Bug Bounty Reports Discussed The mindset for finding highs and crits in bug bounty with JR0ch17
May 14, 2025
Jasmin “JR0ch17” Landry, a former security manager turned full-time bug bounty hunter, shares her journey from sysadmin to vulnerability expert. She discusses effective learning methods and her strategy for prioritizing critical findings. Jasmin highlights various vulnerabilities she hunts, including SSRF and OAuth issues, and offers insights on using job postings for technology guessing. With an emphasis on hands-on practice and structured recon, she reveals her approach to finding high-impact vulnerabilities while maintaining work-life balance.
AI Snips
Chapters
Books
Transcript
Episode notes
From Sysadmin To Hacker Mindset
- Jasmin started in IT as a sysadmin and transitioned into security by studying and earning certifications like OSCP.
- She said OSCP gave her the hacker mindset that unlocked practical vulnerability thinking.
Triaging Accelerated Her Learning
- Jasmin joined HackerOne as a part-time triager while working full time and learned how reports are structured and how researchers document impact.
- Triaging taught her post-message concepts and improved her ability to exploit and demonstrate impact.
Choosing Bug Bounty For Life Balance
- Jasmin left a demanding pentest role and later Nasdaq to pursue bug bounty full-time after realizing she preferred hacking and wanted work-life balance.
- She values flexible time with family and more free time for hobbies since switching to full-time hunting.
