Tell us a bit about yourself: what does your life look like now?

In 2025, I decided its time for a job change, so my main focus now is establishing myself in my new position. I’m still trying to find the right balance between my work, bug bounty hunting, and personal life. I hope to get there one time.

How many hours do you spend on bug hunting every week?

At the moment, I spend too little time on it. As I mentioned earlier, I’m trying to find the right balance between work, learning, and bug bounty hunting. However, if I come across a program where I see an opportunity to learn new techniques, I make every effort to dedicate as much time as possible. Currently, my goal is around 5–6 hours per week.

First steps in bug hunting

How did you get into bug bounty hunting?

I’ve known since high school that “bug bounty” programs exist, but I wasn’t actively involved with them back then. Even so, I was fascinated by the idea that companies were willing to pay hackers for relevant findings.

I first got into bug bounty hunting when I was still an intern at my previous job. A colleague of mine told me about the interesting programs he was working on. He spent a lot of time on them, learned a lot, and encouraged me to give it a try, saying "I could learn a lot from it too". At the time, I was still focused on university and I was not very good at managing my time. Then one day he told me about his first significant finding, which really impressed me. Honestly, seeing his success and having him as a positive, inspiring example motivated me to try bug bounty hunting and see how far I could go.

Hacker insight

Choose a vulnerability type that genuinely interests you and dive deep into it. There are plenty of free resources available today, you can learn useful techniques quickly. But after making yourself comfortable with the basics, make an effort to apply what you’ve learned. Bug bounty programs are a great place to practice and turn that knowledge into findings.

Do you have any tips for our audience on what you do when you approach a new target?

When I approach a new target, I start by trying to understanding the system’s purpose and the logic behind it — why it exists and how it's meant to work. I look for logic flaws in the implementation and ask whether the developers considered absurd or malicious user behaviour. After that I dive into the technologies it’s built with to identify their limitations and the common or not-so-common attack vectors they expose.

About the testing methodology

Do you follow a pre-defined methodology or do you prefer to change your methods regularly?

My core methodology is built around the OWASP Top 10, and I continuously try to do as many tests around them as possible using different techniques. That said, there’s usually a particular vulnerability I find interesting at that given time, and I actively look for that. Often during a bug‑bounty program I discover new types of attacks, so I’ll dive deeper into that area and try to exploit it.

Do you have any favorite tool or favorite wordlist to test with?

I use a lot of tools and I'm especially impressed by the ones from the ProjectDiscovery team. I think the team’s work is truly impressive and widely respected in the bug bounty community. I keep an eye on their work and think about where each tool fits into my methodology. For web apps I usually use katana, cewl and ffuf, with everything proxied through Burp Suite ofcourse. I don't have a single favourite wordlist, I swap lists depending on what stage of recon I'm at. There are a few I use frequently, but I constantly adapt and refine them as I progress.

Favorite bug classes

Do you have any favorite vulnerabilities to focus on during testing?

Not really. I try to stay up to date with new and interesting findings and techniques. Learn them and then actively go after them. Honestly, my favourite vulnerability is usually whichever one I’m working with the most. Lately I’ve been diving into vulnerabilities affecting LLMs. I find it fascinating how many different techniques can be used to exploit them.

Certifications and Achievements

Do you have any security certificates? How important do you think certifications are nowadays?

I earned my OSCP in 2021, which I consider a very valuable certification — I learned a lot from it. After that, I also completed a few others, like the CREST Practitioner Security Analyst and the CREST Registered Penetration Tester, though those have since expired and I don’t plan to renew them. In my opinion, certifications are very important nowadays. In this job market, having well-known and respected certifications is one of the fastest ways to demonstrate that you truly know what you’re doing. Currently, my goal is to complete the OffSec Web Expert (OSWE) course, and I also plan to pursue the Certified Red Team Operator (CRTO) and the Burp Suite Certified Practitioner (BSCP) certifications.

What would you consider your most impressive achievement? What bounty are you most proud of?

From my recent work, I’m most proud of an AI-related finding that turned out to be a duplicate. In that case, I was finally able to fully apply my own methodology: I learned about a specific vulnerability, studied it in depth, then recognised and exploited it in a real target. I was a bit late this time — but next time!

Future of bug bounty

Can bug bounty hunting be a full-time job?

There are a few exceptional hunters for whom doing bug bounty full-time feels completely natural — they’re at a level where they can spot vulnerabilities almost anywhere. For me, that’s inspiration and a long-term goal.

What is the role of automation in security testing?

For me, automation has always been an interesting topic, though I’ve been working with it less and less recently. I think basic reconnaissance and repetitive tasks can definitely be automated, but turning automation into reliable findings is getting increasingly difficult.

What are your expectations of bug bounty platforms?

Fundamentally, I expect bug bounty platforms to operate fairly and transparently. I value a simple, fast submission of reports and also fast reviews. Triagers who are friendly, their knowledge is up-to-date, and a diverse set of programs that allow hackers to test useful, real-world attack scenarios rather than being overly restrictive.

What is your impression of HACKRATE?

I joined HACKRATE in 2022 and in every aspect, I consider it one of the best. It’s constantly improving, the programs are diverse, and the triagers handle their work quickly and they are very professional. It’s been my go-to bug-bounty platform since I joined, and my first choice whenever I get the chance to hunt.