Hi, my name is Tommaso. I am both a developer and hacker. I started my tech carrier as a Python developer in Data Science, Machine Learning, Automation and Backend Dev; Then I started to learn Js, HTML, ans CSS so I could have also been a Frontend Dev. One day I became aware of bug bounties: you find a bug in a Platform? You get paid. After entering this Field, I loved it! After months of learning, I decided to go bug hunting in the wild and started receiving bounties. This gave me the power to continue and receive more and more bounties! Also, I have a Medium Blog where I write about Hacking and Programming Stats. Last month I hit 40K + Views!
HackerOne is a vulnerability coordination and bug bounty platform that connects businesses with penetration testers and cybersecurity researchers.It is the to go tool for qualified bug hunters. Find a vulnerability in a H1 program, report and get paid in a matter of days. With detailed statistics and nice UI Hackerone is in my opinion the best coiche for bounty hunters. Based on Signal, which goes from -5 to a max of 7, Impact(average reputation per bounty), and reputation hackers with medium/high statistics can receive private invitations and have even less competition. Check out my Hackerone profile and invite me to your private program :)
Looking for a new house for you thoughts? Trying to figure out how to share your skills and even get paid? Well, Medium is for you. You can write about anything and get even paid for it! If you, like me, just started on Medium, don't worry you can write good articles for important publications, and if your writing is good enough you'll be added as a writer and publish articles for that publication. I'm now writer for Better Programming(170k subs), InfosecWriteups(20K subs), TowardsAI(6K subs), QuickCode(12K subs). That's how I was able to get my first 40+K views in my first months on medium!
Talking about Skills, I have a background as a Developer which really helps me in Bug Hunting. Python, my language of coiche, can help me for example building scripts for reconoissance or exlpoitation, JS makes me understand WebApps, and HTML,CSS are useful in general(I used them with JS to build this Website). Enough programming, let's take a look to my Bug Hunting skills. Mainly, I hack on all platforms except IOS, but my area on interest are Desktop app and Android apps. I have extended knowledge of all main types of Vulnerabilities, but as you'll see in the Favorites Bug section, I reallu enjoy
Every Bug Hunter has favorite targets and bug types, usually the one they are better at. While I am not really good in Injectioins in general(XSS,SQLi, etc), I really enjoy finding business logic errors, mishandled file uploads, Information Disclosures via hidden endpoints(which have an actual impact) and bugs in APIs in general, for example getting back something I shouldn't by modifing certain parameters or finding hidden ones! Basically, I like everything that requires lot of thinking.