How did you get into the Cybersecurity space?

“Basically by accident! Endless curiosity, a lifelong sense of mischief, and early fascination with electronics happened to perfectly work into becoming a hardware hacker. My love for computer hacking eventually wound up as a great hobby and career!”

Accidental hacking… it happens to all of us.

How long have you been hunting?

“Roughly four or five years.”

How have bug bounties impacted your life?

“The biggest impact bug bounty (specifically live events) have had is introduce me to incredible people, many of which I’m extremely proud to call my close friends. The payout from my first live event got me to my first DEFCON, which will forever be a great memory :)”

There are countless awesome individuals waiting to be met, especially at live events. We highly recommend experiencing DEFCON at least once. By the way, we’re just one month away from the next exciting event!

Are you a part-time or full-time hacker? How much time do you spend hacking each week?

“Part-time for sure, the time ranges anywhere from 0-20 hours a week depending on programs and availability.”

We believe that this is constantly subject to change for the majority of hackers, depending on their availability during any given week.

What has been your biggest challenge while hacking? How did you overcome it?

“With hardware hacking, programs are sporadic and super deep-dives are necessary, which make it extra tough to be consistent. Understanding and coming to terms with both external and internal limitations is a very important part of the process.”

Deep diving takes you further.

Do you have any favorite tools or resources? What are they?

“If I could only take one hardware tool with me it would be the Tigard by Joe Fitz. Aside from that, a trusty multimeter and a soldering iron can get a ton done :)”

If you could only use one tool forever, what would it be?

Do you have any advice for new hackers or people transitioning into bug bounty?

“Don’t be afraid to fail, especially when trying new things! Even if a vuln doesn’t pan out, picking up little bits of knowledge along the way will be even more valuable :)”

Aye-Aye Cap’n

What’s an important lesson that you wish you learned early on in your hacking career?

“A large part of hacking is being willing to poke at things most people aren’t willing or wanting to. Properly diving deep and setting up/instrumenting targets will pay off!”

How do you avoid burnout?

“Whenever I hit a rut in my research I try to remind myself what my goals are. While of course money helps a lot, and I am very privileged to not have to worry about bounties to support my life, reminding myself that my motivation is based in doing cool things and learning along the way helps keep me motivated & sane.”

In the ever-expanding realm of knowledge, there’s always room for learning and growth. But hey, don’t forget to sprinkle in some well-deserved breaks along the way!

Why do you hunt with Bugcrowd?

“The people Everyone I’ve interacted with at Bugcrowd has been amazing, many of which I’ve gotten to know quite well over the years :P”

Tell us what you do for a living or your career aspirations.

“Along with being a student, I work doing hardware reverse engineering and software vulnerability research.”

BusesCanFly does it all.

What does your life look like outside of hacking?

“I love rock climbing, 3D printing, and being lazy in the sun :)”

Tell us a fun fact about yourself!

“One of my earliest memories is being brought to a datacenter with my dad, being sat down near a tape drive sorting machine, and being captivated for hours.”

“Bug bounty has absolutely changed my life, and I’ll forever be grateful for the experiences I’ve had, people I’ve met along the way, and the great friendships that blossomed! <3”

BusesCanFly, it has been an absolute honor to hear about your hacker journey. We are on the edge of our seats, eagerly anticipating your next mind-blowing move! Want to stay caught up with all things Bugcrowd? Follow us on Twitter, Instagram, and LinkedIn and don’t forget to join us on Discord! Are you ready to join the hunt? Sign up for a researcher account today and start your hacking journey!

The post Researcher Spotlight: BusesCanFly appeared first on Bugcrowd.

How did you get into the Cybersecurity space?

“The road to cybersecurity is little different for everyone. I was never good at hacking and I did not obtain any scientific qualifications or any certificate in this field. So, I watched the th3g3nt3lman video on the BC YouTube channel about a GitHub topic. It was really cool and easy to understand, so I immediately started looking for leaks and I got 6 bounties in the first month. In my first 3 months, I didn’t understand the meaning of sub domain or domain or ports or anything else but after that, I started reading and watch everything connected with bug bounty topics.”

Don’t walk, run to the Bugcrowd YouTube channel to start learning how to hack.

What and/or who first sparked your interest in hacking?

“I have wanted to be in this field all my life, but the person who first sparked my interest in hacking was my brother, th3g3nt3lman. I said to myself, ‘Yeah, nothing is impossible; I can do something’…”

The right mindset to achieving your goals: “I can”.

How long have you been hunting?

“I started in 2020 (3 years ago), hunting and learning at the same time.”

When it comes to hunting, learning will be a constant. Keep learning, keep growing.

How have bug bounties impacted your life?

“In fact, bug bounties have completely changed my life. Before bug bounty, I was drowning in debt, but in 3 years I was able to pay off the debt, travel for tourism many times, own my own home, and help my family.”

If this doesn’t inspire you, we don’t know what will.

Are you a part-time or full-time hacker? How much time do you spend hacking each week?

“I hunt full-time, but at the same time I do not exhaust myself. So, I hunt about 5-6 hours per day and the rest of the time I spend with family and friends.”

What has been your biggest challenge while hacking and how did you overcome it?

