1year anniversary of BugBountyHunter & our second Hackevent

Sorry for the silence from me lately with regards to any new writeups or anything interesting! The new dad life has been something interesting to adapt to, but I am loving every second of being a dad to my beautiful son. I am slowly finding a routine with work and getting back to things, so expect some writeups and more content coming out soon! I actually have a few writeups due to come out soon such as an old finding on Apple that was found with BugBountyHunter members. Also started poking at some “Web 3.0” stuff and in some cases on some web apps i’ve actually seen I can just use someone elses publicKey in the GraphQL request and they’re like.. “Cool that’s you”. It’s almost like just because you “connected” via metamask and they read your address, they’re now happy to trust, that’s you. I guess a lot of it is still down to how these web apps handle things but more on it as I dive deeper!

However, with that said, in case you missed it I recently posted some new videos to my YouTube such as Staying sane in bug bounties which you can find below.

One year since launch of BugBountyHunter

It’s been a year now since I relaunched BugBountyNotes.com as BugBountyHunter.com and it’s been a very interesting year to say the least! And wow, time flies! There is still lots in the pipeline and it feels like the journey is only just beginning! The thing I am most proud of is the progress made by members , especially from some of the long term members and those reaching Level 5 (100+ unique vulnerabilities found). I’m starting to regularly receive messages from them of their success and I am over the moon to see something go from an idea to a working product with proven results. Sometimes I doubt myself so it’s a wake up call that I need to believe in myself more ;-)

With that said, with BugBountyHunter being open a year, I have invited Level 5 members to 21 Days of Haxmas. We are going to hack together as a team on a chosen bug bounty program for 21 days and try to find as much as possible. We aim to write up our approaches and interesting findings (if allowed, and if we discover any :D) to help others learn the approach to discovering issues on bug bounty programs. With each user having a unique mindset I am really looking forward to seeing what we can find! These members have put in some serious work to learn the ins and outs of BARKER and discovering over 100 unique vulnerabilities. They started with no knowledge on how BARKER worked or what features were available! Massive respect.

Our top 2 members panya and HolyBugx actually recently won our latest Hackevent, with this being HolyBugx’s SECOND win!

Hackevent v2

We recently hosted our latest Hackevent, FirstBlood v2, which was v1 “patched” and some new features, such as the vaccine management system, along with a new bug type, Deserialization/RCE (as based on feedback). By the end of the week (19th Nov 2021) it will available for the public to browse the leaderboard and view our members epic reports. We paid out another batch of real bounties for their findings and the feedback received was overall great, despite some mistakes/errors we made! I will make sure going forward our events are up to standard! :-)

Congratulations to the winners, HolyBugx, iamvictorteh and panya with 19 unique vulnerabilities each. Great work overall from all attendees with some really good teamwork taking place and help provided amongst each other. Really great to see!

Right now signup is closed on BugBountyHunter (again, I know). But honestly I want to be able to manage the team of hackers i’m building and go for quality rather than quantity, especially given the long term goal/plan with releasing our own vulnerability disclosure platform. With personally triaging and talking on Discord I have got to know so many friendly, talented, professional people and i’ve seen really good progress in lots of our members. I’ve really made friends for life.

We’ve got lots in development which I will share more information on in the near future and we will look to get things re-opened as soon as possible!

Until then, stay safe, take care and don’t forget to hug those you love daily ❤ :)

go find them bugs!

UK WebApp Security Researcher. Creator of BugBountyHunter— designed to help people learn and get involved with hacking. zseano.com & bugbountyhunter.com