├■▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄■[ YESWEHACK PROPHILE ON EBODA ]■▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄■┤
Wed, 11 Dec 2019 12:04:26 +0100 (CET)
╔══════════════════════════════════ WHOIS ═══════════════════════════════╗
║              Handle: eboda                                             ║
║       Handle origin: first name + last name (i'm very creative :>)     ║
║                       or maybe: 'adobe'[::-1], who knows...            ║
║    Age of your body: 29                                                ║
║         Produced in: Germany                                           ║
║                Urlz: / @eboda_                     ║
║           Computers: Just got the new Thinkpad X1 extreme              ║
║                      (I am part of the cult worshipping                ║
║                       the Thinkpad nipple)                             ║
║         Superpowers: I can fly                                         ║
║  Life in a sentence: Eat Sleep Pwn Repeat (höhö)                       ║

║ Any man who must say "I am king" is no true king at all                ║

║ Mostly just Burp                                                       ║
║  I do not do any automated testing or crazy recon, so I don't use many ║
║ other specific tools.                                                  ║

▀▄█▓▒░ Hello, what's your background?:
│  ───────────────────────────────────────────────────────────────────
└─  Hi! Professionally I was working as a pentester in Switzerland
    before starting to do bug hunting and research full-time.
    Less professionally, I used to play a lot of CTFs with my team Eat
    Sleep Pwn Repeat.

▀▄█▓▒░ How did you come to Bug Bounty ?
│  ───────────────────────────────────────────────────────────────────
└─  I did a bit of bug bounty hunting on and off a few years back.
    This year I quit my pentesting job and decided to pursue bug hunting
    as a full-time career. Now that it's up to me to choose targets to
    work on, I can spend all my time doing cool research on targets
    I personally am interested in or that use some cool tech :)

▀▄█▓▒░ You have practiced others BB platforms, what are the Pro & Cons,
│  with your experience on those platforms? / What are your
│  expectations?
│  ───────────────────────────────────────────────────────────────────
└─  I am active on multiple platforms because it allows me to reach
    more targets. When it comes to choosing a program to work on I am
    quite nit-picky, so the more choice the better!

    Some things I'm looking for in a program:
    - Great payout (obviously, who are we kidding...)
    - Well defined scope. I don't like recon at all, so I prefer
    to be given a small list of applications to pwn
    - Does it have source code available? HUGE plus
    - Responsive and fair team. Can't really know that before your
    first reports

    My expectations to programs are pretty straight-forward. I took the
    time and effort to test your application and (hopefully) report a
    bug, in return I expect fair treatment according to the rules you
    have published :)

    Fool me once shame on you, fool me twice shame on me. If you try
    to pull some tricks I will just move on to another target.

    As to BB platforms themselves, it is very important for me that the
    communication is efficient. It's just so much more pleasant to report
    bugs when you have professional triagers who understand what you
    are talking about and can intervene if you face problems with

▀▄█▓▒░  Appart from Bug Bounty you seem to collaborate on a lot of hacker
|   events, what is your feeling on how the community is evolving?
│  ───────────────────────────────────────────────────────────────────
└─  Recently, together with some friends we have created a company
    called Bugscale to participate in bug bounties and do security
    research in general. It allows us to collaborate on our work
    efficiently, since we all chill in the same office.

    In Switzerland the BB community is still in its infancy, as there is
    not many BB programs and you can probably count the hunters living
    from it on one hand. As far as we know, we are the first company
    in Switzerland to actually make a living off of Bug Bounties.

    This year has seen enormous change for us though. Not only did
    YesWeHack create a subsidiary in Switzerland, but additionally BB
    programs are becoming more mainstream with conferences dedicating
    their theme to BB (see Swiss Cyber Storm for example)
    and Swiss companies actively trying to launch their BB programs.

    The future is definitely bright for us and especially in Switzerland
    the community will evolve immensely in the upcoming years!

▀▄█▓▒░  What was your first computer?
│  ───────────────────────────────────────────────────────────────────
└─  My first computer was mostly used to play CS1.6 and Warcraft 3 :D
    Didn't do much hacking back then...

