Post by Hx007
At the age of 15, I received my first computer, giving me the ability to connect to the internet for the first time. My friends had access to the internet long before I did and were already familiar with how to navigate web searching, setting up social media accounts, chatting with friends, and so much more. For me, everything was brand new, and I distinctly remember feeling like I was stepping inside a big, dark cave without any light. I didn’t know how to use this new technology in front of me, but I was eager to learn.
Soon, I found out that everyone but me had a Facebook account! I didn’t even know how to make one. So I said to my friends, “Can you please make a Facebook account for me, write down the email and password on a piece of paper, and bring it tomorrow so I can log in?!” As a successful hacker today, I can’t believe I once asked that. 🙂
They simply laughed and said, “You don’t know how to make a Facebook account?”
Honestly, this was one of the key moments that changed my life. I was just a kid, but I had learned about hacking through the news airing on TV and IT magazines. A core memory of mine is the 2011 PlayStation Network hack.
At this moment, I thought to myself, “Anyone can make a Facebook account, but not just anyone can hack social media accounts.” I knew then that I wanted to be a hacker and that not only would I learn to make a Facebook account, I would learn how to hack Facebook accounts.”
I started out by learning everything I could on networks and WiFi hacking. After just 7 months and many hilarious mistakes, I was able to hack any WiFi network using BackTrack and a TL-WN722N. My friends were shocked! I went from needing help setting up a Facebook account to hacking various networks. Once I accomplished this, I knew I had a special skill and could go far in the field. This helped me realize that being a hacker means you are uniquely talented and different in a way that should be celebrated!
I carried that feeling with me and began to learn new areas like hacking web app games (because there was a game on Facebook where I always lost—and I don’t like to lose). Shortly after, I started using some helpful proxy tools, which ultimately allowed me to hack the game and achieve sweet victory. This was when hacking became my passion and my life. I could finally claim to be a hacker! This got me thinking—what else can I do? Can I hack banks? Nah, just kidding—no hacking for bad.
Anyway, I stopped hacking when I was around 17 or 18 and focused on school because in Jordan, if your cousin has higher marks than you, you’re in big trouble. In my country, the last year of primary school is a very important year when students take very intense exams that determine what universities they attend and what they can major in.
During my last year of primary school, we had a class called Visual Basics. The teacher gave us problems in code. Solving these problems was easy enough, and all the students in my class solved these problems the same way—the obvious way. Wanting to stand out, I decided to solve these problems using a more complex method.
My teacher was impressed! And he told me something I will never forget: “You are different! When you grow up, you will do something big—you will be something.”
Those words have stayed with me, even 10 years later.
After primary school, I started university with the aim of becoming a medical laboratory technician. Why not cybersecurity? Because my cousin is a doctor.
Just kidding!
I love the medical field. As a young child, I had suffered a disease that changed my life. From there, I decided to study medicine to help other people.
But in my last year of university, I learned about bug bounties. I thought, Hack for good and earn money at the same time? OMG, I like the sound of this.
To set myself up for success in this field, I immediately started studying programming languages, web bugs (e.g., SQLi, IDOR, RCE, authorization bypass, and XSS), and reconnaissance techniques. Then I solved labs for each bug to gain hands-on experience.
Hacking in theory is very different from actually exploiting and submitting real bugs. Real-world hacking presents different payloads, databases, and WAFs, and of course, it entails a lot of effective communication with a customer—something you need to practice at. Once I felt ready, I jumped into bug bounty. The first bounty I earned was from an authorization bypass bug on a Bugcrowd program, and it paid out $1,500. Although my career has progressed significantly since then, I can confidently say that nothing feels as good as that first bounty.
During that same time, I met OrwaGodfather, and we started to learn together. To this day, we still always work together, and he is my best friend now!
I love P1 bugs because I believe they are more valuable to clients. They can more significantly impact businesses via financial, reputational, and breach or ransom risks. It helps that the rewards are typically higher, and the rush of finding something so impactful makes you feel unstoppable. You may notice that once you find your first P1, you will start finding many more P1s. Your mind begins to program itself to hunt for high-impact bugs or to string bugs together for higher impact and greater rewards. You’ll begin to tell yourself, “I can find P1s. It’s not that hard.” The joy that comes from exploiting P1s is different from exploiting any other type of bug. Also, program owners notice hackers who submit multiple P1s. They start to recognize your name, appreciate your work, and eventually start offering you higher rewards and bonuses.
I have a deal with myself: whatever program I start to work on, I don’t leave that program until I find a P1 or P2. Trust me—every program has a P1 hidden somewhere, and it’s waiting for you to find it. I have worked on many programs that were open for years and had been tested extensively by many hackers, but I still found great P1s. Even when a new program starts or a new scope is added, I don’t rush my process. Every hunter will find their own bugs. Try not to be discouraged, and don’t lose patience if you haven’t found something. Take a break from the program, hunt on VDPs, recharge, and come back to the program with new eyes and a clear head. This works for me every time!
