Bug Bounty hunting need not be a full-time pursuit to make a big impact or earn a decent income.
Amel Bouziane-Leblond, aka ‘Icare’, is proof positive of this claim. The French ethical hacker has reached 11th on YesWeHack’s all-time leaderboard (at the time of writing) despite working in the daytime as a pentester for Thales Group.
In this writeup and video, Amel explains how he discovered YesWeHack and Bug Bounty, revisits a pair of particularly impressive LibreOffice exploits, and offers some bug bounty hunting tips for beginners.
ICARE ON ENCOUNTERING BUG BOUNTY FOR THE FIRST TIME…
At the time, I was working for a small IT services company. They were testing a web application, which I tested myself and found some fairly critical vulnerabilities.
Since the application wasn’t managed by the company in question, I contacted the publisher, who thanked me for my work and then offered to let me test the product through a Bug Bounty platform.
I didn’t know what it was, but it was YesWeHack. So I signed up to the platform and that’s where it all started.
ON WHAT HAS IMPRESSED HIM MOST ABOUT YESWEHACK…
I would say the team. They are really nice – like a family! The programs are very interesting.
The platform is really user-friendly: it’s super easy to make a report, you don’t get lost in the tabs, it’s really simple and effective!
ON THE THREE WORDS THAT BEST DESCRIBE HIS APTITUDE FOR HACKING…
Curious, persistent and creative.
ON THE VULNERABILITY HE IS MOST PROUD OF UNEARTHING…
I’m quite proud of that one, because it was one of the first that enabled me to develop my skills on the platform and start sharing with the community. It was in collaboration with BitK [hacker and YesWeHack tech ambassador].
It was an application where you rendered a document and we did an RCE on it, which was great. There was a CVE on LibreOffice that we took advantage of. We went all the way: performed an exploit and got a reverse shell on the machine. And that wasn’t bad, because it got us a nice €10,000 reward.
ON HIS MOST CRITICAL VULNERABILITY…
This is the most recent one, which I found not long ago. It’s a CVE I found on LibreOffice that lets you execute code without any warning: in other words, you open a document – a CV for example – and open it on your machine with LibreOffice, then I can execute the command I want.
ON CHOOSING HIS TARGETS…
I check out the invitation, see if I like the application, and if I do, I work on it. I just follow my gut feeling.
ON THE MOST COMMON MISTAKE MADE BY NEWBIE BUG HUNTERS…
They’re afraid of the programs. For example, if it’s a public program they think: “Everyone’s been there, I’m not going to find anything” – when in fact you can always find something. You have to carry on.
HIS ADVICE FOR ASPIRING AND INEXPERIENCED ETHICAL HACKERS…
You have to be curious, be persistent, gather information, learn, and understand what the application does and how to bypass it.
Interested in emulating Icare? Learn more about hunting through YesWeHack, sharpen your hacking skills on Dojo, or learn about the latest hacking tools and techniques on our blog.