, reflecting on what expertise really means, and figuring out how to lead a career in bug bounty. A week of thinking more than hacking.

Building a SAAS, and some automations

A dev-heavy week in Paris. Meeting coworking spaces for ReWorker, building new SaaS features, and thinking about what parts of bug bounty to automate versus do manually.

Enjoying being full-time, automation

Juggling multiple projects as a full-time hunter. Building automation not to be first on bugs, but to know where to focus. A hard-working phase to build a strong foundation.

LeHack, Client Side vulns

Testing automation at the LeHack live hacking event, finishing the n8n scanning setup, and diving deep into client-side vulnerability research.

Specialization, Javascript, and Automation

Choosing to specialize rather than stay average at everything. Analyzing what skills matter most in bug bounty, building automation, and diving into JavaScript security.

Public programs, Recon and ReWorker

Launching the ReWorker side project MVP, shifting from private to public bug bounty programs, and getting back into recon. Managing multiple projects as a full-time hunter.

Back on Track, Pentest and Sport

Back to hacking after a dev-focused stretch. Joining a HackerOne public program event, embracing the freedom of choosing what to work on, and balancing bug bounty with sport.