Bug Bounty

Bug bounty hunting insights, strategies, and experiences from a full-time hunter on YesWeHack, HackerOne, and Intigriti.

Review of 2024 and goals for 2025

2024 was the first full year as a full-time hunter. Reviewing what worked, what did not, and setting ambitious goals for 2025.

Motivation, Choosing the right program, Running

Not every week is productive. Cassim discusses motivation struggles as a solo worker, why he gave up a private program he loved, and squeezing in a running race before heading to Asia.

First Year full-time and no mouse setup

A full review of Cassim's first year as a full-time bug bounty hunter since September 2023, with figures, honest thoughts, and a new no-mouse productivity experiment.

Vacation, Expertise, and Thoughts

Working from the beach with friends, reflecting on what expertise really means, and figuring out how to lead a career in bug bounty. A week of thinking more than hacking.

Building a SAAS, and some automations

A dev-heavy week in Paris. Meeting coworking spaces for ReWorker, building new SaaS features, and thinking about what parts of bug bounty to automate versus do manually.

Enjoying being full-time, automation

Juggling multiple projects as a full-time hunter. Building automation not to be first on bugs, but to know where to focus. A hard-working phase to build a strong foundation.

LeHack, Client Side vulns

Testing automation at the LeHack live hacking event, finishing the n8n scanning setup, and diving deep into client-side vulnerability research.

Specialization, Javascript, and Automation

Choosing to specialize rather than stay average at everything. Analyzing what skills matter most in bug bounty, building automation, and diving into JavaScript security.