Hello, friends! It’s your buddy Zokomon here, back to share the story of how I found my first bug, as promised in my earlier blog.
The Beginning of My Journey
I started bug bounty hunting during my graduation in Bachelor of Computer Science. My interest in hacking started even earlier, but that’s a story for another day. Spoiler alert: it’s about how I dabbled in hacking long before I knew about bug bounties.
Before bug bounties, my knowledge was all about Black Hat hacking—stuff like DDoS attacks, WiFi hacking, and other “goofy” activities that weren’t exactly… legal. Let’s just say those skills are more likely to earn you a trip to the police station than a paycheck! 😄
How I Discovered Bug Bounty
Now, let’s get to the topic. I first came across the concept of bug bounty hunting in the comments section of a YouTube video. Someone mentioned HackerOne, bragging about their 1K–2K reputation on the platform while trying to show off in front of the video creator, who was teaching beginner hacking techniques.
Curious about this “HackerOne,” I turned to my old friend Google (yep, before AI tools like ChatGPT became my go-to). A quick search led me to HackerOne’s website. I registered on the platform and started exploring.
Funny thing—I didn’t even realize you could get paid for finding bugs until I stumbled upon the Hacktivity tab. That’s when it clicked. Hacktivity is a goldmine, showcasing real bug submissions and techniques used by other ethical hackers. I still read it to this day—it’s one of the best ways to stay updated and learn!
The Struggles of Learning White Hat Hacking
Here’s where the real challenges began. Everything I knew about hacking was Black Hat. White Hat hacking was an entirely different game. I had to start from scratch, learning through Google, blogs, and YouTube videos. Back then, ChatGPT wasn’t around to guide me like it can now!
When I finally felt ready, I jumped straight into paid bug bounty programs. Big mistake.
After submitting four Not Applicable (NA) reports and two duplicates (which were kindly marked as duplicates instead of NA), my account was locked for 30 days. This happened because HackerOne has a system where repeated false positives lead to a lockout.
Starting Fresh with a New Account
Determined not to give up, I created a new account. This time, I decided to think critically before submitting reports. Instead of rushing, I asked myself:
i) What will an attacker gain from this bug?
ii) What impact will it have on the victim?This mindset shift made a big difference.
The First Bug I Found
One day, I found a simple bug: a broken link. I know, I know—hardly groundbreaking, right? 😅 But hey, it was valid for the platform I submitted it to (Sony).
They paid me $50 and some merchandise for that bug. It wasn’t much, but it was my first win. And trust me, that little victory felt like a huge milestone!
Sure, it might seem embarrassing now, but we all have to start somewhere. For me, that small bug was the spark that ignited my journey in bug bounty hunting.
Lessons Learned
From that point on, I’ve never stopped learning and thinking critically. Bug bounty hunting is about persistence, curiosity, and creativity. If you’re just starting, don’t let false positives or small rewards discourage you.
A Word of Encouragement
Getting started is always the hardest part, but don’t give up. Whether you’re finding your first bug or improving your skills, remember that every mistake is a learning opportunity.
Stay consistent, keep practicing, and don’t hesitate to ask for help. Bug bounty hunting in 2025 is full of opportunities—you just have to keep going.
That’s the story of how I found my first bug. But my hacking journey started long before that. Stay tuned for my next blog, where I’ll talk about Black Hat hacking—how it’s done, what to expect, and why I left it behind.
