Bug Bounty

Bug bounty hunting insights, strategies, and experiences from a full-time hunter on YesWeHack, HackerOne, and Intigriti.

Praha, Working outside and filters

Working from Prague after Berlin, admiring the architecture. Sharing strategies for staying efficient as a remote worker and filtering bug bounty targets to focus on what matters.

Amsterdam, Hackyx, and XSS

First time in Amsterdam, officially launching hackyx.io, the cybersecurity search engine, and starting to hunt XSS vulnerabilities. Next stop: Berlin.

My first official LHE with YesWeHack !

Two back-to-back YesWeHack live hacking events in two weeks. From the InCyber Forum LHE to HackMeI'mFamous, a full recap of competing and learning at official events.

Bug Bounty seen as a video game

What if bug bounty is just a video game? Cassim draws parallels between hunting vulnerabilities and gaming, from leveling up skills to grinding through targets.

My goals in 2024

Looking back at 2023 with 20k in bounties and 3 months full-time, then setting ambitious goals for 2024. Bug bounty targets, a marathon, and building a sustainable career.

Negotiate your bugs to win more

CVSS is not perfect and the same vulnerability can be worth different amounts. How to properly evaluate your findings and negotiate bug bounty reports to get what they deserve.

Difficulties of being a full-time hunter

The reality behind the big bounty screenshots on Twitter. Cassim exposes the real difficulties of being a full-time bug bounty hunter, from income instability to mental challenges.

My figures after one year of bug bounty hunting

Full transparency on one year of bug bounty hunting. All the bounties, all the numbers, and honest thoughts on whether you can actually make a living from it. Written from Taipei.

Thoughts of a nomad hacker

The very first blog post. Cassim introduces himself as aituglo, a digital nomad bug bounty hunter at 23, and sets the stage for sharing his journey through security, travel, and life.