We’re back! BugBountyNotes relaunched as BugBountyHunter.com

Sean (zseano)
7 min readNov 4, 2020

--

Hi there!

What a year it’s been right?! Let’s not mention the C word… it’s lockdown in 2hours here in the UK. Yay. Although, I do hope you are all well & safe! We will get through this ❤ Carrying on.. I announced at the start of the year that I would be releasing my methodology online and finally, as we approach the end of year, it’s out!

Let me explain what’s been going on and what’s in store for the future!

Figuring it all out

I started designing the new BugBountyNotes platform last year after putting together a small plan however I was diverted from this plan after deciding to experiment with training companies. (A mistake on my behalf I later regretted). I also started to doubt myself and felt like I wanted to ‘branch out’. I thought to myself that it’s all great teaching newcomers how to hack and get involved in bug bounties, but if companies on the receiving end aren’t “up to par” with reports/security overall, am I just setting them up for a bad experience? So I set about training companies how to hack themselves and reached out to various companies, and even had my proposal accepted.

I was starting to create material for companies etc when I began to run into some issues. Some companies are setup weird, lots of teams, mis-communication. “This is going to require a lot of work and thought on how to execute this properly.. i want this to be executed correctly in companies for it to be effective!” I thought to myself. I am just a one man band (currently) and if i’m honest I felt completely out of my depth. I apologised to the company and retracted my offer and went into darkness. (Perhaps one day I will revisit this)

Overall, I want to help create a more secure internet and make the process for bug bounty hunters and companies smoother. I want to help both sides as the end game.

At this time I had become slightly disgruntled with bug bounties as I had recently had a bad experience with a program (we won’t get into it lol) so I took a break from it. I felt a bit lost really. I felt a “block” to want to continue building stuff, so I took to gaming. I gamed more than I should of because I just wanted to avoid coding for some reason, and everyday I knew I was letting people down waiting for content, so it kept eating at me. I finally “snapped” out of my bad state and began working non-stop on BugBountyNotes (yes it’s still named this at this point!). For those wondering how did I snap out? Honestly, I spent more time with nature. I kept going on bike rides and realising how lucky we are to be here and to stop wasting my time feeling sorry for myself and get back in the game. I kept imaging what I wanted to create and I pushed myself to get back to the game. Getting outside more works I guess :D

We’re making progress

It’s July /Augst by now, the COVID situation is still on-going, Bitcoin has recovered, and I still have a sh*t ton of work to do. Oh boy. I once tweeted that sometimes I struggle to sleep at night because i’m so full of energy all the time, and someone replied saying to not fight it and instead utilise this super power, so I did just that.

Stage One

Firstly I decided to ditch the BugBountyNotes name, the more I read it, the less it made sense for what I had planned. I decided to create the ZSEANO brand I began designing a platform to allow users to buy tickets to be trained by me with a 2 day session (if you remember the announcement). Work was progressing well (at this time Barker had begun development and was progressing nicely) but again the more I thought about the idea, the more I thought.. hmm. Nah. I want people to be able to hack all the time, 2am, 6pm, I want them to be able to learn and hack.

Let’s pause.

Damnit Sean, can you not just make your mind up?!”. Hah, yeah. I remember being 15 and teachers telling me “you need to think before you speak!” and I guess the same applies for taking action too right?

Stage Two

The idea of hacking on ‘BARKER’ was to stick. The idea of recreating bugs i’ve personally found on a fully functioning website was great in my eyes, so I went back to my bugbountynotes platform (which had been like 60% done at the time) and began carry on coding up the idea with some changes. I moved over the content, made changes, created new challenges, created FastFoodHackings and implemented a membership system. Work progressed (as quickly as possible) across everything and soon everything began to take shape and finally, we landed where we are today. I acquired the domain BugBountyHunter.com recently and the change was official.

I still have the ticketing platform designed and working and perhaps I can do something with it in the future, we’ll see!

That’s not all

Today is Day one of the release of the new BugBountyNotes platform as BugBountyHunter.com with my methodology included. There’s lot to come:

Firstly, I haven’t given up on wanting to help companies. I have some stuff in the pipeline :)

More challenges & guides

There will be more free challenges added over time including new bug types as well as new guides including a special piece written from @iBruteForce on writing notes!

More invites!

In case you missed it, we recently gave away multiple invites to join BugBountyHunter for free (with zseano’s methodology included!) with flags found on FastFoodHackings. We will be adding more vulnerabilities/flags to FastFoodHackings soon to be sure to keep an eye out for that!

More Videos and writeups

I’m due to talk with Pratik Dabhi (@impratikdabhi) in the near future about bug bounties and I also have lots of new video content prepared. As you know i’m not one to record a video, edit it and upload (i’m not that pro.. nor do I have the time lol). I love being live and interacting with you all and answering questions live! Doubts on what’s on the video? I can answer it there and then! I’ll announce on my twitter when I plan on streaming in the near future (let me find my bearings after launching BBhunter! :D)

I also have some interesting writeups I plan on releasing soon. Basically the TLDR is I have a ton of content coming :D

For Members

We have lots in the pipeline for members of BugBountyHunter such as your own bugbountyhunter.com/profile to proudly show off your findings without fear of punishment from programs/platforms for disclosing. We’ve also sent some information regarding BARKER and what’s to come on the Discord #news-and-updates channel so if you aren’t already in there, check your welcome email and join us! Honestly, there isn’t much more to write here as we’ll keep you updated on proper communication channels (email , discord).

Interested? Why not check us out: https://www.bugbountyhunter.com/

We currently have a LAUNCH promo which gives you the following:

The ZSEANO methodology package will give you lifetime access to my methodology/flow as a PDF (accessible via your account). After 3 months if you wish to continue hacking on BARKER then it will cost less than the JUST TESTING package. The JUST TESTING package is for those who don’t wish to learn a methodology/flow and simply want to put their hacking skills to the test. Of course be sure to check out our free challenges and FastFoodHackings located at https://www.bugbountyhunter.com/playground if you want to get a feel for things!

(For now you can only obtain membership via the desktop site. I am currently working on adding mobile support to purchase & then view my methodology as well manage your submissions. Ideally I want members to access the site on the desktop as they’ll be hacking/submitting bugs, but it’s 2020 and mobile is popular right? :D)

Thank you everyone

I’m sorry things took so long, but.. we’re live! Thank you EVEROYNE from day one who has supported me and helped me on my journey! I hope you enjoy BugBountyHunter.com and what it has to offer. Let’s hack the planet!

I want to give a special shout to my older brother Karl for all of the help & guidance he has provided. He is the creator of BARKER and the system around it (with bugs i’ve told him to create :D). ❤

-zseano

--

--

Sean (zseano)

UK WebApp Security Researcher. Creator of BugBountyHunter— designed to help people learn and get involved with hacking. zseano.com & bugbountyhunter.com