Public Bug Bounty Programs remain a rich source of vulnerabilities even after the hardening of scopes via pentests and private programs.
That’s one message conveyed by rising hacking talent ‘pwnii’ in the Q&A below, where she offers other valuable advice to aspiring and inexperienced hackers, recounts her Bug Bounty journey so far and discusses her favourite hacking tools and bug discovery so far.
Currently ranked 49th overall, pwnii – aka pwnwithlove – has steadily ascended the YesWeHack leaderboard since joining the platform in 2022, and is already sufficiently well regarded to be invited to various live hacking events. The French hunter currently combines Bug Bounty hunting with studying for a cybersecurity degree and a part-time position as security researcher at YesWeHack. In the latter role, she presents a video series called Talkie Pwnii, where she outlines solutions to YesWeHack’s Dojo CTF challenges.
Pwnii on how she became a bug hunter…
I started to get interested in cybersecurity when I was young. I got my first computer at nine and I started to use Linux at 14. By this way, I started to get interested in CTFs. I got into a CTF team called Flag Poisoning.
I started Bug Bounty last year at leHACK. I met some people that did Bug Bounty live events, and I started to hunt at this event. I didn’t find any bugs, but when I came home I started to hunt by myself, and now I’m here!
On her best bug discovery so far…
My favourite bug isn’t a technical one. My favourite bug is an IDOR, but I really appreciate this one because I got it when I started to hunt on mobile applications. With this IDOR, I got the possibility to modify the email of every user. So this way I had the possibility to take over their accounts.
I found this bug pretty quickly, honestly. I got a lot of ‘flex’, and it’s especially because people mainly don’t think to go on mobile applications, or just don’t dig enough.
On her favourite hacking tools…
I’m not using that many tools. My basic starter pack is Burp Suite with PwnFox. I really enjoy using tools like Wayback Machine, Waybackurls, those kinds of things.
Using Wayback Machine or tools like that is a little trick I really enjoy, because sometimes you can find some old endpoints or just like hidden endpoints, and it can be interesting. I had the possibility, for example, to find all the source code of a platform this way.
On the three words that best describe her as a hacker…
Passionate, motivated and creative. And by creative I mean that, sometimes, with the context of your bugs, you can increase the impact. So it can be nice.
On the hacking skill she most wants to develop…
I want to go deeper into mobile applications. I’m still a newbie and I really want to go deeper in web too. I mean, I have learned a lot with Bug Bounty – but I want to go deeper again.
On her career and life plans in Bug Bounty and beyond…
I plan after my studies to maybe do Bug Bounty full-time. I will enjoy travelling around the world for a few months or maybe a year, I don’t know. I would also really enjoy opening my own company in the future.
On the most challenging aspect of Bug Bounty…
One of the hardest sides of Bug Bounty is the fact that you have to admit that, sometimes, you just can’t find bugs and it’s just normal. And yeah, sometimes it’s pretty hard to deal with duplicates. But don’t forget that a duplicate bug is a valid bug. So it’s nice!
Her top tips for newbie Bug Bounty hunters…
As a new hunter, I will tell you to be patient and just be motivated. At the beginning, it’s completely normal to not find any bugs. You have the luck on YesWeHack to have Dojo, so just do Dojo, and after that you will probably get some private program invites. Don’t be scared to go on public programs too. There are a lot of bugs.
Interested in emulating pwnii? Learn more about hunting through YesWeHack, sharpen your hacking skills on Dojo, or learn about the latest hacking tools and techniques on our blog.