Hacker Spotlight: Interview with jin0ne
@jin0ne is only 20-years-old, and he is already one of the highest performing hackers on the HackerOne platform! He has submitted more than 200 valid vulnerabilities in just one year and taught himself how to hack at the age of 16 after one of the websites he followed was hacked. @jin0ne decided to contact the hacker, and it was that encounter that uncovered the fascinating world of hacking for him. It was a hobby at first, but it quickly turned into a job. Nowadays, @jin0ne says he hacks for about 10 hours a week because he prefers to spend the rest of his time playing League of Legends. Read more about his journey below.
How did you come up with your HackerOne username?
When I started learning web-security, I named myself Jinone, but when I registered it seemed to already exist, so I just used jin0ne.
How did you discover hacking?
One day, a website I frequently browsed was hacked. That person wrote his name on the homepage. I thought it was cool.
What motivates you to hack and why do you hack for good through bug bounties?
Hacking is very challenging and fun at the same time. If you get paid to do it, then it’s even better. HackerOne’s Hall of Fame is also a motivation for me because it provides a sense of accomplishment, and helps others, too.
What makes a program an exciting target?
The bounty and overall visibility of the program.
What keeps you engaged in a program and what makes you disengage?
I like programs that have many assets and are responsive. I don’t like programs that mark reports as information and then fix the vulnerabilities.
How many programs do you focus on at once? Why?
One. This helps me collect more information and understand the program better.
How do you prioritize which vulnerability types to go after based on the program?
In terms of vulnerabilities, I prefer to look at XSS or Server Side Request Forgery (SSRF), as well as some other server-side security issues. I like programs that provide a quick response to a bug submission. I also like programs that offer high bounties.
How do you keep up to date on the latest vulnerability trends?
I use Hacktivity, Twitter and follow several blogs.
What do you wish every company knew before starting a bug bounty program?
How truly important information security and the work of ethical hackers are to their business.
How do you see the bug bounty space evolving over the next 5-10 years?
There will be more and more bounty hunters. There should be more and more bounty programs.
How do you see the future of collaboration on hacking platforms evolving?
There should be more and more hacker collaborations. We should use our skills to help each other.
Do you have a mentor or someone in the community who has inspired you? Don't be shy, give a shout out!
In the beginning, I was looking at a vulnerability website in China, similar to Hacktivity, which was an inspiration. I also follow a lot of hackers on Twitter, who are all great. I’m also grateful to the teachers I’ve had who have motivated me to be my best.
What educational hacking resources would you recommend to others?
Hacktivity and Portswigger Web Security Academy.
If you had a magic wand and could change one thing on the HackerOne platform, what would it be?
I want to view more reports in order to gain more knowledge and skills.
What advice would you give to the next generation of hackers?
My advice is to learn some basic coding at first and then read relevant blog posts. Keep at it and don’t get frustrated by duplicates.
What do you enjoy doing when you aren't hacking?
I love playing online games and reading novels.
The 8th Annual Hacker-Powered Security Report