Bug Bounty Hunter Jasmin Landry Shares His Journey and Techniques

In this video, Jasmin Landry, also known as JR0ch17, shares his fascinating journey as a full-time bug bounty hunter. Jasmin begins by recounting how he discovered his passion for cybersecurity and hacking, particularly after obtaining the OSCP certification, which gave him a hacker mindset. He explains how this certification was a turning point in his career, allowing him to transition from a system administrator role to a role in cybersecurity. Jasmin discusses his early experiences with bug bounty programs, including how he found his first bug, an XSS vulnerability, for which he received a $1,000 bounty. He also mentions his initial struggles, where he didn't find any bugs for several months, which pushed him to improve his skills and read more about web application security topics. He emphasizes the importance of demonstrating the impact of vulnerabilities to obtain better bounties. An interesting part of the video is when Jasmin talks about his experience as a triager at HackerOne. He explains how this role allowed him to learn from other bounty hunters and discover new techniques and tools. He also mentions how he balanced this part-time work with his full-time job, allowing him to continue hunting bugs. Jasmin shares his experiences with different types of vulnerabilities, including SQL injections, Server-Side Template Injections (SSTI), and path traversals. He explains his techniques for testing these vulnerabilities and how he successfully exploited them. For example, for SQL injections, he mentions the importance of understanding the type of database used and testing different payloads to bypass restrictions. Another key point in the video is the discussion on reconnaissance and information gathering techniques. Jasmin explains how he uses job postings to understand the technologies used by a company, which can give him clues about potential vulnerabilities. He also talks about the importance of taking structured notes and documenting relevant information to reuse later. Jasmin addresses the challenges and rewards of full-time bug hunting. He mentions the advantages in terms of flexibility and freedom, but also the financial challenges and the need to manage time effectively. He shares his goals for 2025, including achieving his financial goals, participating in more live hacking events, and taking more vacations. In conclusion, this video provides an in-depth look at Jasmin Landry's journey as a bug bounty hunter, his techniques, challenges, and successes. It is a valuable resource for anyone interested in cybersecurity and ethical hacking.