Power of Community

so yeah first of all thank you uh thank you besides i'm not team for having me here and thanks for the quick introduction so yeah it's it's really feel great to be here uh because uh it's been our already two years attending all the virtual conferences in this pandemic season and yeah this is my first event uh post covet so really happy to be here and glad to see everyone here and and this is important because uh this also plays an important role uh in my careers like connecting with all the peoples at conference and actually going to speak about it later so as we are speaking about the community uh my talk will be around that

only i will be sharing uh how the community actually played a key important role uh in my career since as an individual or as a company and and what uh actually matters and how it's impacted uh my whole guys so yeah let's uh go uh about me uh uh i have been uh spend my most of the time doing bug bounties since 2011. and it's been already 10 years and then for sake i started doing bug bounties uh in last of 2014s and in few years i made into top three hackers at tycoon platform and later working for hackon was become a dream for me and in 2017 i joined a hacker one team as a security analyst

where i was responsible for triaging web and mobile post reports and then this is something we are doing as a part-time the project discovery open source work and yeah at some point we decided uh to leave our current job to switch full-time project discovery so yeah i'm active on github and twitter uh my codename geekboy all all on the social media platforms no so this is this is actually how all started this is me playing counter-strike back in 2011 and actually i was good at studies in my schools i after i completed my schools i joined college college and it was not good experience for me in college since i was from one nuclear medium

specifically in the state board so i found it really hard to actually understand what's going on in those college lectures so i started to bunk lectures and playing counter-strike in cyber cafes that's how i started the computer gaming and i met one of my friend uh in cyber cafe who also used to be ethical hacker trainer suraj so he actually recommended or suggested me to do his training as it might be something will be advantage for me during my regular graduation this might be some additional point for the future as a career so on that note i i decided to do that training so it's not like i learned so many things in the start but that

training was the point which got me interested into hacking like i got to know how all the things like how how things works in the hiking community or what we can do actually with the hacking so that was a point where i got into actually hacking and curiosity and so yeah since then uh like for next three years i spent my all the time and nights researching about all the stuff i got to know up from that training session uh and yeah spending mostly based on all the times in the researching and learning the stuff and after two years i i noticed this facebook post from yogis modi one of my friend who used to be active at that time in

facebook bug bounty programs so so at that time i really had no idea like we can actually make money uh by doing hacking legally so this was my first introduction to bug bounty like there is a concept called bug bounty we can actually hack and report to companies and they will actually reward you so yeah i was so happy and excited uh so i quickly signed up on the icon platform uh and see how it works i had experience of web web hacking till two three years before uh starting the bug bounty but yeah it was not as smooth experience in doing bug bounty scenes in the start we all used to struggle because we

actually don't know how things work in the bug bounty even you had experience so if you're going from uh if you if you're doing bug bounty and then later doing pen testing then the experience of paint launching will be something different so you always need to know about what actually doing uh so so even i had the experience of the web security i really find it hard in the start and yeah it took me almost six months and 54 reports to actually find the first valid report on the hack one platform so yeah that that that's all the time it took to get my first reward and i was so happy at that time and when i got that email and noticed uh

i got first bounty i was so happy and i went out for went out from my home and like in my parents or home they actually don't have idea what i'm doing all the time on the hike one so i really had no one to express my feeling at that time like i'm so happy about getting these bounties uh but yeah it was uh really movement for the first time uh it was actually uh uh rewarded by the coinbase team it was a simple issue related to rate limit so when when i got uh got to know how things work in bug bounty what actually matters to them so basically i tried started to looking for the issues which

uh they actually take action basically looking around the activity on the icon platform the kind of examples about the accepted report so so i started with the rate limit basically they have the same prediction on the web but in the mobile application they are using different api without the protection they had on the web so it was a simple issue but yeah when i got this bounty i thought like what i want to do this this bounty since it's a first one it was special for me like how how i should spend it and since uh last four years i started uh to join uh online communities joining facebook groups making friends online so i really wanted to meet everyone like

see actual faces connect virtual profiles to real faces so i really wanted to go to some conferences so we can meet and at that time nulcon was one of well-known conference so i quickly went away and booked a nalcon ticket at that time so it was a hundred dollar warranty so i i took the three thousand ticket for the conference and three thousand for the traveling going mumbai to goa so so this is this is how i invested uh my first bounty and it was really worth when i actually went and attended the conference i met all all of my friends who used to talk all the time um on facebook and our other platforms and

