Yassine aka yassine_eal has a twin-track approach to choosing vulnerabilities: favouring familiar targets when his time is limited and more complex scopes when he has more time to dig deeper.
The hunter only started hunting at the start of 2025 but quickly made his mark. For instance, he performed well at a YesWeHack live hacking event at Nullcon Berlin that took place in the autumn of the same year.
This interview, filmed at the event, sees Yassine discuss the benefits for hunters of rapid triage, the trickiest part of being a hacker and his best bug find to date.
Yassine_eal on what he enjoys most about Bug Bounty…
It's really cool to improve the security of the tools that we use every day and to find vulnerabilities [deep inside complex systems].
On the biggest challenge posed by Bug Bounty….
I think for me the most difficult thing was to write great reports, to be understood by the triager and the enterprise.
MORE HUNTER INTERVIEWS Check out our community content for more hunter interviews, hacking news and solutions to our CTF challenges
On what he likes most about YesWeHack…
I think YesWeHack is very effective in the triage of reports. And it’s very great to have quick feedback on the vulnerabilities that we report.
On how he chooses targets…
So it depends on the time that I have. When I don't have a lot of time, I will look for PHP applications because there are lots of vulnerabilities, easy vulnerabilities. And when I have more time, I can go deeply into more robust applications – like bigger enterprises and with a more modern stack, like Java Spring Boot or Node.js in JavaScript.
I love web applications, because I'm a technical lead and I developed for web for more than 10 years – but I love to try other things like mobile applications.
On the bug he is proudest of discovering…
I recently found a CSRF on a big enterprise, a French enterprise, and I had control over the admin account, and I could deploy my code on every store – like [Apple] App Store, [Google] Play – for the entire group.
Interested in emulating yassine_eal? Register as a hunter on YesWeHack, sharpen your hacking skills on Dojo, or learn about the latest hacking tools and hacking techniques on our blog.
LEARN BUG BOUNTY Check out our latest security research and technical guides to finding common vulnerabilities, using hacking tools and more
