Had an absolutely stellar time at
@Hacker0x01 's
#h1305 ! The
@CapitalOne team was a real joy to work with, and Miami felt like just the perfect location.
As this was my 16th LHE, I was beginning to think I would never make MVH, but having a positive attitude, grit, and stick-to-itiveness really goes a long way.
Some things that I learned were:
- It really truly does make a difference to go for impact. As someone who normally farms IDORs/PrivEscs, this was an experiment, but getting a single High bounty felt wayyyy better than getting 10 Mediums.
- I spent nearly the entire LHE on a single application. By the end of the event, no one at the event new that API better than I did. This meant that I had _very_ few duplicates. I didn't split a single one of my big bounties. Go deep.
- Have patience. One of my best bugs took me _literally_ 15 hours to complete. A bug that takes you 15 hours will almost NEVER be a dupe.
- Working very closely with the customer made success possible. My Slack conversation with one of the CapOne security engineers could nearly fill a novel. We were able to work together to escalate my findings and find maximum impact. The customer is _not_ your adversary.
- Despite hacking solo and despite LHE's being a competition, other hackers _really do_ want to see you succeed. The best thing about winning MVH wasn't the belt, but seeing dozens of other hackers LEGITIMATELY excited for me. The hacker community is AWESOME!
I loved this event. I love the
#bugbounty community. And I love both the H1 & C1 team's.
Here's to a great start to 2024 - let's hack the world!
#gloriaDeo