Mohamed Yusuf

After 4 months, 28 rejected reports, countless sleepless nights, and moments I almost gave up… Today, I finally got my first valid bug. One triaged report. One step closer to my dream. Bug bounty is hard, but giving up is harder. This is just the beginning. 🚀 #BugBounty

@yoyomiski Ho to be using Ai on bug bounty ?

Today triaged 4 bug > 2 bugs IDOR and LFI were found using AI. It discovered issues that I had previously missed during manual testing — really amazing 🥳🥳 > 2 bugs were found manually as usual Let’s keep pushing forward! #bugbounty #AI #IDOR #LFI

@Atomsmade @Bugcrowd Business logic errors

@Edx103 @Bugcrowd What bug bruh

I earned $300 for my submission on @bugcrowd bugcrowd.com/h/{id: "mohamed_yuusuf"} #ItTakesACrowd

P3 😀 #bugbounty

@Bugcrowd why does your triage teams to triage my submissions sometimes take about a week? My report has been waiting for triage even though the program lists an expected triage time ?

Me when I see all the new bug bounty programs on Bugcrowd

How long does it usually take for the @Bugcrowd triage team to review a report? My submission has been in triage for about a week even though the program has an expected triage time. Is this normal? #bugbounty

It has been 1 month since my report was triaged by the @Bugcrowd triage team, but @intercom has not provided any response or taken any action on the submitted report. Hi intercom internal security team @intercom Could you please check the status and provide an update?

@AkashHamal0x01 It's true

Hunting on Bugcrowd be like : - 1 week gaps between replies = late triage - No manual severity? Found a vulnerability that is P2 or P1 but impact is not in VRT category? congratulations you cannot select severity and now your report will take like 1 week to be seen

I made close to $10,000 from bug bounties this month. I'm 19. Still in engineering school. Here's what I didn't show you. I found a Critical RCE — Remote Code Execution via path traversal on a company's server. The kind of bug that pays $5,000-$20,000. Duplicate. Someone found it 12 days before me. $0. Same work. Same skill. Same report. Wrong timing. That's one of dozens. For every bounty I post, there are 15+ reports that got: → Duplicated → Marked informative → Ignored for months → Closed as "not applicable" → Lowballed after months of follow-ups But you know what I do when that happens? I wake up. No emotion. No hate. I open Burp Suite. Next target. Next report. Because if I don't, someone else will. Every day I take off is a day someone else dupes me on the next find. So I show up. Even when I don't feel like it. Even when it hurts. Bug bounty is not "find bug, get paid." It's find 50 bugs, fight for 6, get duped on some of your best work, get ghosted on others, and still show up the next morning. The $10K months are real. But behind every mountain is a hundred steps nobody sees. If you're starting out and getting duped and rejected — that IS the path. You're not doing it wrong. You're doing it. Keep going.

Bug bounty tip most beginners don't know: Don't hack Google. Don't hack Apple. Don't hack Facebook. Start with small startups on HackerOne that have 0-5 hackers looking at them. Less competition = faster first bounty even public programs. I found my first bug in a program after 1 month full tiem Paid $2500. Next post: how to find YOUR bug type — the one thing you get so good at that money becomes inevitable subscribe to be alerted when it comes .

@hugopicanzo @Bugcrowd 14days

@Edx103 @Bugcrowd So fast! How much time between you reporting and that final answer? I’m starting to think that I have a bad taste when choosing programs

Triaged 🔥 #bugbounty @Bugcrowd

@4osp3l 🔥🔥🔥

Triaged 🔥

@RemonAdnan2 @Bugcrowd Thank you so much!

@Edx103 @Bugcrowd congrats

@intercom Let's see security team in Bugcrowd reports and got accepted

Fin Labs is coming to Paris. For three days only, we’ll offer a unique learning space in the heart of the city to explore transforming customer experience with AI. Join us from March 24-26 for a series of practical events for leaders and builders, and hear from leaders at Intercom, @Anthropic and more. We’ll bring you interactive daytime sessions on scaling AI performance and redesigning teams for impact, followed by evening discussions on how organisations are adapting to AI. Come for the insights and leave with the blueprint for building perfect customer experiences. See the full schedule and book your spot – link below.

@coffinxp7 Wtf man!

@EubardWells @hackrkid @Bugcrowd 😂😂😂😭

@hackrkid Yes,I did marked your submissions as N/A many times, Kindly create a ticket with @Bugcrowd Support

All my bugcrowd reports are closed as N/A and one duplicate so far, these are the ones pending Medium - Self-hosted - awaiting response, my first bounty is from this program Low - bugcrowd - awaiting response Low-High - Zoho - Fixed and in waiting for 10 days now

@EubardWells @RelentlessT7 @Bugcrowd 😂😂😂😂

@Edx103 @RelentlessT7 @Bugcrowd Im planning to mark some of your submissions as "not applicable"

After a hard work of Triaging!!! @Bugcrowd #SayNoToBurnOut

Let's go 🔥🔥🔥🔥 #bugbounty @Bugcrowd