we actually made new friends as well and that's why it's really important when you actually working alone at home uh it's not easy to be as collaborative and share stuff with others but if you are meeting someone you get more comfortable you get to know each other so that uh that meeting uh or attending that conference likely changed a lot of things i i really got interested into doing bug bounties and it became passion for me and since uh i i spent my most of the time doing bug bounties and in few years i reached into a top three position at hakkon platform and yeah it was a good uh to being at that position now currently

i am in the top 10 but yeah since i'm not active anymore uh since i'm not now more focusing around the open source stuff but yeah this is this is how uh this is how it started all around the bug bounty stuff and yeah since uh i was one of top hacker on the platform a television news agency from new new york based company they decided to include me in one hacker documentary so they came all along from usa to mumbai just to cover a story and they really had a week scheduled interviews like they took into you at my uh home at mumbai they also went to my native place in uf they were doing

all the recordings in my village uh like flying drones and making videos uh like just imagine the scenario where uh no one in your family or village really had idea about what you actually do all the time on the computers and now some foreigners coming to your village and making videos and doing all the things that that was uh really uh insane feeling and hard to actually make them understand like why they are here and what i'm doing but yeah and and also uh after that i was also invited to uh my first live hacking event uh uh hosted by hacker one in uh las vegas uh 2017 actually and yeah those are some moments from the

conference and uh that documentary and those are really great times to remember my life and yeah since i mentioned like how hacker one uh changed my life or in terms of bug bounty i really wanted to work for hacker one it was on my dream job and when i visited las vegas i actually met ceo of echo and martin mikos and i expressed my desire like how uh how i like how much i uh feel uh and care and wanted to work with taco one so i can help in whatever manner i can so being one side of the community that is doing bug bounty as a bug hunter is one thing and seeing the same space from the other

side is also whole different experience so i actually wanted to see that experience as well to understand uh all the all the stuff around the bug bounty and yeah like in in in 2017 i joined haikawan as a secure analyst and did a job for the three three years and yeah this is this is this is uh all all around how it went for for the bug bounty and and after that uh lik in all all of my experience all the time i i always been fan of automation how we can actually minimize the stuff we do manually all the time while finding the bugs or reporting the issues or whatever step it is if we can

automate we are actually saving our times so we can spend our times uh in actually exploring the application and for the all the repetitive tasks we can actually or if we can automate then there's uh nothing can be better than that so so yeah these are few points which i noticed that can be solved at that time uh like there are many instances where we actually found the issue and now we quickly wanted to scan the same vulnerability across all the hosts we have as a bug volunteer enter it could be your all bug bounty programs having uh limited or wild scope you can basically uh basically a solution which you can easily run across all the host and as a

company uh the same stuff so there are many repetitive stuff that we can actually automate and and the other thing which i i noticed at that time like if you if there are good products but they are mostly focused around the enterprise like those solutions are intended to be used by enterprise and not as an individual or as a hacker so so uh i actually wanted to build or do something which can be directly utilized by hackers uh basically making all those good solutions more approachable and easily available for all the ones and not uh enterprise companies only and and there are many existing tools as well where the they might be good uh running a single tool but if you wanted

to create a workflow utilizing multiple tools running in a pipeline so then they they not might be a user-friendly in a manner where you can actually take input from wall tools to pass to other tools so so so there was uh these things which uh like uh i noted down then this is something uh if i if i ever get a chance i will i will try to improve since i'm not a developer i always had ideas and yeah i wanted to execute whenever i get chance and and yeah like this story about how we all met and since i'm active in the bug bounty company i always uh relied on open source tools like what are the

better options we can use for achieving our task and sub finder is one of the projects which i use a lot by the way like how many of know or use the finder in your daily life if you are doing bug bone dependence so yeah same for me uh uh i was using this tool a lot for the subdomain innovation and i have also created few issues or searched some features in these projects and and that's that's how i got to know about the authors of this project and as you can see the ice man was one of code now author of this project along with the marco mj who is helping him to maintain

this project so we actually uh started sharing our idea to each other like how we can solve multiple things if we can automate this as well since we all are coming from some work experience where we had multiple problems in day-to-day life if either as a security engineer as a bug bounty hunter or whatever name it but yeah there are list of things which we actually wanted to solve and has a common interest so so we collaborated uh we actually made on the github and later collaborated to work on multiple projects to convert those ideas to in reality and we actually uh released a lot of projects after that like within within a one year of