▀▄█▓▒░  Do you remember your first successful exploitation?
│  ───────────────────────────────────────────────────────────────────
└─  Not really to be honest... I guess it wasn't worth remembering :D
    When I was younger I was very much into something I would describe
    SQL injection "competitions". Basically, someone would post a
    website with a SQLi vuln and a WAF and the challenge was to dump
    all table names with a single query for example. You would end up
    with these huge SQL queries that bypass the WAF, concat results
    into variables and then dump those. It was kind of the thing that
    got me interested in security in the first place (that and CTFs).

▀▄█▓▒░  What keeps you going / What turns you down?
│  ───────────────────────────────────────────────────────────────────
└─  The thrill of finding a cool vuln and writing an exploit for it.

    Doing things I don't enjoy turns me down (who would have thought :D).
    In the BB context this might include things like recon or writing
    reports :>>

▀▄█▓▒░  Is there a life AFK?
│  ───────────────────────────────────────────────────────────────────
└─  No of course not! jk... I have relocated to beautiful Switzerland
    some time ago, so there is no shortage of AFK life outside in
    the mountains.
    Depending on the season, I like to hike, ski or fly with my
    paraglider :)
    Also I'm into CS:GO, but that's technically not AFK I guess :D

▀▄█▓▒░  What is the future?
│  ───────────────────────────────────────────────────────────────────
└─  In Europe and Switzerland specifically I think we will see a sharp
    increase in companies adopting bug bounty programs. With YesWeHack
    being in Switzerland itself now, it will make it easier for
    companies to overcome initial hesitation or uncertainty regarding
    bug bounties.

    In any case, there will always be bugs, so in one way or another
    we will be able to keep busy ;)

--------[ EOF


├■▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀■[ YESWEHACK PROPHILE ON ZSEANO ]■▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄■┤ 

╔══════════════════════════════════ WHOIS ═══════════════════════════════╗
║              Handle: zseano                                            ║
║                 AKA: Sean                                              ║
║       Handle origin: My name is Sean, my friends use to call me 'Seano'║
║                       back in high school. Z meets Seano? ;D           ║
║    Age of your body: 27                                                ║
║         Produced in: United Kingdom                                    ║
║                Urlz:                           ║
║         Superpowers: I can turn anyone into a hacker,                  ║
║                       just give me your time :)                        ║

║ You only fail if you give up. Those who never give up will reach their ║
║ destination eventually, and even if they don't, the experience & wisdom║
║ picked up along the journey will be worth it.                          ║
║ Always believe in yourself. You've got this.                           ║

║ Burp Suite and my brain! I absolutely love hacking manually, it's sort ║
║ of like a puzzle to me without knowing the pieces.                     ║
║ It's almost like you create them yourself :)                           ║

▀▄█▓▒░ How did you come to Bug Bounty ? 
    │  ───────────────────────────────────────────────────────────────────
    └─ I learnt about bug bounties after a friend told me that a new 
        "internet hype" was happening and suddenly companies were happy to
        pay for things such as XSS vulnerabilities. 
        Interested, I went away & did some research on what "bug bounties" 
        were. I decided to reach out to some old companies I had done work 
        for in the past and asked if they were interested. They were keen 
        to see what I could find and I quickly received my first $500 payout
        for XSS. This lead me to find HackerOne & Bugcrowd and the rest is 
        history really. 

▀▄█▓▒░ You have a profile on many BB platforms, what are the Pro & Cons, 
    │  with your experience on those platforms? / What are your 
    │  expectations? 
    │  ───────────────────────────────────────────────────────────────────
    └─ My expectations are simple. Respect. After all, companies are relying 
        on *us* to do the work and find vulnerabilities in their assets. 
        Right now there are too many companies taking advantage of researchers
        & not respecting their work (especially new comers), and certain 
        platforms are even happy to turn a blind eye to this. 
        Companies do not realise that if you make the hacker happy, they 
        will keep looking at your assets. *Upset the hacker (from either 
        delayed responses or crap payouts) and we simply move on.*

