About
About
I go by Iamunixtz – a bug hunter from Africa, still in my early twenties, still figuring things out.
This blog is where I document what I’m learning and what I find. No polished marketing, no inflated credentials. Just the honest record of someone who started digging into security with nothing but curiosity and a decent internet connection.
Where I’m Coming From
I got into bug bounty hunting because I wanted to understand how things break. Not from a textbook – from actually poking at real systems, making mistakes, reading writeups, and slowly building up a picture of how all this stuff works.
I’ve found real vulnerabilities on real platforms. Some paid well. Some paid $50. I wrote about both honestly.
What I’m Focused On
Mobile Security is where I’m spending most of my time right now. Android apps, how they handle deep links, WebViews, intent handling, JSBridge interfaces – there’s a lot going on under the hood and most of it is under-audited. I’m learning mobile reverse engineering as part of this, specifically to understand how Android apps are built so I can find where they break.
Web Security is my foundation. IDOR, broken access control, open redirects, XSS – these are the vulnerabilities I’ve been hunting since the beginning. I’m working on getting sharper here, especially around API security.
Web3 / Wallet Security is something I’m starting to explore. Smart contract interactions, how wallets handle signing, where the attack surface is in crypto applications. Still early days on this front but it’s where I want to grow.
Bug Bounty is the through-line. Everything I learn goes toward finding real vulnerabilities in real programs. I report responsibly, document what I find, and try to leave things better than I found them.
My Toolkit
I work mostly with Python for scripting, automation, and writing exploit PoCs. On the mobile side I’m learning to use tools like JADX, apktool, and Frida to understand what apps are actually doing at runtime.
I’m not going to list languages I’m just starting to touch – that’s not honest. The skills I actually use day-to-day are the ones above.
Why This Blog?
Because writing things down forces you to actually understand them. And because when I was starting out, the writeups from people a step or two ahead of me were more useful than any course.
If you’re early in your journey, maybe this helps. If you’ve been doing this for years, maybe you’ll find something worth reading. Either way, Insha’Allah, it’s useful to someone.
The wins are here. The failures are here. The $50 bounties are here too.
That’s the deal.