Tell us a bit about yourself: what does your life look like now?

In my free time, I like to drink coffee, go cycling, experiment with photography, and travel around the world. Recently I've been getting into researching some software, hoping that I could find some CVEs or mass exploitable vulnerabilities. With limited success so far, but great experiences nonetheless.

Currently, I spend around ten hours per week on bug hunting, balancing it with my life, socializing and other interests.

First steps in bug hunting

How did you get into bug bounty hunting?

My first connection with IT security was related to a Hungarian Minecraft client. Like many 14-year-olds, I often played with my friends, however I frequently lost the virtual PvP fights. I wanted to explore how I could gain some unofficial advantage in the game, and to my surprise, I found some custom exploits for both the Java client and the server. Of course, within a few weeks I was banned for good, but at least I got a sense of the hacking world.

After this Minecraft incident, I started looking for other ways to break software. That's when I discovered Jason Haddix's web pentesting videos. I loved the idea of helping companies secure their systems while getting rewarded for it.

Hacker insight

I think IT security is really interesting – it's a mindset that should be spread. Security thinking isn't just about finding vulnerabilities; it's about understanding how systems work and where they might fail. This curiosity-driven approach helps you see potential issues that others might miss.

Do you have any tips for our audience on what you do when you approach a new target?

My methodology is fairly straightforward but effective:

1. Launch the web application and start exploring all the functionality
2. Examine the frontend code for interesting clues or exposed information
3. Check Burp Suite's Site Map to discover interesting endpoints
4. Look for anything that catches my eye – unusual parameters, hidden features, or suspicious behaviors
5. Write small scripts whenever it could help me test theories or scale my testing

However it's important for me to stay curious and not get stuck in a rigid checklist mentality.

About the testing methodology

Do you follow a pre-defined methodology or do you prefer to change your methods regularly?

Recently I've started collecting all of my tricks into a personal knowledge base, and I'm using those ideas sometimes. I think we can call this a methodology, however the actual testing depends heavily on the target application. Each application has its unique characteristics that require adaptive approaches.

Do you have any favorite tool or favorite wordlist to test with?

Tools:

• ProjectDiscovery's suite, especially Nuclei
• Of course Burp Suite

Wordlists:

• Everything from SecLists
• Assetnote wordlists (https://wordlists.assetnote.io/)

Favorite bug classes

Do you have any favorite vulnerabilities to focus on during testing?

I love business logic issues or vulnerabilities that require deep understanding of the target software. Discovering such vulnerabilities is quite time-consuming, but the satisfaction of finding them makes it worthwhile.

Access control vulnerabilities are another favorite of mine – there's something satisfying about finding ways users can access data or functionality they shouldn't have. These often require understanding the application's permission model and finding creative ways to bypass it.

Certifications and Achievements

Do you have any security certificates? How important do you think certifications are nowadays?

I haven't attempted any certification exams yet, but I believe they are important for professional improvement and career development. I'm considering pursuing CEH (Certified Ethical Hacker) as my first certification to formalize my knowledge and demonstrate my skills.

What would you consider your most impressive achievement? What bounty are you most proud of?

My personal favorite find was in a banking app's bug bounty program. The scope included every IT asset the company had – I love such comprehensive programs because there are always creative ways to expand the attack surface.

After digging into what the company had, I stumbled upon a Shopify plugin designed to make customer life easier by connecting webshop users to support agents. After exploring what this plugin did, I discovered that it's settings page actually had an SSRF vulnerability.

For some reason, developers were routing most requests through their own server and forgot to block local IP addresses. The impact was significant, it resulted in me accessing numerous local servers, including admin panels and confidential files.

Future of bug bounty

Can bug bounty hunting be a full-time job?

I can't imagine myself doing bug bounty hunting full-time – it's not a stable source of income, and customers aren't always on your side. They often have slow response times, dispute valid reports, and communication can be frustratingly limited. These challenges make it difficult to rely on bug bounty as a primary income source.

What is the role of automation in security testing?

I often experiment with automation, mostly using ProjectDiscovery's open-source tools combined with private scripts I've developed. Automation helps with initial reconnaissance and vulnerability scanning, but manual testing is still crucial for finding complex logic flaws.

What are your expectations of bug bounty platforms?

The platforms should prioritize improved, transparent communication between hackers and clients. Platform built hacker tools can also be incredibly valuable – things like email relay services for testing and built-in SSRF testing services that make it easier to demonstrate and validate findings.

What is your impression of HACKRATE?

The Hackrate team is really helpful, and the platform is clear and easily understandable. What I appreciate most is their excellent communication and how they serve as a good compromise between hackers and clients. They offer special, interesting targets that you don't always find on other platforms, and they appreciate the feedback from the community. Their policies are clear and transparent, which eliminates a lot of the confusion you sometimes encounter elsewhere.