Bug Bounty

Bug bounty hunting insights, strategies, and experiences from a full-time hunter on YesWeHack, HackerOne, and Intigriti.

Rest week, Planning and Event

Back in Paris after Istanbul. A rest week with friends, less hacking, more planning. Mapping out the next steps for bug bounty, sport, and development projects.

Hackyx, State of the Art and AI

Working on Hackyx from a coworking in Istanbul, exploring AI applications in security, and walking streets that feel straight out of Assassin's Creed Revelations.

Dev, dev, and dev

A full dev week from Budapest. Rewriting Hackyx with Next.js for server-side features, learning a new framework, and briefly exploring a new European city.

Praha, Working outside and filters

Working from Prague after Berlin, admiring the architecture. Sharing strategies for staying efficient as a remote worker and filtering bug bounty targets to focus on what matters.

Amsterdam, Hackyx, and XSS

First time in Amsterdam, officially launching hackyx.io, the cybersecurity search engine, and starting to hunt XSS vulnerabilities. Next stop: Berlin.

My first official LHE with YesWeHack !

Two back-to-back YesWeHack live hacking events in two weeks. From the InCyber Forum LHE to HackMeI'mFamous, a full recap of competing and learning at official events.

Bug Bounty seen as a video game

What if bug bounty is just a video game? Cassim draws parallels between hunting vulnerabilities and gaming, from leveling up skills to grinding through targets.

My goals in 2024

Looking back at 2023 with 20k in bounties and 3 months full-time, then setting ambitious goals for 2024. Bug bounty targets, a marathon, and building a sustainable career.

Negotiate your bugs to win more

CVSS is not perfect and the same vulnerability can be worth different amounts. How to properly evaluate your findings and negotiate bug bounty reports to get what they deserve.