YesWeHack

It’s been a while… But we’re back with a new vulnerable code snippet, just in time for Valentine’s Day ❤️ Find the bug, send us your solution via private message, and try to win some swag 👕 We’ll pick 1 random winner on February 19. Ready? 👉 https://lnkd.in/enWU84Nc

We’re not ones to brag… but according to Justin Gardner, there’s some “pretty sick content” in our 2026 report 😏 From exclusive results of our hunter survey to sneak peeks into top hackers’ methodologies, the report dives deep into how the Bug Bounty landscape is evolving. Curious what caught Justin’s attention the most? He breaks it down in the latest episode of Critical Thinking - Bug Bounty Podcast 👉 https://lnkd.in/eCyen-5y

Live from Disobey 🇫🇮 We’re on the ground in Helsinki and ready to talk all things Bug Bounty and ethical hacking. 💡 Want to see how the YesWeHack platform helps organisations scale crowdsourced security? Curious about the latest hacking techniques and trends shaping 2026? Jan Nieminen, Sam Lowe and Alex B. are onsite today and tomorrow - come say hello and start the conversation. 🧠 Up for a challenge? Don’t miss Solve SQLLM, the CTF challenge designed by Brumens and integrated into Disobey’s 2026 CTF competition. Let’s see who cracks it 👀 See you at Disobey!

Today, we’re celebrating 2 years at YesWeHack for Anthony Silva 🎉 As a Customer Success Manager, Anthony works closely with organisations around the world to help them unlock the full potential of their #BugBounty Programs. Always attentive, solution-oriented and committed to delivering value, Anthony plays a key role in building long-term, trusted relationships with our customers. Thank you for your dedication, Anthony 👏 #YWHAnniversary #YesWeHack

At YesWeHack, we use AI to solve security problems, not to harvest human intelligence. 🤖   Our rollout of AI features is grounded in non-negotiable principles 👇   🤝 AI where it helps, humans where it matters – automating repetitive tasks while experts focus on complex challenges and customer context 🧑💻 Humans-in-the-loop, always – augmenting analysts, but critical decisions remain firmly in human hands 🛡️ Customers in control – empowering security teams to choose which features to use, on their terms Find out more: https://lnkd.in/eVAV3fKC

Last call, hackers! ⏰ This challenge is still live, but the clock is running out. A single JSON payload is all it takes to get RCE! This is your last chance to capture the flag for this month’s challenge, ending on February 16: https://lnkd.in/e-UNQrUV

Tomorrow, we’re heading to Disobey in Helsinki 🇫🇮 Jan Nieminen, Sam Lowe and Alex B. will be onsite and ready to connect. Whether you’d like to explore how YesWeHack collaborates with hackers, exchange on current cybersecurity trends, or dive into practical hacking tips, come say hello. And there’s more. Alex B., aka Brumens, designed Solve SQLLM, a dedicated CTF challenge featured in Disobey’s 2026 CTF competition. If you’re taking part, get ready to put your skills to the test. We’re looking forward to seeing who cracks it 👀 More info: https://lnkd.in/eDtUWtCs See you in Helsinki 🤘

YesWeHack is a proud sponsor of the Nordic edition of Next IT Security 🚀 To exchange on current security trends and show how YesWeHack helps organisations strengthen their security posture, Jan Nieminen and Ella Petersen will be onsite on March 12 in Stockholm. Drop by our booth to meet them, discuss your challenges, and get a live demo of our platform! In addition, don't miss out on our firestarter session, presented by Ella Petersen at 10:50 AM. More info: https://lnkd.in/e7nCpi93

Behind every accepted vulnerability lies something just as important as the bug itself: the report. In our latest Hunter Interview, Yassine El Alouani aka yassine_eal shares an honest insight into one of the toughest parts of Bug Bounty hunting - turning technical findings into clear reports that both triagers and program managers can work with. In this episode, he discusses: 🛤️ His Bug Bounty journey so far ⭐ The vulnerability he’s most proud of 🎯 How he decides on which programs to hunt ✅ ... And much more! Watch the full interview below 👇

Found an interesting Android target in a Bug Bounty Program but have no idea where to begin? Here’s a simple workflow to follow 👇 1️⃣ First, you need the APK itself. Download it via GApps/APKeeP/APKPure, or pull it directly from your device with ADB. Then verify the signature with apksigner to ensure you’re analysing the genuine production build 2️⃣ Decompile with jadx-gui, then global-search for endpoints, auth code, secrets, WebViews, deep links, and ContentProviders 🔎 3️⃣ Run MobSF for quick, broad coverage. It highlights common misconfigs, insecure settings, weak crypto, exported components, hardcoded secrets, and risky permissions - perfect for catching easy wins and getting a fast high-level view of how the app is put together 4️⃣ Move to runtime with drozer. Test exported Activities/Receivers/Services and especially ContentProviders (query/injection/path traversal). Some bugs only show up when the app actually handles intents & IPC 5️⃣ When you find something, build a clean PoC: create a tiny “attacker” Android app that triggers the vulnerable component (intent/deeplink/provider). It’s the best way to prove impact without needing any user interaction from the target app 🎯 6️⃣ Want the full walkthrough in action? This #TalkiePwnii episode covers APK download, extraction, and attack surface mapping step-by-step: https://lnkd.in/e2GGeywf