This conference talk from nullcon Goa 2025 explores techniques for hunting authorization and logic vulnerabilities across Google products using basic hacking tools like Burp Suite. Learn how security researcher Cameron Vincent discovered significant vulnerabilities, including the ability to edit other users' apps on Google Play Store, access entire Google Workspace organizations' admin consoles, publish apps to Android devices in organizations, and view users' files on Google Ads. Discover practical approaches to vulnerability hunting with simple yet creative attack scenarios, and gain insights into making a living through bug bounty programs like Google's Vulnerability Reward Program (VRP). The 30-minute presentation covers responsible disclosure practices and provides valuable knowledge for both beginner and intermediate security researchers interested in bug bounty hunting.