Skip to main content
BugHunter & TrailRunner
BugBounty to support my second passion

BugBounty to support my second passion

·425 words·2 mins
New article!

Some people are full‑time bug bounty hunters, but for me it’s another story.

Bug bounty, for me, is a way to stay up to date on different technologies and remain knowledgeable about various attacks and techniques. I’m often annoyed when I read blog posts that turn a nice bug or new attack into a neat story with an “easy” exploitation path. In reality, there are always details (often omitted for good or bad reasons 🤥) that you only encounter by practicing and trying to reproduce the attacks. So playing on bug bounty platforms and reproducing attacks is always informative.

Beyond having fun and testing new hacking techniques with bug bounty, there’s also the rewarding part. In my case, I use the rewards to support my second passion the trail running.😃

Last year, I decided to save my rewards for a big race I’ve always wanted to enter. I set two constraints: play only on one platform; YesWeHack and focus on programs in my country of residence, Singapore.

  • YesWeHack: I’ve known them since the early days (Kikoo BountyFactory 👋), and I like their work, so choosing this platform felt natural. I won’t write a full post comparing platforms (Google is your friend and can help you to find articles on this topic), but trust me: with YWH you get proper triage, which is a real time‑saver when you report a bug.
  • Only programs in Singapore: I like the feeling of helping something I know and that’s close to me. When you walk down the street and see a brand or service you’ve hunted on, it’s rewarding to say, “Hey, I might have helped this thing/shit to be more secure and safe for people.”

The way I practice bug bounty will never make me financially independent, and I’m fine with that. I don’t spend enough time on it, and I don’t want to. I prefer to use my time for other activities: family, gatherings with friends, and running of course. But today I’m really happy that my latest reports helped me buy my gear for MDS.

YWH_reward

So I’m officially registered for the 40th edition of Marathon Des Sables in April 2026.

MDS

Over the coming months, I’ll document my research into the gear I need for the MDS: backpack, sleeping bag, dry food, and more. I’ll also share some hacking techniques and interesting bugs I’ve been able to exploit.

Big up to YesWeHack for inviting me to programs since my first reports on public ones, and for the good experience so far hunting on your platfrom.