Full-Time Bug Bounty Hunter & Researcher

A few months ago, I made a huge decision that changed everything: I became a full-time bug bounty hunter. Three months later, I can’t help but feel this may have been one of the best decisions I’ve ever made in my career. I feel compelled to share my thoughts and mindset here for two reasons: first, to keep this blog active, and second, to help and motivate others. The hardest part of writing this post is finding the right balance between what I feel safe sharing and what I believe will be valuable to my readers (see the Venn diagram below)....

Introduction I was all set for a super productive day at my favorite coffee spot, buzzing with anticipation. My game plan was simple: Pomodoro sessions, knocking out tasks like a machine, and chasing that sweet dopamine hit of accomplishment. You know the vibe. Then, I made a classic mistake. I opened Discord and spotted Johan’s announcement: his new Intigriti challenge was launching in an hour. Now, if you’re familiar with Johan, you know he has a knack for finding incredible bugs....

I’ve always wanted to hack on one of those targets that top hackers were going after—not just because they pay well, but because they usually have fair triaging and amazing scopes. But how? Finding bugs on private targets is already challenging enough—now imagine a target that has the best eyes on it 24/7, constantly searching for new gadgets and vulnerabilities. The target had already been through multiple LHEs (Live Hacking Events), which made it even more intimidated....

A few months ago, I returned to the bug bounty world and stumbled upon a gadget that caught my attention: Client-Side Path Traversals (CSPT). I might have been out of the loop because, despite its age (2007), I wasn’t familiar with it. In fact, I rarely focused on client-side bugs in the past, but shifting my attention to them has recently brought me some great bounties. After a conversation with Keith, he encouraged me to start sharing what I’ve been working on....