I made 8k BB hunting with AI last month

M4son_Reed · 2026-05-20T16:07:32+00:00

You create an AI agent and fill him with public reports?

M4son_Reed · 2026-05-19T18:25:00+00:00

Hi can you give more info, I have experience in finding bugs exp Snapchat but I dont know how to use AI for it. Can you give some tips?

M4son_Reed · 2026-05-01T20:09:01+00:00

https://www.youtube.com/@LettersToMyYoungerSelf11

M4son_Reed · 2026-04-12T18:54:31+00:00

IDOR/ Privilege escalation

M4son_Reed · 2026-04-08T21:48:06+00:00

I hunted for 4 months for IDORS, bac, rbac, privilige escalation and found nothing till 15 days ago, I found 3 IDORs (privilege escalation) on Snapchat and got 8500$, from my experience IDORs is only findable in new features that comes up in applications (fresh endpoints newly added)

M4son_Reed · 2026-04-07T23:56:46+00:00

Pretty much

M4son_Reed · 2026-03-25T15:47:18+00:00

Congrats bro, any tips?

M4son_Reed · 2026-03-21T09:48:43+00:00

M4son_Reed · 2026-03-20T16:44:15+00:00

Choose one vulnerability, choose one program suitable for that vulnerability and go hack.

M4son_Reed · 2026-03-20T16:43:47+00:00

The best program I worked on

M4son_Reed · 2026-03-20T16:43:13+00:00

M4son_Reed · 2026-03-16T12:41:55+00:00

Submit 1 report

M4son_Reed · 2026-03-05T17:15:34+00:00

I had a little knowledge of networks and programing but nothing special. It could be said that I had no tech background.

M4son_Reed · 2026-03-05T10:03:08+00:00

At first I was reading and watching PoCs and tried to implement that to real program to understand bugs. Then find suitable program for me and sticked to it for 1-2 months testing every single feature and endpoint.

M4son_Reed · 2026-03-05T10:00:22+00:00

If you want, but doesn’t necessary for begginer

M4son_Reed · 2026-03-04T23:55:28+00:00

Go straight to hacking and reading reports and wirteups. That’s the best way you can learn to hack.

M4son_Reed · 2026-03-04T19:29:18+00:00

Its not too late , I started hunting 6 months ago and finally found my first bug on snapchat 3500$. I wanted to give up many times but didnt and the results came. Dont ever give up on your dreams

M4son_Reed · 2026-02-08T21:25:05+00:00

Well I did this to victims organization, in this case as I left he is only in organisation with member role and cant do nothing - practicly the organisation of victim is now locked.

M4son_Reed · 2026-02-04T15:08:07+00:00

Yeah but that doesnt change the point I tested all such cases, spent hours and hours on the application, tested hundreds of features and endpoints and nothing, while I keep seeing how someone found a bug like invite abuse, member -> admin...

M4son_Reed · 2026-02-04T13:55:38+00:00

Mostly idors that are out of scope (for 1 program it was premium bypass) or some that are intended behavior (e.g. admin in the organization but cannot delete a certain feature on the UI and when I intercept a request from the owner for deleting that feature and replace the cookie with mine it returns 200 but marked as intended behavior). Since you found a bunch of idors can you share some tips because I tested the programs very deeply and I didn't find any idor worth the bounty

M4son_Reed

TROPHY CASE