Hunters Stories
├■▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀■[ YESWEHACK PROPHILE ON HISXO ]■▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄■┤ 

30 of April, 2020.
╔══════════════════════════════════ WHOIS ═══════════════════════════════╗
║              Handle: HISXO                                             ║
║                 AKA: Adrien                                            ║
║    Age of your body: 27                                                ║
║         Produced in: France                                            ║
║                Urlz:               ║
║          Creator of: GitGraber                                         ║
║         Superpowers: I use python2                                     ║
║  Life in a sentence: The less you sleep, the more you pwn              ║

║ There's always a vuln! ${{7*7}}                                        ║

║ The perfect combo: Burp Suite, FFUF and a good wordlist of course!     ║
║ Good creativity is also important, to make sure you don't do the same  ║
║ thing as the other Hunters.                                            ║

▀▄█▓▒░ Hello, what background can you safely disclose?: 
    │  ─────────────────────────────────────────────────────────────────────────
    └─ After engineering study, I started to work in a french company and 
       now I'm a pentester & security auditor.

▀▄█▓▒░ How did you come to Bug Bounty ? 
    │  ─────────────────────────────────────────────────────────────────────────
    └─  I started to learn hacking on CTF platforms & CTF events, it's fun 
        but the fact that this is not "real" makes the things less exciting 
        in my opinion.
        The concept of Bug Bounty is nice: you pwn for real, it's legal and 
        you can be rewarded for your work (if it's not a dup lol).

▀▄█▓▒░  What is your feeling on how the Hacker Community is evolving ?
    │  ─────────────────────────────────────────────────────────────────────────
    └─  Overall I would say that things are evolving positively, more and 
        more people agree to share their knowledge and I thank them.
        When I started Bug Bounty, I wish there was more writeups, 
        discussion spaces (like Slack) and more Hunters who agreed to help me.
        Now that I have a little more experience, I try to help new Hunters 
        to progress and evolve as far as possible!

▀▄█▓▒░  Did you develop a love/hate relation to code ? 
    │  ─────────────────────────────────────────────────────────────────────────
    └─  Sometimes, I code because I have no choice, because I know that to 
        exploit a specific vulnerability, I have to do it, but this is not 
        a priority for me.
        I like to code but if a tool or script exist for what I want to do, 
        I don't want to spend time to code my own tool (I mean it for simple 

▀▄█▓▒░ You are active on YesWeHack and have practiced others BB platforms, 
    |  What are the Pro & Cons on those platforms? / What are your 
    │  expectations ? 
    │  ─────────────────────────────────────────────────────────────────────────
    └─  Like others Hunters, I think we check all theses informations before 
        we hunt on a program:
        - Rewards grids (who don't check?)
        - Scope
        - Reponse time, Triaging and Patching reactivity (really important 
          to avoid frustration for all Hunters)
        - The company (it's more "fun" and motivating when you know the company)
        Regardless of the BB platform, respect in interactions always must be 
	present, both from Companies and Hunters.
        I love to collaborate when it's possible, because it's more motivating 
        than to hunt alone (in the dark, with a hoodie and green lines on 
        the screen).
        A "good platform" (in my opinion) need to: have clear rules, be 
        equitable with Hunters and propose a clear interface to write reports 
        nicely and easily.
        If a company wants to run a successful Bug Bounty program, they need 
        to understand that it's important to respect the Hunters work, not 
	running a program just to be able to brag :     
        "we have a bug bounty program, we are secure". 
        If you run a program but don't actively patch, that doesn't make sense :
        Hunters will waste their time on duplicates.

▀▄█▓▒░  What advice can you give to someone who wants to start in 
    │   bug bounty?
    │  ─────────────────────────────────────────────────────────────────────────
    └─  If I have learned something in recent years and have well observed, 
        I can give those advices:
        - Focus on a scope, don't go from one program to another every weeks. 
          It is important to have a "background" program where you come back 
          regularly and have spent so many hours on, that you know every 
          subdomains, every pages, every forms & params.

        - Keep going! The main quality of a hunter isn't to have 1000 tools 
          & scripts, it's actually having persistance and not giving up. 
          "There is always a vuln!"

        - Don't be arrogant and respect the product teams. The developers are 
          like you, like me, they make mistakes. Stay humble.

        - "Sharing is caring", don't be the guy who's never willing to share 
          anything because he has "a secret method to find vulnerabilities".

▀▄█▓▒░  Is there a life AFK ?
    │  ─────────────────────────────────────────────────────────────────────────
    └─  What? You mean real life? Yeah, luckily! It is important to disconnect 
        and take the time to enjoy your family, your friends and drink a beer 
        (in moderation).
        Motorcycle riding (when the weather is fine only) and traveling when 
        If you don't want to go on burnout ( this is a very serious subject, 
        especially in the BB community) it's important to take breaks and do 
        something else to clear your mind a bit.
        Duplicates, less rewards than expected, new invitations, new scopes, 
        new Hunters... all of this is puts an additional "pressure" that you 
        have to manage, take a step back before the burnout.

▀▄█▓▒░  What is the future ?
    │  ─────────────────────────────────────────────────────────────────────────
    └─  More and more Bug Bounty programs with new vulnerabilities.  
        In 5 years, vulnerabilities likes XSS will be less present but 
        Business Logic Error vulnerabilities occurences will increase, because 
        they can't be found with a tool!
        I also think (and this will maybe have a negative impact) that Hunters 
        will increasingly automate hunting, we are at stake of losing the unique
        human instinct that programs needs when they launch.

--------[ EOF