▀▄█▓▒░  Do you remember your first exploitation? 
    │  ───────────────────────────────────────────────────────────────────
    └─ For bugbounties it was an XSS vulnerability. But before bug bounties 
        even existed I accidentally typed "" (double slash) 
        and it printed out a lot of chmod errors along with the file path. 
        Entire source code leak by accident. :D 
        I believe I was 14/15 at the time and I successfully managed to 
        responsibly report it. 
        No reward though, and now I look back, I didn't even care. 
        I was just hyped at learning more on why using // caused that to happen. 
        For all new comers reading this, this is why you must learn to hack 
        because it is something you ENJOY, not because you want to make lots of 
        money. You will seriously pick up hacking a lot quicker and realise it 
        isn't as tough as it seems. It's fun! Money is just a bonus, don't get 
        blinded by it.

▀▄█▓▒░  What keeps you going / What turns you down?
    │  ───────────────────────────────────────────────────────────────────
    └─  Just the aspect around what bug bounties are. The fact I can sit 
        at home (or anywhere in the world!) and responsibly hack into some 
        of the biggest companies in the world without going to jail. I use 
        a lot of the sites I hack on so it's a nice feeling knowing I am 
        actually working to save my own data.

        I am turned down with companies claiming they take security seriously 
        but when you unload a lot of bugs they take ages to go through them
        all, or they simply just go quiet for months and then re-appear like 
        "Hey, here's your reward!". Yeah, just 3months late and my trust in 
        you ruined. 
        I wish companies communicated more with hackers. 

▀▄█▓▒░  What will you learn next?
    │  ───────────────────────────────────────────────────────────────────
    └─  I want to explore training companies how to best make use of working 
        with hackers and how to use our knowledge to help you in the long run. 
        I feel like too many companies are opening programs and working it out
        as they go along. Watch this space... :)

▀▄█▓▒░  What is the future?
    │  ───────────────────────────────────────────────────────────────────
    └─  An internet secured by ethical hackers. I think over time companies 
        will start having their own internal team of hackers working along 
        side the security team. In my opinion it's a great time for a hacker
        to find a job right now!

-----------------------------------[ EOF ]-----------------------------------

gitGraber :
A tool to monitor GitHub in real-time to find sensitive data

As technology moves forward, so are the threats to the tools we use every day. GitHub is one such tool, enabling software developers to collaborate within and across organisations. One way of keeping tabs of GitHub is gitGraber which detects sensitive data available on the platform.

+ Read More


├■▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀■[ YESWEHACK PROPHILE ON ]■▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄■┤ 
Tue 24/09/2019 
╔══════════════════════════════════ WHOIS ═══════════════════════════════╗
║              Handle: Ak1t4 Z3n                                         ║
║                 AKA: Ak1t4                                             ║
║       Handle origin: Akita Inu ( Best Japanese Dog )                   ║
║    Age of your body: 39 years old                                      ║ 
║     Height & weight: 170cm & 60kg                                      ║
║         Produced in: at some funny Multiverse :)                       ║
║                Urlz: https://                    ║
║                                 ║
║           Computers: MacBook Pro 13" 2,5 GHz Intel Core i5 -16 GB DDR3 ║
║         Superpowers: Energy Healer                                     ║
║               Books: The power of Now (Eckhart Tolle) / Zen mind,      ║
║                      beginner's mind (Shunryu Suzuki)                  ║
║                Food: Argentinian BBQ!                                  ║
║  Life in a sentence: Life is not a problem to solve,                   ║
║                      it's a mystery to live                            ║
║                                                                        ║

║  What does not kill you, makes you stronger                            ║
║                                                                        ║
║ "There are two ways to see life: one is to believe that there are no   ║ 
║  miracles, the other is to believe that everything is a miracle.       ║

▀▄█▓▒░ What's your background?: 
    │  ───────────────────────────────────────────────────────────────────
    └─      Networking Engineer 

