‘My best attribute is persistence – technical skills you can learn’: drak3hft7’s Bug Bounty story so far

December 11, 2024

YesWeHack Bug bounty hunter interview: Drak3hft7 aka Simone Paganessi, who says “soft skills are as important as technical skills”

Soft skills and the right mindset are even more important to success in Bug Bounty than technical skills because the latter are easier to learn, according to one of Italy’s most prolific hunters.

Having first registered on YesWeHack in 2021, ‘Drak3hft7’ – aka Simone Paganessi – has climbed to 8th position on YesWeHack’s leaderboard for 2024 and 14th on the all-time rankings. He has notched 656 reports at the time of writing. All this was achieved while working for an Italian company as a pentester.

In the Q&A and video below, Drak3hft7 also discusses his journey to being a hacker, his best bug find so far and his favourite hacking tools.

Drak3hft7 on the challenging road to becoming a hacker…

I had a long journey. I studied [many] hours [on] software development and networks[s]. After this, I studied [for the] OSCP certification.

I started Bug Bounty three years ago. The road for a hacker is very difficult, because today it’s one technical system; tomorrow it’s a new technical system, new firmware and other updates.

On what he likes most about YesWeHack…

I prefer YesWeHack because it’s a very fantastic structure and very fast triage. I hacked [many] companies, big companies [through] YesWeHack – it’s always exciting.

On his best bug discovery so far…

My favourite critical find is an IDOR. I was able to change the parameter in the cookie and read and edit all user data in the web application: thousands of data [points]. I reported on YesWeHack. After two or three days, it was accepted.

On the personal attributes that most fuel his bug-hunting success…

My best skill for me is persistence – not technical skills but soft skills. Because, if you are a hacker, you are persistent. Very persistent, curious, passionate. The technical skills you can study, you can try [to learn].

On his favourite hacking tools…

I prefer the proxy to analyse the request and the response, to find vulnerabilities in parameters, cookies. And [I often use] Ghauri. Ghauri is the best tool for SQL injection. And the best for me is the Wayback Machine, for getting all the requests.And the best for me is the Wayback Machine [to hunt for bugs via archived URLs].

On his hobbies beyond hacking…

In Italy, I love the gym – very important for physical and mental health, and stability! I love to read books and watch films at the cinema.

On whether his family and friends understand what hacking is…

My family is a big help for my hacking, because it’s very important for my stability.

My friends don’t know about my hacking skills. My family don’t understand my work in the hacking system and Bug Bounty. Always questions: “What is Bug Bounty?” – it’s a difficult answer for this question.

On his favourite hacking-related art or entertainment…

My favourite TV series is Mr. Robot. [Elliot] Alderson is a very fantastic hacker and the hacker culture in the TV series is the best.

Interested in emulating Drak3hft7? Learn more about hunting through YesWeHack, sharpen your hacking skills on Dojo, or learn about the latest hacking tools and techniques on our blog.