Request a Demo Contact Us
Visit Us At Gartner Security & Risk Management Summit From June 5-7 At Booth #1059
Register Now

Recognition Primed Bug Bounty Hunting


Humans are wired to consume, process, and act on large amounts of information. Every day – often without knowing – we take cues and signals from our environment, recall our past experiences, mix it all together, and make decisions.

As bug bounty hunters we are often faced with many decisions, such as “where do I look next?”, “where do I start”, “how can I maximize impact”, “how can I escalate this finding”, and “how do I understand what this means”.

A well-tuned decision making process is essential to maximizing impact and ensuring success while hunting bugs.

This talk draws on my experience in various emergency service roles – where the outcome of decisions are critical and thinking several steps ahead is required, mixes it with walkthroughs of the decision-making process I have followed when finding high-paying bugs, adds in a bit of psychology*, and details focus areas that will assist bug bounty hunters in being able to make better decisions.

Attendees will not only get walkthroughs of hard-hitting bugs, but also learn the basics of a decision making model that will hopefully lead them to bigger scopes and larger rewards.

Rhys Elsmore(@rhyselsmore) is a deputized internet mall cop who has a passion for breaking computers in weird and wonderful ways. By day he helps secure a large blue cloud, and by night he hunts bugs in other people’s clouds.

Outside of the internet he likes to overdo it at CrossFit (People who do CrossFit are legally required to tell you that they do CrossFit), gets his butt kicked at Brazilian Jiu-Jitsu, cooks new and exciting food, looks after two Australian Shepherds, and serves his community as a Retained Firefighter with Fire + Rescue NSW.

More resources


Crowdsourced Security and DevOps: A Few Things You Probably Didn’t Know

Watch Now

How to Hack with InsiderPhD: Cross-Site Scripting

Learn More

Penetration Testing as a Service (PTaaS) Done Right

Read More

Get Started with Bugcrowd

Every minute that goes by, your unknown vulnerabilities leave you more exposed to cyber attacks.