Hackberry, celtis occidentalis, is one of the worst named and least appreciated trees. They are truly magnificent full sized canopy trees that grace the forests of the Northeast and the world. The fruit they produce in copious amounts is bar none excellent wildlife feed. Hackberry's bizarre bark alone makes it worth growing, but there is so much more to these resilient native trees.

ā€” The Most Under-Rated Incredible Edible Tree by Akiva Silver

Who We Are

We are a software testing and vulnerability research firm registered as Small Enterprise under MSME Development Act 2006 (India). We test code and software for vulnerabilities to make digital world a safer place.

A One Man Army

Presently, the firm is being run by only one person, me. I started learning to program at the age of 13 and after completing my school, worked with several companies as a developer but my heart was always seeking quirks of code. This love for finding bugs in code led me to leave the job, meet amazing people on the internet and help them fix their code related problems. Now I perform vulnerability research and help people stay secure in the digital world.

Our Vision

Our research is aimed towards finding vulnerabilities in open source software and along with it, bug bounties helps us afford the expenses. Our vision is to make the digital world a safer place and secure the open source code.

Our Services

  • We find vulnerabilities in the software and responsibly report them back to vendors and developers.
  • If you run a public bug bounty program, we are already looking for security issues for you.
  • If you run a private bug bounty program, you can invite us to your program: https://hackerone.com/0xcrypto or https://bugcrowd.com/0xcrypto
  • If your code is open source, we are already auditing it for security issues. See https://huntr.dev/users/0xcrypto/



This blog is web monetized. That is, the blog is not showing you ads but depends on your Coil Subscription. Coil is a 5$ per month subscription that supports creators who create the content you watch or read. With a small 5$ subscription, you can support not just me but many creators. I am a firm believer that knowledge is free and should not be hidden behind a paywall. That is why I have not added any paywall to the web content and subscription is just a voluntary support. Please consider subscribing to coil. To make it work you will have to install the browser extension.

Privacy Policy

Hackberry is served on Hashnode. So the general privacy policy of Hashnode is applicable. Along with that, we have Google Analytics integrated that have its own privacy policy for the collection of data.


  1. Words on this blog are our own and does not represent teams/companies/servers we are part of or any person we work along with.
  2. What you read here might not be legal to practice. We are not responsible for your actions. All the information available on this blog is for ethical practice of hacking and securing the software.
  3. Bug Bounty Policies and vulnerability disclosure policies are not a permit to dump the database. Think before taking any action. Use your brain. You are warned.
  4. Hacking might be illegal as a whole in your country. As mentioned before, we are not responsible for your actions.
  5. To find the security issues and fix bugs, we collect some publicly available information as well as exploit some vulnerabilities to gain more information about the vulnerability and to demonstrate the issue to the customer that is always the vendor.
  6. We are always bound to the vulnerability disclosure rules and always report to the vendor itself.
  7. We may contact you via email regarding a security issue in your product. By that we are not in anyway threatening or asking for any monetary prize.
  8. Vulnerability will be responsibly disclosed after confirmation of fix of the vulnerability and permission from the vendor.
  9. In rare cases when vendor does not replies back (suggesting that the product is abandoned) we might disclose the vulnerability to help the users stay secure.
  10. In rare cases when vendor denies to fix the vulnerability (suggesting that they don't care for their users) we might disclose the vulnerability to help the users stay secure.
  11. In rare cases when vendor accepts the issue but does not fixes it for a very long time (suggesting they don't care for their users), we might disclose the vulnerability after informing the vendor several times (depending on the vulnerability, long time can range from 3 months to many years and generally speaking, 8 months).
  12. If you want us to not audit your product, simply write to us at vi [at] hackberry [dot] xyz.