Believe me—you’re unstoppable!
My top-priority bugs are authorization bypass, account takeover (ATO), remote code execution (RCE), and SQL injection (SQLi).
I’m endlessly curious about what could be inside any admin panel. When I see an admin panel, I start to ask myself these questions:
I forget about the bounty—what motivates me is curiosity!
Sometimes, I spend weeks testing certain admin panels to find an authorization bypass. I read the JS, I fuzz, and I try all the functions—all the API calls—until I find a lead that gives me access to that panel. Even if I can’t bypass the panel in that moment, I will come back to it one or two months later and test it again. I think to myself, Maybe I missed something. Maybe they added a new function that will help me. Maybe they uploaded a backup file.
By relying on persistence, I am able to bypass almost 85% of admin panels. My curiosity is only abated once I have found the answers to all my questions.
Right now, there are a few admin panels that I’ve been testing for about a year. I test them every two or three months to see if anything new has been added or if I missed something. I am so skilled at authorization bypass because I practice a lot, I’m patient, and I refuse to accept that I can’t access a panel. If you adopt a similar mentality, trust me—over time, you can bypass almost any panel.
I won’t waste your time or bore you with the tips that everyone already knows. What I’m going to share are strategies that I practice every day and that will improve your testing methodology.
Program preference differs from person to person. Some people love a wide scope, and others love a small scope. Some love PHP or IIS, and others love APIs. First, narrow in on what program brief components matter to you. Second, choose a program that fits that criteria. Bugcrowd offers many unique programs—everyone’s bound to find something that fits their style!
There are many benefits to narrowing in on a program:
A) Understanding the development team. Over time, you’ll understand how the development team works.
Understanding this will help you know where to look for bugs, and you’ll end up finding a lot of bugs in a shorter amount of time—it will feel like you’re working with their development team!
B) Pattern recognition
C) Interconnected systems
Using this practice, I was able to make over $750K on just a single program.
**Pro pro tip: When I feel down and can’t find any bugs on my chosen program, I start working on a VDP for a few days. This lifts my spirits because I will find a lot of P1s, recharge my bug hunting battery, and rebuild my trust in my abilities. Then I go back to the original program with my newfound confidence and find a lot of bugs. This process has yet to fail me!
Instead of submitting many reports, I will stack bugs or string multiple bugs together and submit a single, high-quality report. For example, when I find multiple SQLi on one subdomain, I send them as one report. Another example is when you achieve an authorization bypass that leads to LFI, SQLi, or RCE—submit one report, not multiple.
Here’s a fun success story to drive my point home: I found an authorization bypass that led to RCE, SQLi, and an information disclosure bug that affected 600K user accounts (usernames and passwords). I submitted this all in one report. By combining these bugs, I earned $100,000 as a bounty.
Submitting a single, high-quality report benefits both me and the customer. Receiving several reports is hard on the customer in terms of time needed to fix all the bugs. By submitting one report, I save them time by cutting down on the need for communication and effort to understand impact. Additionally, this decreases the amount of time their vulnerable asset is exposed to threat actors.
A good report leads to more rewards! When you find a P1, make sure to explain the following:
Program owners appreciate this. You’ll receive a great bounty and save everyone time.
I’m a manual guy. I use Burp and my hands. Hunting manually will always result in more unique P1s—and unique P1s pay more. Auto scanners and tools rarely give you P1s because no tool can find authorization bypass like a hunter using their hands. Another valuable result is far fewer duplicates.
A great way to quickly and effectively upskill is to dive into PortSwigger Academy and Bugcrowd University resources.
I often hear, “I’ve been hunting for five or six months but haven’t found any bugs.” I always respond with the following: “Have you solved the PortSwigger Academy labs—all of them? Have you gone through all the content on Bugcrowd University?” I believe these two resources are what really improve your skills.
Most importantly, ignore those who doubt you. How many people have told you that it’s hard or that you won’t be able to earn a living as a hacker? Show them that you can do it!
The short answer to why I hunt with Bugcrowd? The orange logo. I’m not kidding! When I started hunting, that logo drew my attention because I saw it as a friendly one.
I also hunt with Bugcrowd because of the amazing team. The triagers are so friendly. I often receive compliments from the team like “As always, Hackerx007—nice finding” or “I liked this finding. Keep going.” Trust me, sometimes these words of affirmation are more important than the rewards.
And lastly, the community spirit is like no other. Bugcrowd provides amazing support and prioritizes a community-oriented team. They care about the hacker community and truly respect hackers. I’m not here just for the rewards; I’m here to make connections and contributions. When I talk with someone from Bugcrowd support or the Bugcrowd community, I know I am talking to a friend, not an employee.
While we’re on the topic, I want to give special thanks to TAL, Timmy, Mason, and all the amazing triagers at Bugcrowd. I also want to thank Casey, Dave Gerry, and Tatiana Uklist. I can’t forget to shout out Emma for the swag and Jordyn for the memes.