Being a full-time hunter can be a risky gamble, but with hard work and dedication can be extremely rewarding! Ahsan Khan (hunter0x7) took on bug hunting full time almost 5 years ago. Since then, he’s honed his skills and found some incredible vulnerabilities. We applaud his persistence and tenacity to make the internet a safer place.
We asked him to share some of the things he’s learned throughout his Bug Bounty Journey. Check it out!
How did you get into Cybersecurity? How long have you been hunting?
One of my friends hacked my computer which lead my interest towards the hacking field. At first, It was really difficult for me to learn about hacking because I did not have any idea about it. I started by learning a few programming languages, watching tutorials on youtube and reading articles. I am really thankful to those who helped me back then. Learning and hunting for hours and weeks helped me a lot to understand the logic of the issues. Then I started hunting programs which only gave hall of thanks and swags. I chose those programs because they were easy to hunt. After getting some swags for a year, I started hunting on bounty programs. It has been 5 years since I’m doing bug hunting.
Why did you choose you Bugcrowd handle? Does it have any specific meaning?
Its nothing special, It’s my name.
How have bug bounties impacted your life?
Doing bug bounties changed my life because there was a time when I did not have much money to pay for my school fee, I did not even have enough money to buy a hat. My mom told me that the time will change, you just need to work hard. You do not need any motivation from anyone to become something, you should be your own motivation. Then I started hunting for hours and hours, I slept really less like 2 to 4 hours every day. One day my mom came to me and said that your dinner is ready on the table. I was so busy in my work and I completely forgot about eating. My mom woke up in the morning and asked why I haven’t eaten the dinner. I was that much busy in the work that I totally forgot to eat. I spent most of my time doing bug bounties. There were times when I worked straight for 24 to 30 hours. If you want to do something big then you should focus only on your goal.
The Problem is CAN; Don’t think about CAN, believe in WILL. Mindset is everything to become successful so don’t think about CAN (I can do it), believe in WILL (I will do it).
How much time do you spend hunting bugs?
I hunt 12 to 18 hours per day.
Do you have any favorite tools or resources to learn? Why?
PortSwigger Labs and PentesterLab are the places that I love to visit more oftenly. Both of them are good places to learn new and advanced techniques.
Do you have any simple tips that you use when you are hunting?
I keep hunting until I find a bug. Sometimes It takes weeks but it is always worth it. The best way to be successful in a program is to hunt it for a long time.
Do you have any advice for new hackers or people transitioning into bug bounty?
If you are entering into bug bounty field, start with the simplest bugs. Learn the basics and then try to understand its logic. You can find everything from Google and Youtube. I would recommend Web Hacking 101 by Peter Yaworski which is beginner-friendly.
When you aren’t hunting bugs, what do you do for hobbies/fun?
I like to go to the Gym.
Why do you hunt with Bugcrowd?
Bugcrowd’s staff is very friendly and helpful. Whenever I face an issue they try to resolve it as soon as possible and that’s the most amazing part of it. Moreover, the incentives we get quarterly really motivates me to hunt regularly on Bugcrowd.
Follow Ahsan on Twitter @hunter0x7 to keep up with his bug hunting stories!
Stay tuned for more Researcher Spotlights. Want to join Ahsan and be part of the Crowd? Join our Discord and sign up for a Researcher Account!