▀▄█▓▒░ How did you come to Bug Bounty?: 
    │  ───────────────────────────────────────────────────────────────────
    └─      Thanks to a tweet from the Great Peter Yaworski about WH101
       I read the book & my mind just blow :) 

▀▄█▓▒░ You have a profile on many BB platforms, what are the Pro & Cons, 
    │  with your experience on those platforms? / What are your 
    │  expectations? 
    │  ───────────────────────────────────────────────────────────────────
    └─      Being at more than +1 platform gives you some experience on BB. 
        * As Pros *: we can expect faster Programs! 
        (+avg. payout time, +triaging time, +good security team feedback, 
        +private program invites, etc). 

        A Researcher Success Program (Platform) is really important, sadly 
        even  the best BB platforms sometimes fails on this point.. 

        I think that the most important thing is managing to keep the hunters 
        on the platform & get them motivated with nice bonuses, challenges, 
        swags, etc.. Anything that push/help them to personally grow/learn 
        on a friendly space/ecosystem :) 
        For us its really important to feel that we are a part of something 
        bigger, to feel that our work has a value & that it matters. 

        My expectations? 
        BB Platforms need to understand that customers success is 
        just a consequence of having great researchers working on their place, 
        understand the real needs of the hunters & realize that they 
        are the core engine of BB. 
        For me the most important thing is keep our BB Community stronger, 
        the beauty of all this can be explained with this quote: 
        « If you walk alone, you will go faster; 
          If you walk with others,
          you will go further »

▀▄█▓▒░  You look like having a philosophy on hacking, can you tell us more 
    │    on the hacker spirit? 
    │  ───────────────────────────────────────────────────────────────────
    └─      Wow! 
        This is deep question.. 
        True Hacking its an Art: We are like child's you know? 
        A child playing with a new toy.. we feel curiosity, the urgent 
        needs to realize/ figure out how something works & how can we change 
        his behavior.. the way that's working.. when this happens, when its 
        done, we are very happy :) 
        Open your computer & Just play, then see what happens :) 

▀▄█▓▒░  How do you see the future? 
    │  ───────────────────────────────────────────────────────────────────
    └─      It's quite difficult to project the world of BB, due to the 
        fact that is constantly changing. We are living on times where 
        security is the priority. 
        Who controls the information, controls the world 
        (socially, economically, political & culturally). 

        So crowdsourcing security will be at the top of this, 
        hackers will make the difference. 

        We are moving towards a virtual society where the mind will be more 
        closer to the illusion than the plain reality ( it's already happening ) 
        That's why it's really important to keep our security work focused 
        on what truly matters to get a better picture of the game board. 
        From our place as bug bounty hunters, we can hit the world in 
        incredible ways & generate positive impact to society. 

        BB platforms will be the main engine to lead this new hacking 
        revolution to keep internet safer. Together we are changing the 
        world, and this new world is just arising, 
        created by us: the Hackers. 

--------[ EOF 

Lucas aka BitK: high level bug hunter and the brand new YesWeHack Tech Ambassador.

Tell us about yourself, your background ?

I’m Lucas also know as BitK, I am 28 y/o. I’m a French guy who lives in Lyon. If you play CTF we have probably already met during an on site event as I play a lot of them with the French team Hexpresso.

Before joining YesWeHack I was writing / reversing software for power plants.

I’m also a bug hunter, I’ve been in the top 10 hackers on YesWeHack Bug Bounty platform since the launch of the platform.

Why did you join YesWeHack and what is your role ?

It’s a team that I’ve known for quite some time through CTF, Bug hunting and HZVCommunity & Events ( LeHack ).

We share the same principles and I do like the idea of bringing tools to the community.

My role as Tech Ambassador within YesWeHack will be to support the hackers’ community, by providing tools, talks and workshop. I’ll attend the YesWeHack sponsored events, having great time with bug hunters and IT security researchers.

As a bug hunter and CTF player what are you driven by ?

To me, bug hunting is a lot like a puzzle game, I feel like every software, application is vulnerable to some kind of exploitation, you just need to find how.

