Who is Hx01? A full-time hacker with 8 years of experience and a brilliant set of python scripts.
What sparked your interest in hacking?
I believe my interest in hacking came from the curiosity to break things and figuring out what the mechanics are behind them.
Stay curious, folks.
How long have you been hunting?
I have been into hacking for about 8 years, however started taking bug bounties seriously in mid-2019, I believe.
Do you hack part-time or full-time?
I have been hacking full-time for over two years. It varies, but usually 15-25/hrs each week.
Why do you hunt with Bugcrowd?
Bugcrowd’s triage team has been great to work with so far, as you usually get triages within a few minutes to a few hours of sending a submission. Furthermore, there’s the make-it-right fund to insure your bounties are paid correctly in case a program owner doesn’t respond. The teams, the caring support, and the researcher success team.
Making us blush over here.
What has been your biggest challenge while hacking? How did you overcome it?
Last year, a number of my private researches were used by program owners for their own benefits. Bugcrowd was quick to identify the issue and block the leak, even though it didn’t happen on on their platform. I have learned to report only to trusted programs and share the exploit codes and information on a need-to-know basis.
We got your back, Hx01! ✊
What are your favorite tools or resources?
Nothing fancy, I mostly use chrome dev tools, burp, a few chrome extensions, and python scripts I created. 🙂
See 👀 Your tools don’t have to be crazy. Find some of your favorites and gain a solid understanding of how to utilize them.
What’s an important lesson that you wish you learned early on in your hacking career?
It’s important to set work-life balance, otherwise it may affect your mental health in the long run.
We agree. Try not to sacrifice your mental health for hacking. ☝️
How do you avoid burnout while hacking?
I usually take breaks when I feel like I might burn out and don’t go back to hacking until my gut feeling says so.
100%. Always trust your gut.
Where do you see your hacking journey going from here?
I have no idea. Honestly, I’m going with the flow and investing time on technologies that I find interesting.
Sounds like it’s been working for you so far. Keep up the outstanding work!
Do you have any advice for new hackers or people transitioning into bug bounty?
Invest time on coming up with your own methodology instead of chasing for bug bounty one-liners, as the results are usually duplicates and disappointments. The income from bug bounties lacks stability, so in case you have people who depend on you, I’d suggest not going full-time or leaving your job until you have enough savings that can last up to the first 6-8 months. There’s lots of unknown vulnerabilities and attack vectors to be found, which no one has ever thought of. ‘The world is your oyster’.
Invest time in yourself, trust yourself. 🧡
Thank you, Hx01, for sharing your bug bounty journey with us. The world is truly your oyster, so go after it and #OuthackThemAll.
Want to stay caught up with all things Bugcrowd? Follow us on Twitter and Instagram and don’t forget to join us on Discord! Are you ready to join the hunt? Sign up for a researcher account today and start hacking!