My first private program invite at Hackerone.
Wed Aug 07, 2019 · 4 min read

This will be a blog post about my experience hunting bug bounties at Hackerone. This is my first time signing up for a bug bounty platform. I will say this, I’m not a expert. I might get some things wrong, but this is my story and my experience.

What is Hackerone?

Most people reading this might not know what Hackerone is.

“HackerOne is a vulnerability coordination and bug bounty platform that connects businesses with penetration testers and cybersecurity researchers.” - Wikipedia

The goal for the security researcher is to :

The company might then award the security researcher with a bug bounty. A thank you for finding the bug and making the web a safer place and protecting the companies assets from malicious actors.

How I got interested in Bug Bounties

Meet STÖK, a guy I stumbled upon at twitter.

I started following STÖK. A couple weeks went by. I then found out that he had a youtube channel which I found very interesting. I watched one video. I then watcher another…. And another…

I watch every single video he had in one go. I was so hooked on finding my first bug bounty!

What did I do after this. I went to bed!!

The next day I woke up, tired. I googled for “Bug bounty”. I found two websites that seemed like the real deal.

More youtube… Yes!!! I found Hackerone’s youtube channel. They had a lot of interviews with hackers and their experience hunting bug bounties at Hackerone. This was also very motivating and I felt like I could do this. If they can, why can’t I?

Bugcrowd also had a youtube channel with some real nice burp suite tutorials that came in handy!

Do you even burp? Yes and no. I’ve used burp before, I have but I’m a great fan of OWASP ZAP. A very similar tool to burp suite, and it’s open source.

After taking in all this material, it seemed like nobody used ZAP… I decided, it’s now or never. It’s time to uninstall ZAP and install burp suite.

1 week later

I’m a CTF player for IndianTuesday. I love CTF’s. Guess what. Hackerone has a CTF.

I was bored and tired of studying for my exam. I signed up. Said, whatever I’ll just complete the first easy challenge.

CTF > School

I found some flags and then I quit and went on with my day.

My first day hunting bug bounties at Hackerone

I woke up, today is the day. Today is the day I will find my first bug bounty. I was energized, had a lot of tricks up my sleeve.

I decided that Hackerone was the platform I was going to use. I went to pick a program.

What is a public program?

What is a private program?

Back to the story.. I picked a random public program. Spent two hours just clicking around the website, trying some random stuff. I found nothing. I was frustrated and I quit.

My first private invite at Hackerone

A week went by. I almost forgot about Hackerone. One day I was bored, I continued playing the Hackerone CTF. I managed to get 30 points. What did this mean?

You’ve earned 1 invitations. 4 / 26 points to your next private invitation.

Private invite. Huh…. Cool.

A few days later I got an email stating that I’ve got an invite to a private program on Hackerone. I had one week to accept the offer.

1 day went by. 2 days went by… 5 days went by. On the final day I opened the invite again. I read the scope. I decided, whatever. I’ll give it another go, the worst that could happen is that I find zero bugs. I accepted the invite.

Next blog post

My next blog post will be about how I found my first bug.

back · #root · A taste of security · Break it, fix it. · I'm Hugo