Hacker TL;DR

No TL;DR this week. This episode was more of a reflection on how their year went in bug bounty and the lessons that came out of it.

At the bottom of this post you’ll find a couple of templates to review your 2025 and think through your goals for 2026.

Feel free to share your 2026 goals with us on the CTBB Discord!

We do subs at $25, $10, and $5, premium subscribers get access to:

– Hackalongs: live bug bounty hacking on real programs, VODs available
– Live data streams
– Exploits, tools & scripts
– Un-redacted bug reports
– A collaborative hacking environment]
+ This is the best way to support the CTBB team. =)

Check out the CTBB Discord!
You can also find some hacker swag here.

HACKERNOTES;

— What We Learned from Bug Bounty in 2025

This episode was a look back at what actually worked for them in bug bounty throughout 2025. Below are the main takeaways, followed by two templates if you want to reflect on your own year and share your 2026 goals with us in the #2025-2026 channel on Discord!

If you’re not in the CTBB Discord, join us here.

A few points that I found interesting during the conversation:

• AI showed up everywhere while hacking this year and was used to speed up research, explore APIs, correlate odd behaviour, and handle repetitive tasks. It helps go deeper on targets without draining energy on low-value work.

• Spending more time on fewer bugs led to better outcomes. More volume often leads to more dupes and lows, more focus on fewer bugs often leads to less dupes and more highs and crits.

• Clear writeups helped bugs move faster through triage. Strong reproduction steps, clean POCs/short videos showing impact reduced back-and-forth and improved consistency. As programs get busier, being easy to understand becomes an advantage.

• Automation got easier to build and works best when paired with context and target knowledge.

• Consistent routines and limited hacking time helped avoid burnout and kept focus high. Treating bug bounty as a long-term activity made it easier to stay productive.

• Setting clear goals helped with decision-making throughout the year. Choosing preferred bug classes, target programs, time commitment, and automation work made it easier to prioritise and avoid distractions.

— 25 Summary + 26 Goals

2025 Summary

• What moments/bugs were most fulfilling to you as a bug hunter in 2025 and why?

  • Were these moments when you found the bug? Or when you got the bounty?

• Looking back on your 2025 bug bounty performance, were you satisfied with:

  • The number of bugs:

  • The impact of bugs:

  • The kind of bugs you are finding:

  • The scope you are working on:

  • The quality of your reports:

  • The programs you were working with:

• Are you happy with your current levels of…

  • Automation:

  • Organization:

  • Collaboration:

  • Amount of time you can put into bug bounty:

  • Motivation:

• What is your overall goal for bug bounty?

• What are your weaknesses as a hacker? Should we try to remediate these?

• What are your strengths as a hacker? Should you try to utilize these more?

2026 Hacker Goals

• What area (if any) would I like to grow in as a hacker?

• Who (if anyone) would I like to collaborate with?

• How much time per week (on average) would I like to hack?

• How will I manage my hacker motivation in 2025?

• How much money would I like to earn?

• How many bugs would I like to submit?

• What would I like my severity distribution to be?

• What programs/platforms would I like to hack on?

• What automation (if any) will I work on?

• What research (if any) would I like to do?

• What (if anything) would I like to contribute to the community?

Before we go, we just want to say thanks to everyone who’s been listening to the podcast.

If CTBB has been useful to you, try to pay it forward when you can. Help someone out, share knowledge, and help someone else grow too.

Happy New Year! And keep hacking.