YESWEHACK PROPHILE ON HISXO

1┌▄──────────────────────────────────────────────────────────────────────▄┐ 
2├■▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀■[ YESWEHACK PROPHILE ON HISXO ]■▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄■┤ 
3├■──────────────────────────────────────────────────────────────────────■┤ 
4├■▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀■┤
5└▀──────────────────────────────────────────────────────────────────────▀┘ 
6
730 of April, 2020.
8╔══════════════════════════════════ WHOIS ═══════════════════════════════╗
9║              Handle: HISXO                                             ║
10║                 AKA: Adrien                                            ║
11║    Age of your body: 27                                                ║
12║         Produced in: France                                            ║
13║                Urlz: https://medium.com/@adrien_jeanneau               ║
14║          Creator of: GitGraber                                         ║
15║         Superpowers: I use python2                                     ║
16║  Life in a sentence: The less you sleep, the more you pwn              ║
17╚════════════════════════════════════════════════════════════════════════╝ 
18
19                               QUOTES                                    
20╔════════════════════════════════════════════════════════════════════════╗
21║ There's always a vuln! ${{7*7}}                                        ║
22╚════════════════════════════════════════════════════════════════════════╝
23
24                               ARMORY                                    
25╔════════════════════════════════════════════════════════════════════════╗
26║ The perfect combo: Burp Suite, FFUF and a good wordlist of course!     ║
27║ Good creativity is also important, to make sure you don't do the same  ║
28║ thing as the other Hunters.                                            ║
29╚════════════════════════════════════════════════════════════════════════╝
30
31
32
33▀▄█▓▒░ Hello, what background can you safely disclose?: 
34    │  ─────────────────────────────────────────────────────────────────────────
35    └─ After engineering study, I started to work in a french company and 
36       now I'm a pentester & security auditor.
37
38
39
40▀▄█▓▒░ How did you come to Bug Bounty ? 
41    │  ─────────────────────────────────────────────────────────────────────────
42    └─  I started to learn hacking on CTF platforms & CTF events, it's fun 
43        but the fact that this is not "real" makes the things less exciting 
44        in my opinion.
45        The concept of Bug Bounty is nice: you pwn for real, it's legal and 
46        you can be rewarded for your work (if it's not a dup lol).
47
48
49
50▀▄█▓▒░  What is your feeling on how the Hacker Community is evolving ?
51    │  ─────────────────────────────────────────────────────────────────────────
52    └─  Overall I would say that things are evolving positively, more and 
53        more people agree to share their knowledge and I thank them.
54        When I started Bug Bounty, I wish there was more writeups, 
55        discussion spaces (like Slack) and more Hunters who agreed to help me.
56        Now that I have a little more experience, I try to help new Hunters 
57        to progress and evolve as far as possible!
58    
59
60
61▀▄█▓▒░  Did you develop a love/hate relation to code ? 
62    │  ─────────────────────────────────────────────────────────────────────────
63    └─  Sometimes, I code because I have no choice, because I know that to 
64        exploit a specific vulnerability, I have to do it, but this is not 
65        a priority for me.
66        I like to code but if a tool or script exist for what I want to do, 
67        I don't want to spend time to code my own tool (I mean it for simple 
68        features). 
69
70
71
72▀▄█▓▒░ You are active on YesWeHack and have practiced others BB platforms, 
73    |  What are the Pro & Cons on those platforms? / What are your 
74    │  expectations ? 
75    │  ─────────────────────────────────────────────────────────────────────────
76    └─  Like others Hunters, I think we check all theses informations before 
77        we hunt on a program:
78    
79        - Rewards grids (who don't check?)
80        - Scope
81        - Reponse time, Triaging and Patching reactivity (really important 
82          to avoid frustration for all Hunters)
83        - The company (it's more "fun" and motivating when you know the company)
84    
85        Regardless of the BB platform, respect in interactions always must be 
86	present, both from Companies and Hunters.
87    
88        I love to collaborate when it's possible, because it's more motivating 
89        than to hunt alone (in the dark, with a hoodie and green lines on 
90        the screen).
91    
92        A "good platform" (in my opinion) need to: have clear rules, be 
93        equitable with Hunters and propose a clear interface to write reports 
94        nicely and easily.
95    
96        If a company wants to run a successful Bug Bounty program, they need 
97        to understand that it's important to respect the Hunters work, not 
98	running a program just to be able to brag :     
99        "we have a bug bounty program, we are secure". 
100        If you run a program but don't actively patch, that doesn't make sense :
101        Hunters will waste their time on duplicates.
102
103
104
105▀▄█▓▒░  What advice can you give to someone who wants to start in 
106    │   bug bounty?
107    │  ─────────────────────────────────────────────────────────────────────────
108    └─  If I have learned something in recent years and have well observed, 
109        I can give those advices:
110    
111        - Focus on a scope, don't go from one program to another every weeks. 
112          It is important to have a "background" program where you come back 
113          regularly and have spent so many hours on, that you know every 
114          subdomains, every pages, every forms & params.
115
116        - Keep going! The main quality of a hunter isn't to have 1000 tools 
117          & scripts, it's actually having persistance and not giving up. 
118          "There is always a vuln!"
119
120        - Don't be arrogant and respect the product teams. The developers are 
121          like you, like me, they make mistakes. Stay humble.
122
123        - "Sharing is caring", don't be the guy who's never willing to share 
124          anything because he has "a secret method to find vulnerabilities".
125
126
127
128▀▄█▓▒░  Is there a life AFK ?
129    │  ─────────────────────────────────────────────────────────────────────────
130    └─  What? You mean real life? Yeah, luckily! It is important to disconnect 
131        and take the time to enjoy your family, your friends and drink a beer 
132        (in moderation).
133        Motorcycle riding (when the weather is fine only) and traveling when 
134        possible.
135    
136        If you don't want to go on burnout ( this is a very serious subject, 
137        especially in the BB community) it's important to take breaks and do 
138        something else to clear your mind a bit.
139    
140        Duplicates, less rewards than expected, new invitations, new scopes, 
141        new Hunters... all of this is puts an additional "pressure" that you 
142        have to manage, take a step back before the burnout.
143
144
145
146▀▄█▓▒░  What is the future ?
147    │  ─────────────────────────────────────────────────────────────────────────
148    └─  More and more Bug Bounty programs with new vulnerabilities.  
149        In 5 years, vulnerabilities likes XSS will be less present but 
150        Business Logic Error vulnerabilities occurences will increase, because 
151        they can't be found with a tool!
152    
153        I also think (and this will maybe have a negative impact) that Hunters 
154        will increasingly automate hunting, we are at stake of losing the unique
155        human instinct that programs needs when they launch.
156
157
158--------[ EOF 
159