collaboration we released multiple projects as you can see nuclear httpsx and we really uh like pumped up when we noticed there's a lot of contributor contributes contributors from the community that we closed uh 300 plus issues there are so many uh prs coming from the community so this was not something we were very sure about like how it's going from the company point of view we are working to make those solutions but we really not expecting like community will actually uh contribute back to us so so it was so excited so exciting for us like uh like people are actually using uh the solution we are pushing in the open source space and yeah people started

to love us and they they they shared a lot of stuff on the twitter and and these are the things which actually keep uh motivating us to make more tools at least maintain whatever we have because uh their company just not using your tools they are actually continuously providing the feedback like what how we can improve whatever tools we have so it's not just we make a one-time solution and it's going to be like that for always we always get constant feedback for the community and the features to be implemented so so actually company is playing key role for evolving the projects we have and even uh for creating the new projects as well so so

we we're really happy to to work with everyone in involving around the projects and we uh yeah as you can see there are many uh tweets around uh giving credit uh for whatever we have achieved and released in in form of open source tools and we also noticed like there is a good trend around lots of new users following to our all the projects we have released so there was clear indication like uh people are actually uh using those solutions and as these trends got picked by the users we we started to get emails from the investors like they they offered us to raise the funds so we can work on either uh commercial solution or whatever

they wanted but yeah it was really crucial for us in terms of decision because we we were doing this as as our part-time project and not something we are doing all the time but we were so convinced by doing this that we wanted to continue the same but if if we are raising any funds then it's also additional responsibility like what investors are expecting from us and at the same time we don't want to give up or stop what we are currently doing that building more open source tools and and not just jumping to uh building some commercial solution so it was also important to a pick up partner who actually understand the values of open source

and understand the importance and impact of it in the community so so yeah that was a important call for us and at the same time as said we most of us are working as a full-time med somewhere so uh leaving the full-time job and doing as a full-time is something also crucial uh we all met on the github we like i still uh i still did not meet one of my co-founders from brazil but this is a story like we don't even met but we started a company uh so it it was really crucial call to leave our current job to go this uh go full time on this but we also know like if we are able to achieve

uh this much of attention or uh like helping the community making the great impact while doing some stuff in the part time then what will happen if we are doing actually as a full time so there will be lots of possibilities or things we can change so so we took that decision and uh and earlier this year we raised a fund and backed by uh some of great community members including cisos from google twitter hashicorp vps from netflix and databricks so yeah this was uh this is uh this was story behind how how i started uh doing bug bounties and eventually formed the company uh completely based on the open source and contribution and where community actually played the key

and importance role for constantly giving us feedback and and and it's really important to actually uh like if we wanted to be as successful as an individual and if we know what we are doing then we can do that but if we if we wanted to make something which will impact everyone or at large scale then we actually need to work together and and here uh companies what made it possible they they always align with us around by sharing the constant feedback work feature equation all the stuff and we always intend to work in a similar manner keeping the company always on the priority and yeah i'm again thankful for all all the stuff we have achieved

with the community and there there are so many contributors around our projects actually someone in our audience who is also a top nuclear template contributor so again thank you everyone uh uh involving around the projects and we actually before raising the funds we we created a nice uh reel uh for so uh showing uh all the team members like uh what kind of feedback we received from the community and it was really a nice compiled video that i wanted to play right now i will i will end my note on this so let's save [Music] for the discovery team has done it again they did not only release one tool they released two nuclei which is the larger

framework in which the subdomain checks are in um the new one is absolutely amazing it is uh it is one of the coolest pieces of scanning tech to come out for a while that team is on fire team behind project discovery hasn't really been chilling lately they've been working really hard on putting out some great great great go base tools they are the creators of subfinder naboo shuffle dns and dns pro all these are super great tools like when you look at a lot of the major like really kind of popular hacking tools that have come out recently they're actually groups that are releasing them and project discovery is one of those groups i look for

over 687 different reg access to see if it matches

now i'm going to do a little plug for nuclei scanner because i think it's one of the future of uh web app scanning the project discovery just recently brought the new update to the nuclei framework and this is a huge speed improvement if i'm reading this data right the new one should do it in less than a second and if that's even remotely possible i would say that's an insane speed improvement the one that's unreleased that a lot of people are talking about is project discovery's framework and this is they don't have a name for you at a camera which they give their name to it but you can see that it looks super slick right project