Writing software is a difficult job, and developers are still human beings, so they make mistakes : our job is to find those mistakes and help developers to fix them before it gets worse.

One thing I love about the hacker community is the willingness to share information, tips or tools. There is always someone better than you in a specific field and most of the time those people will share their knowledge if you ask nicely.

What are the benefits of CTF (Capture The Flag) for those who want to start bug hunting ?

CTF is a bit different from bug bounties, the major difference is that in CTF you know that a vulnerability is there, you goal is “just” to exploit it.

So usually CTF tasks are quite small, you need to exploit a very specific bug. While in bug bounties, you are hacking real enterprise, their website can be huge and sometime you can find yourself lost in the scope. Bug Bounty has a whole reckon phase that CTF don’t have, it’s a new skill to learn.

CTF and Bug Bounties are different, but most of the time I use tricks and tips I’ve learn during CTF to exploit real life application in Bug Bounty.

+ Read More

[ITW] Daniel Kalinowski: “Participating in bug bounties improves your skills and increase the overall knowledge.”

Let’s meet with Kalin, Bug Hunter from Poland.

What’s your background ?

I’m 25 yo ,I didn’t study, it’s kind of a waste of time in Poland. Well, depends if hacking the school PCs in junior high school counts? xD
I have started my carrier in IT industry as a Data Center Operator, then I got promoted to Junior Dev. They had to do it because I have pwned their application once, and after promotion with the access to source code I was able to find few more critical bugs. Also with the help of Shellshock I was able to download/view the files of the CTO that were stored on one NAS.

3 years ago I have joined a awesome security company, and in my current position I’m responsible for : Mobile apps testing / Web apps testing / Code reviews / General technical advisory on the customer side.

My nickname Kalin comes from my surname KALINowski. I can be also found on the Internet by @llamaonsecurity/@llamasbytes handle.

Why are you interested in bug bounty ?

It started bug bounties as a time-killer in my first job, then I forgot about it and came back to it when I started the carrier in IT security. Participating in bug bounties improves your skills and increase the overall knowledge. Once I had to dig into the PNG file format structure to execute the XSS payload on web servers. It was quite an unique experience. Financially speaking, 1 euro is equal to 4.15 PLN (my local currency) so participating in bug bounties can be profitable.

+ Read More

SaXX, number one of YesWeHack’s all time ranking.

This month, we publish an interview with one of the best researchers of our  Bug Bounty Platform called SaXX who is only 27 years old.

In the all time ranking, SaXX culminates in the first place and he intends to defend his ranking well. Like Rafael Nadal, SaXX never gives up and works hard to exercise his passion with his true mischievous side!

1. Where did you get your nickname?

Well, that’s a question a lot of people ask.
I only tell the genesis of this nickname in certain circles.

2. What’s your background?

I have a career path that some would describe as classic. I had a BAC S (maths specialization) then a BTS IG at that period of time. After the BTS, I didn’t really know what to do so I let myself be tempted by an Information Systems Management school in Lorient – France. + Read More

Portrait of a bug hunter : Ylujion

YesWeHack is glad to introduce you to its best hunters performing on

This week, it’s @Ylujion‘s turn, Check his portrait below !

+ Read More

Goals and means of a bug bounty hunter.

These days, Bug bounty Hunters are trending within the IT security ecosystem, but very few articles deal with the DNA of a Bug Bounty Hunter.

At, we consider Bug Hunters have to respect and fit legal frameworks and norms.

AS a bug hunter please find below the goals you should be driven by :

+ Read More

Being core-hunter of YesWeHack Private Team

My nickname is Onemore and I am a core-hunter of the private Team.

I’ve been hunting for bug bounties since 2012.

As a core-hunter for, my job is to spot talents and ask them to join us.

Even if our recruitment is subject to a co-optation process, i do have some criteria that help me spotting and rating new applicants.

In order to level-up the degree of trust, we need to apply some criteria for recruiting of our core hunters.

Those criteria are based on skill, level, openness, ethics, without omitting the ability to produce clear and relevant reports.

+ Read More