‘Hacking is essentially about curiosity’: Blaklis on the art and science of Bug Bounty hunting

December 19, 2024

A YesWeHack hunter interview with Bug Bounty hacker Blaklis, pictured, who talks about being “a bit of a Cro-Magnon in the way I hack”

Ranked 22nd on YesWeHack's all-time leaderboard, Blaklis proves you can excel with the bare minimum of tools (he generally uses only one).

The French security researcher and CTF player with the Flat Network Society, who has found more than 200 vulnerabilities since registering on YesWeHack in 2016, sat down with YesWeHack at leHACK this year to discuss his Bug Bounty career to date.

Among other things, he talks about how he got into hacking via video games, his fondness for PHP targets and why bug hunting is comparable to being a scientist.

Blaklis on how he became an ethical hacker…

I've been doing Bug Bounty for about seven years now. I've been hacking for much longer: I started when I was about 13/14 (to cheat on video games – it's not very glorious I know, but you have to start somewhere).

So I started Bug Bounty with my internet service provider in Switzerland, 6/7 years ago, which had decided to do a Bug Bounty almost overnight. And then eventually, I really fell into the pot of magic potion that is Bug Bounty, and then I continued to do it on different platforms.

And now I'm trying to talk about it a lot in France. I've created a community, I've done quite a few things for Bug Bounty in France. And now I've been making a living out of it for two years. So that's all I do now – I'm a full-time bug hunter.

On why he enjoys hacking so much…

Personally, I love hacking in general. I'm so curious that I like to go and see how everything functions, how it works, how you can make things deviate a bit from their basic functioning. And I think it's essentially about curiosity. And I also like tinkering. It's a bit like the cheating I used to do, which is still a bit present here, but now it's more for a good cause.

On what a typical day looks like as a full-time bug hunter…

Well, in reality, in a standard day for me, it starts with waking up and knowing: am I going to work or am I not going to work? I'm lucky to have this freedom.

I'm a big fan of video games, so my days are split between potentially playing video games, spending a bit of time with my partner and working – sometimes I have to! But I don’t always work on the same devices, so I can hack on my computer from the living room, or hack on completely different devices if I'm testing very specific ones. So my days aren't really standard, after all.

On the ethical hacking opportunities available in video games…

There are some. There are video games – MMORPGs, that sort of thing – that allow testing. Today, I'm just starting to get into it, very slowly. It reminds me a bit of my younger days. Today, it's more difficult than it was. There are skills I'm missing that I'm in the process of relearning. It's also one of the strengths of Bug Bounty that I now have time to learn things that I potentially lacked back then. It's time I can take for myself, to teach myself.

On the most challenging parts of being a hacker…

For me, there's no doubt about it: the most difficult aspect is the biases you can have at the beginning. When a hunter starts out, he's bound to have biases that are gigantic: ‘I'm not skilled enough to take on big companies’, ‘there are already too many people who've tested before me’ or ‘I've spent three days hacking, I've found nothing, I'm never going to find anything’.

These are things that I think we've all encountered. And it's extremely difficult to get out of them.

On the vulnerability he is most proud of…

So there are lots of bugs I'm really proud of. I like bugs that are a bit devious, a bit complex.

And here's a good example: I have a very long chain that took me a month to find on a program and it earned me a $75,000 bounty. So that's something I'm really proud of; I spent a month working on it non-stop. I cried a bit, I sweated, I had a few tears of joy when I finally succeeded too.

On his preferred hunting targets…

I don't really have a preference. It's all very subjective. I can't quite explain it to myself yet. But I just have to have fun with it. I can't explain it completely. But it's true that when I see PHP on targets, it always puts little stars in my eyes. It's a language where I know there are a lot of pitfalls. I know them very, very well: I'm a former PHP developer, so obviously I know the pitfalls quite well.

On the three words that best describe him as a hacker…

The first is perseverance: I've already talked about that, so there's really no need to explain it. The second is twisted: I like bugs that are really twisted, that are really complex, where you have to untangle a lot of things. And the third is technical: I love anything technical. And I think that I've been able to develop a technical level that's quite high today. So I think those three words represent me pretty well.

On his favourite hacking tools…

Burp. It's the only one I use. A console, Burp, a browser – and that's it, I'm off! I don't use anything else. I'm still a bit of a Cro-Magnon in the way I hack. If I need a tool, I just code it and that's it.

On the profession (not including IT or security-related jobs) that Bug Bounty is most similar to…

For me, it's pretty close to being a scientist. I like finding new things, I like always trying to push my research a little further to find new ways of exploiting bugs, new ways of exploiting mechanisms that seem vulnerable to me, that aren't at first sight but that will eventually become so.

So I'm a bit like a scientist doing research. If I had an outside view of myself, that's more or less how I see myself.

Interested in emulating Blaklis? Learn more about hunting through YesWeHack, sharpen your hacking skills on Dojo, or learn about the latest hacking tools and techniques on our blog.