Portrait of a bug hunter : Ylujion



YesWeHack is glad to introduce you to its best hunters performing on YesWeHack.com

This week, it’s @Ylujion‘s turn, Check his portrait below ! It is not Christmas yet but @bountyfactoryio already gave me a nice present!

Twitter Pic — Ylujion (@Ylujion) 20 décembre 2016

How old are you  ?

I’m 32

Where does your nickname come from ?

The reason why i’ve chosen Ylujion as nickname is really simple : i wanted to invent a genuine nickname that does not exist on the Internet to see how it will propagate through search engines as i started posting on twitter and co. Generally speaking, i am told that my nickname is shitty 🙂 and i do agree somehow ! … Apart from that, the correct way of pronouncing “Ylujion” is like the way you pronounce the English word “illusion”. This kind of phonetic trick amuses me 🙂

How long have you been hunting ?

I have been hunting for more than one year.

How did you discover bug bounty hunting ?

Thanks to a friend who told me to test different bug bounty platforms.

When do you spend most of your time hunting bugs ?

Mainly during the night and the week-end, sometimes at lunch break when i am at work.

As a Bug Bounty hunter, What are you driven by ?

What i do appreciate in Bug Bounty is the diversity of scopes and technologies. It enables you to test up-to-date technologies by the prism of information security. Above all, there is a sort of freedom of action, you can go hunting whenever you want, from wherever you are, without being under pressure. Last but not least, you can earn money if you get good results.

I often do recommend beginners interested by pentesting to dive into bug bounty platforms as a training discipline. It enables you to increase your skills in information security with real targets but within a full legal framework !

Can you tell us one funny story about Bug Bounty Hunting ? (epic win and/or fail)

I had spent more than 20 hours on exploiting one vulnerability in the scope of a rather famous startup’s program. Thanks to this vulnerability, i gained access to almost the entire information system so i decided to submit a report. Meanwhile, i was excited in terms of reward : usually this kind of vulnerability can be rewarded between 1,000$ & 10,000$ !

Eventually, i won a  t-shirt ^^

Driven by excitement and performance, i forgot the program clearly mentioned there was no reward but only gifts 🙂 too bad !

What’s the best reward for one vulnerability you got thanks to YesWeHack Bug Bounty Platform ?

5 000 € (Ed.Ylujion’s total rewards for December reached 15 000 €)

To you, What are the benefits of  Bug Bounty compared to pentesting?

For a company, a bug bounty program enables you to test without time restriction moreover your system will be tested by various and numerous hunters. The company can also define the different level of reward and thus know the required budget to have a successful bug bounty program. Beyond that, it does not replace a traditional and classical pentest.

What’s your favorite language ?


What’s your favorite OS  ?

Arch Linux but i guess there is no relation between this OS and bug hunting

Beyond bugbounty, what are your hobbies ?

I am really good at drinking, eating and sleeping of course 🙂