Ben "NahamSec" Shares Bug Bounty Success, Earning Nearly $2M Since 2023

Cybersecurity expert Ben "NahamSec" shares his bug bounty journey since 2023, having earned nearly $2 million, with 70% of that amount coming after transitioning to full-time work. He discovered a $100,000 bug at Facebook and achieved months with earnings exceeding $75,000. His strategy focuses on concentrating on a maximum of 2-3 programs (such as Amazon and private programs), with 50% of his income derived from a single program. He leverages 10-day live hacking events to quickly assess programs worth $10,000–$25,000 per critical vulnerability. Technically, he specializes in SSRF, having exploited four different Chrome instances during one event, as well as XSS and blind XSS. He recommends mastering browser execution contexts, DOM XSS, CSP bypasses, and JavaScript code auditing. He attributes 30% of his success to skills and program selection, 20% to "created luck" by accessing restricted applications (which earned him $100,000 in a few weeks), and 50% to creativity in testing unconventional approaches.