Finally. After too many years I reached a milestone, 4-figure bounty. Next stop 5-figures.

So far this year I have found myself the recipient of some small-time bounties. It always feels good to get a bounty, but I wanted more. Not necessarily because I want the money, more as validation that I can find a critical vulnerability. Enter my latest program.

I found an issue in this program, submitted it, but got N/A’d. I understood the reasoning for the N/A and let it go. But for a couple weeks I could never let go of the feeling there was… something… more… there. I spent a few more days (weeks maybe) banging my head against the wall and eventually my stubbornness broke through. The ‘wall’ fell. Woo man, that rush of finding the bug is something else. The time from discovery to submission is a fun-filled time of building a POC and recording a video. I always enjoy building out the POC, it scratches the “need to program” itch in my brain. That honestly might be my favorite part of bounty hunting. Being able to create a simple POC that pops and screams “HEERE’S YOUR VULN” is so fulfilling.

It was a fun bug and I’m proud of my dedication to persevere. Best part, I found another crit days later… we’ll see….