Wlayzz once enjoyed discovering a bug so much it ranks as his all-time favourite even despite the fact it turned out to be a duplicate.
This was partly because of an outcome that is highly unusual for web-based discoveries, the French hunter reveals in the interview below.
Wlayzz aka Lucien Doustaly ranks 31st on our all-time leaderboard (at the time of writing) after registering with YesWeHack in 2022. The hacker, 29 years old when the interview took place during leHACK, Paris, has achieved this lofty position while combining Bug Bounty with a pentesting and red teaming role at Thales.
In this interview, the sometime CTF player also reflects on the crossover benefits of combining the two roles, what he enjoys most about Bug Bounty and his favourite hacking tool, among other things.
Wlayzz on whether his pentesting work helps to make him a better Bug Bounty hunter…
Yes, for sure. Doing pentesting during the day is something useful for Bug Bounty, because we have time also to dig on some new techniques. And sometimes you see in Bug Bounty some technology that you’ve already seen in pentests, and so it makes it easier.
RELATED We polled hunters on whether they combined hunting with a day job, their use of AI tools and choosing scopes, among other topics. Download The YesWeHack Report 2026 to find out the results
On what he enjoys most about Bug Bounty…
The most exciting thing about doing Bug Bounty is that we have the right to attack some wonderful targets. And it’s something that would otherwise be illegal, but we have the right to do it, and it's quite fun.
On the three words that best describe him as a hacker…
It’s passionate, curious and creative. I've always been curious about a lot of things. In Bug Bounty it’s the same thing. You need to search for some new techniques, to learn new things, to understand the targets well to go deeper. And if you are not passionate about what you do, you can’t be successful in this field.
On the biggest challenge he faces when bug hunting…
The most difficult part on Bug Bounty is that you don’t know if there is some bug on the target and you have to stay focused on it, try to dig deeper, and you know that maybe other hunters are always searching on that, and you always need to fight against yourself to find some bugs.
On his favourite hacking tools…
My favourite hacking tool is Exegol. So it’s like a containerisation system that brings a lot of hacking tools inside and it’s very, very useful.
On what he likes most about YesWeHack…
I love the way they create links with the community, always sharing blog posts and always being present at some events. It’s super fun. And the triagers on YesWeHack are very, very, very good.
Which bug you are most proud of discovering so far?
This one is really funny because it was a duplicate. It was like a SIM swap attack that I was able to receive in my mailbox. It’s my favourite bug because even though it was a duplicate, it was fun to exploit, and receiving something physical when exploiting some web targets is really fun.
How do you feel about the growing role of AI in Bug Bounty?
We have seen some hack bots having a good performance on rankings on Bug Bounty. So as a bug hunter, I think we need to learn how to use AI to have the most powerful tools in our hands.
Interested in emulating wlayzz? Register as a hunter on YesWeHack, sharpen your hacking skills on Dojo, or learn about the latest hacking tools and hacking techniques on our blog.