discovery is working on uh one of these it's unreleased but they've released a lot of the tools that are going into the engine so nuclei is kind of the first step of mass exploitation i've been promoting nuclei in various places ever since i found out about it just because i think these community driven tools are essential right not not just that or bug bounty hunting i mean i i really feel for infosec like we need more community driven tools nuclei is going to be like the metasploit of web hacking we haven't really had something like this where you can make your own checks the checks are extensible and easy to write the framework is distributed you know

they're they're releasing checks all the time they're releasing tool functions all the time super cool and i love this kind of community contribution toolkits that the project discovery team are dropping super inspirational good stuff [Music] so yeah that was all uh thank you for listening by the way i will also available offline so if you wanted to fill in your question later so yeah feel free to hello hello hello sir hi sir i read that some vulnerabilities like skull injection and cross-site scripting can be prevented by web application firewalls so applying such kind of approach is how much effective uh can you explain something about that uh sure so so like web-based protection in the web

application is always like hardening or hiding the real vulnerability behind it like you can actually stop the hackers if you are having some good configuration but generally it's not recommended to actually use this as a prediction uh protection because the real vulnerability actually lies within a code so if you are actually allowing the hackers to use a non-web code or project they can actually identify the vulnerability and if if you are using the web then it is good for the security point of view but it's not actually a fixing the bug but making it hard for the hackers to exploit the vulnerability so i will say is to at least if we are protecting the production environment in

the web at least have some sandbox environment where you are exposing those uh raw access to the hackers to find vulnerabilities but yeah it's always good to have in production at least keeping other aspects of the business okay sir thank you hi sir hi sir thank you first of all thank you for nucleus of finder and httpx my day doesn't start without using these tools so sir i just wanted to ask any i mean any suggestions for finding server-side sql injection especially the recon thing right how to do proper recon in order to find server side uh injection vulnerabilities so like there's a two aspect of it like if you wanted to find this in a mass scale in form of automation

then definitely you are going to collect all the urls targeted related to your target either using any existing tools for example get your urls and any similar which will enumerate all the available urls and then you can inject your some sql in injection parameters codes by replacing those values around available parameters and see if there is any matching response that that's one way of doing in the at mass scale but if you are going uh per application then you definitely need to see like how all the end points are specific and 0.3 reacts based on your input so it's it's all about observing around either so manual approach or doing automation just look for the responses it behaves based on

our inputs thank you hello sir hello uh as you talk about automation right yeah so in future there is many many many possibilities that the car would be shipped in electronics so it quite a thing that hacking is more important at that time because uh new things new works and security is a myth from uh i was just i want to ask how many beginners in the house please cheer up please please don't be shy please cheer up if you are beginners just let me know please it's this will be the question from all of us to the server because time is not okay not an issue don't be shy but the question is everyone want to know from where to

start and after eh what would be the first step to move on because in 2020 we have seen the pandemic is quite the cyber security has just doing the boom so after that everyone is doing the eh going to the easy council website or somewhere else it may be possible but after that they don't know and everyone is doing the scam so please let us know how can just we prevent this camp and can be a good ethical hacker or maybe a penetration tester in the future definitely a good question yeah and and yeah like it's a one of most common things in recent days where we are not able to identify what we actually need to look on or what like

what's legit or what not and and it actually starts from our motivation like we we wanted to bug bounties or learn security uh uh based on what purpose like in the in the recent days like uh bug bounty became a good marketing stuff where so many uh new peoples are joining just because uh seeing all the online posts around bounties or getting interested like uh like just join the bug bounty and we can easily make uh monies and and in in in that context uh we try to uh look uh or use all the available options either it's online trainings or whatever we find on the social media or github we try to brute force and use all the

options and at the end if nothing works then we think we started something like like why it's not working for me so this is something always depends on the individual how they are approaching to this and as i said like for me uh in the start it was all always around the learning uh then like what keeps me interested in the subject and even like after three years i got to know about the bug bounty so so if if your primary focus on like uh getting uh bounties or earning by doing this then you might start feeling uh like uh it's not working for you very early on the stage but you if you are

approaching uh this learning or doing bug bounties or pen testing or whatever please understand this like it's things going to take some time and it doesn't matter like if you're making money or not from it if you are learning or something learning new on the daily daily basis then it's it's a worth to uh learn and follow those resources so yeah just uh don't blindly follow all the stuff even your falling is not bad but just don't keep all the expectation all the time like if i'm going to do this then this will happen uh always try to focus on the learnings if uh if if there is a single bit of information adding after

