Bug bounties are evolving faster than ever. With a surge in new researchers and a maturation in existing programs, new methodologies are needed to further strengthen the security of companies. In this presentation, I will outline existing incentives in bug bounties and how hackers can best adapt their hunting to align with these incentives. In short, this results in finding more impactful vulnerabilities that companies care about. I will present an overview of recent bug bounty innovations and present my own strategies for continuing to find bugs in long-running bug bounty programs. I will stress the need for comprehensive testing and familiarity with a company’s systems. As a demonstration, I will show a tool I have developed, released at THOTCON, that further aids reconnaissance by continuously monitoring changes in websites. Additionally, I will present vulnerability types that are often overlooked by researchers. Finally, I will give insight as to where I see the bug bounty field evolving in the future and how researchers can gain a leg up.