It starts with this tweet
Since money is one of the best way to keep hunters motivated, going after a difficult monetary goal would be a fun way to push ourself to limit.
So I decided to set myself a short term target, to get 30k bounty money within 30 days. Here is the summary of my 30 days. (This is not a technical sharing post)
I have to confess that the goal is to earn 30k from 1 Oct to 31 Oct in the tweet, but due to some changes in Yahoo payment policy, I have no choice but to shift the date from Sep 29 to Oct 29, I promise it is still 30 days in total.
I know I am cheating in some way, but hey that’s what hunters do, we cheat a lot to squeeze the bugs, you know what I mean 😉
HackerOne $28,900
LINE $1,500
BugCrowd
In the end, I got 1,500 + 600 + 28,900 = $31,000 ,which is $1000 more than the challenge, I am happy with the results. I strongly suggest hunters go hunt after LINE, although they pay slowly (2 months), they have really good team with amazing response time and reward. I found 2 authentication problems in them and got 11k in total. It is a target that definitely deserve more attention.
Finally, here to announce my next challenge. Again, 30k in Oct 29 to Nov 29, I will try not to shift the date this time.
PS: Drafting Uber Account Takeover findings, if you want first hand update, here is my twitter @ngalongc