you took some courses or learned about new stuff it's worth and yeah always always try to see the difference between learning and earning and and that will lead to at least a focus on the quality hello my name is nisan sir and uh as you know you have very good experience in security researching splash burgundy so my question is to you are hunting on a program so at what condition you know that you have test cases and all check lessons also doing but we manually we can dig deeper and deeper in that program or application so how do you know that this is the stopping condition me for to leave a program or stop testing on this program

so we cannot get burnout or demotivate on the program thank you so yeah i get the question so basically he's asking like at what point uh you actually understand if if it's still worth to invest more time on the program where you are hacking for the long time so so so yeah and there's one more question attached to it like how uh automation or the experience you you have will help to make that decision this might be a little bit unrelated to question but i uh it's important i wanted to mention that uh when there is a like there is a conception about uh doing uh performing testing uh as a manual or as a in automated manner uh so but

the thing is like it it doesn't have to one of them automation always going to help to uh help with the manual testing like for example if you're doing recon those those information will help to perform those uh manual testing so automation is always something complement to your manual testing and you should always focus on the manual testing but at the same time to get more time for doing manual hiking you you set up all those automation to get all the information around your target and about like when it's a time to leave that program or when that call will happen so when we are performing a manual testing we actually go through all the application we get to know about

all the apis of functionalities or features that product may have so if if you if you've gone through all the stuff and you noted down all the stuff there is nothing new which can actually uh new endpoints or feature uh you you wanted to work on like you can keep hold on that but that's where the automation of things will help like for example let's say api endpoint monitoring or js monitoring whenever new features or files are getting added to that application you will be aware like there is a new feature that i can test even i have tested all the application in the past so so it's not like uh always giving all the time to one program and

then leaving move on you always keep the data or map of all the things you have worked in the past those information so whenever something changes then you go back to that program and start hacking again and it's it's actually easy to going back to those old programs compared to compared to started hacking to new new program because then you have to process all the information uh on the new program so it's it's it's not like you just leave and move to next one collect all the information make data of all the things whenever things changes then you again go back and try to find new works hello hello uh first of all hello sir

uh that was really nice presentation by you and so uh my question is what do you think about a future of cyberspace uh like do you think uh ai ai gonna take over uh all this uh penny testing stuff fantastic stuff like this is always been discussion like ai is going to take over there's always been discussion around if ai is going to take over all the automation or manual testing but again it is something like automation it is always going to help or minimize a manual effort at at uh at some level where it's possible but there will be always a human interaction involved with it so it's it's never going to replace the testing or automation otherwise it

will apply same to on the real world as well like robots will replace the humans maybe we are not required anymore so these things will always going to help us for doing better automation or security in the future but there will be always need uh around human interaction in all the processes and what do you think about future of bug bounty it's a it's a like if you're asking me as an individual it's uh there's an no there's no better things uh uh other than bug bounty for me as an individual like if uh basically uh scenes start i apart from hacker when i never wanted to work for any company as i i wanted to

keep my freedom for to myself and bug want is what allowed me to continue on that belief so as more cyber threats are increasing and there is more awareness around security on the global scale there will be more new programs joining the buck bounty scene so there will be a more demand than now around the researchers or more program will be uh like short of uh government will make it mandatory to have bug bounty programs so it will always going to good uh from the researchers point of view uh like this is there is so much scope to improve in this field even as a platform or program but yeah uh if there are more

bug boundary programs then there will be need of more security researchers so if you're thinking if something uh going to stay in the future uh definitely it is and this is this this question is something we keep asking for ourselves uh scene start as well but it's always bhagwant is always here and going to be for a long time and it's still maturing our field and not something evolved completely hello sir hello uh sir uh like you have uh as in as a security resource and uh triager on hacker one so uh not every work that we report on vdp is uh is been accept uh accepted on hacker one so as a triager what do you see

uh in the report that uh security researchers submit that makes that report more catchy or uh uh the triager not make it not reproducible or not applicable so what should be uh be right or we what should be there in a report that makes the triager interested in that report so generally like it's it's not about that we are just like what he is going to accept like we should report that uh triages mostly are working as a bridge between the program and the hackers they are just being a voice between both the parties but yeah as uh as we see on the hack on platform even though for that matter on the other platform as

well uh like if uh some issues getting close uh on a regular basis for example if we are reporting something it is getting rejected on the multiple programs or vt vdps or vpps it is something uh like something we need to look and see like what was their response what actually they are stating why this is not a security valid issue and if we go into that we actually understand like why it is not acceptable uh like there will be no instance where tiazers will be closing reports even it's valid and and uh yeah so so basically we as a hacker always tried to focus or understand the message what they are trying to say and sometimes they can be

genetic in in terms of sharing information why it is not applicable or informative we can always try to ask for more information why they believe it's not a security issue so we actually understand so yeah this this is why this is not a security issue and i might stop looking for that and and yeah look for the valid examples what uh if uh it's the vdp and most probably they have more disclose reports what kind of issues they are accepting this is all also a good way to approaching the targets like uh if you care more about why my bug is not being accepted versus look for the things which is actually getting accepted by the programs so in that way

you can easily go more ahead and not sticking or sticking or stopping at feeling why they are just keep rejecting my report so just just learn from those rejection ask for my more information why it's not valid issue if it makes sense to you stop reporting those issues otherwise yeah you can then again share why i believe is security issue but at the end programs need to make a call and if it's not something of their interest then we should just stop and move to the next issues hello sandeep hello thank you for you for sharing your inspiring journey with us i'm kaina uh i want to say like with nuclei we have seen a different level of

creativity in new automation so i want to ask like is there any scope for further creativity what's next thank you so like we can have a separate and dedicated presentation on the nuclei because it's it's a really uh uh there is a lot of thing which we can actually do with the nuclei but yeah in general uh like when we are working on the nuclei engine we we actually focus more on the features like what we can do uh like how we can facilitate uh doing easy automation so we worked more on the ingest for providing those features but writing templates is something always open for the creativity uh like when we started we just shared

few examples and we never expected uh like community uh going back to share all those templates currently we have around 2600 templates and most of them are shared by the community users only but yeah this was not something we expect in the start we focus on the features to uh to enable them to write creative templates but it was always expected like uh someone coming with more creative thoughts creating more nuclear templates and there are many templates which we notice like we we never imagined from ourselves like we can actually convert these steps into form of templates and and this is this is also a beauty of working with the community you also learn from them even

you you're working on that project so closely so in terms of creativity like we can do a lot of stuff with the template we just need to keep exploring what features nuclear support and write more checks on the on the top of it hello hello yeah i have one question like as per my experience for doing bug bounties on different platforms uh like so many time i see like i report a valid security vulnerability with a very good reproduce step and in next five minutes or ten the report got rejected by the team right and then we are started discussing on that report like where is the issue or something else someone join another from someone

team and they after that they reproduce the report and it's a valid one so my question is like how they can understand in five minutes or ten minutes like this report is directly not applicable or something and after that i mean i'm not saying about one report i have so many reports where i have to face the same experience so if after it will be a valid one and it will be a critical one and having a good bounty with that then in backend team as a triager they have some kind of discussion like they are taking action on on that person like why you are or or what what will be the activity like in in back end if you can

answer so yeah this is one of uh most common issues or let's say uh problems uh many researchers faced even i have experienced myself as well but yeah it's it's very uh simple to understand like why things might go in the in that that direction so like when we report stuff something to program and that program having a tr service uh any of the platform so it might not be necessary like triage actually understand all the stuff like the real program uh users who actually building those stuff know the impact so it might be possible at first attempt uh the triager did not understand the impact from impact point of view but as you said uh those bugs

were accepted later after commuting with the team so uh the team might be intervened and they changed the status of the report or accepted and rewarded bounty but yeah it's it's really possible when when you are dealing with so many reports so many platforms so many programs it's possible there will be cases where uh that others might overlook the issue at the start but yeah but that's why like uh mistakes can be happen all the times and this is something uh platforms need to be care about but as we know all the humans are involved on the side we also do mistakes so they can also and the what's important is like we try to communicate

or highlight that information to triage the program and if it went well then it means like the program is also listening on that side and you are good to stick with that platform but yeah if we care more about why this is working in this way this is not right we might uh stop at some point or not go along with that program so generally like i would say if we wanted to do bug bounties or stuff for the longer term we should less care about this stuff we we got to know about some problems and we know it's not working well for us at that program or platform we can just move on there are so many

programs options available uh so yeah it's always open place uh if it's not working something well just uh move to next program but yeah this is again something platforms uh need to care about and always open to listen uh take feedback from the community and try to improve the experience between both the side [Applause] thank you again yeah i will be also available offline so if you if you have any more questions or ideas that you want to discuss feel free to reach out thank you