“There are many challenges but most of them are the feelings of being distracted by the huge number of programs on the table, as there is competition everywhere. I was able to overcome this challenge by putting my focus on certain types of programs and collaborate with friends to divide the tasks. However, do not lose your focus by working on many platforms and programs at the same time. Choose a place where you find comfort to work.”

Do you have any favorite tools or resources to learn? What are they?

“I use a lot of tools all the time, just in recon part subdomain enumeration, port scanning, etc. But, for testing, dorking on google/github/bing, Burp Suite, and nuclei with specific templates. Create a special template for each vulnerability that you have discovered and run this template over nuclei on all programs. Finally, the best place to learn is to watch the community’s Twitter posts. Here you can find all the useful tools in hunting and indexed.”

Bookmark that page for a go-to resource.

Do you have any advice for new hackers or people transitioning into bug bounty?

“1: Focus on information disclosure bugs, 2: Focus on IDOR bugs, 3: If you don’t have background in JS language start learning JS. No one was born an elite hacker, so never give up. Thomas Edison conducted 1000 failed experiments. The 1001 experiment was the light bulb. You will got a lot of N/As – duplicate reports at some point. Accept it because every N/A – duplicate report is one step closer to success.”

What’s an important lesson that you wish you learned early on in your hacking career?

“Learning web languages and how to write excellent reports.”

How do you avoid burnout? How do you take care of yourself and your mental health?

“Sleep well, gym, and most importantly, don’t be an introvert – sit with family and friends. If I’m about to finish finding a bug and I feel exhausted or tired, I stop immediately and go take a break or watch something on TV. Also, after finding a bug, I don’t report directly, I take some time to rest. After I rest, I start sending the report.”

Where do you see your journey going from here? What are some goals you have for this year?

“I see myself finding more bugs/0days and being distinguished, loved and helpful to many both new and old hunters, I would love to see everyone win. A goal I have is Marriage, but I’m still looking for the right wife .”

All the single ladies, all the single ladies.

Why do you hunt with Bugcrowd?

“The answer will be a bit long and I advise everyone to read it.

I want to point out that I have hacked on many platforms, but Bugcrowd platform is absolutely the best for me, for many reasons and I will mention some of them…

1. The reporting form is very clear and easy to understand and the VRT is amazing
2. Sorting and displaying of programs is very impressive
3. Return to the previous report easily and separate reports for each program individually
4. The triage team is very fast, smart, and most importantly very cooperative, which is not found on other platforms
5. You can communicate with support immediately and in more than one way, and they are also a great and responsive team
6. Challenges, events, and swag is amazing
7. The simplest thing is when you tweet about bug or bounty on Bugcrowd you see the Bugcrowd team being the first to congratulate you on this amazing achievement
8. Great risk assessment. For example, if I sent a duplicate report, but it showed a high impact, it is closed as a duplicate, but sometimes a blocker is placed for a special team to look at this report.

And more wonderful things, but I need at least 4 pages. From here, I want to thank all the Bugcrowd team especially Tal, Timmy, Jordyn, Rami, Tatiana, Wilson.”

As the Bugcrowd team, we appreciate your resilience in pushing limits to reach your goals.

Tell us what you do for a living or your career aspirations.

“I do not have any certifications that qualify me to work in this field, so I am continuing hunting to get more bounties.”

What does your life look like outside of hacking?

“A natural and wonderful life. I sit with the family and go out with friends, watch parties, but the most important thing is that I spend a lot of time with the children at home. I love them a lot.

I donate 20% of every bounty I get to help people. In the past, I suffered from poverty, so I could not complete my studies and did not obtain certifications. I didn’t want to watch other people suffer from the same thing, so every year I pay the university fees for two people who can’t afford the fees. Thanks to God, so far in 3 years, I have helped 6 people complete their studies at the University.”

Who is your hero?

“I have 3 heroes…

In life: My mother

In success: Denzel Washington

In hacking: My brother, Majd [th3g3nt3lman]”

Tell us a fun fact about yourself!

“My main profession is a chef. At the beginning of bug hunting I was cooking and hunting in the same time from my phone and I remember two funny things that happened at that time. I was roasting the chicken in the oven and at that time I found a critical bug and immediately started reporting from my phone. When I finished writing and sending in the report, I found that the chicken had burned, but it’s ok, still a critical bug I reported, LOL.”

“I want to end this writing with words that I like, when you ask for strength, god will not give you strength, god will give you difficulties to make you strong. When you ask for wisdom, god will give you problems to solve. When you ask for courage, god will give you dangers to overcome. When you ask for patience, god will give you situations where you are forced to wait. When you ask for favors, god will give you opportunities. When you ask for everything so you could enjoy life, god will give you life so you could enjoy everything.

Never give up, never back down. Believe in yourself and be patient. Thanks All!”

Orwa is a great example of what hard work looks like. We are proud of all the milestones you’ve reached so far and can’t wait to see where your journey takes you next.

Want to stay caught up with all things Bugcrowd? Follow us on Twitter and Instagram and don’t forget to join us on Discord! Are you ready to join the hunt? Sign up for a researcher account today and start your hacking journey!

The post Researcher Spotlight: OrwaGodfather appeared first on Bugcrowd.

Learn all about Bl3ep, also known as Jo, a human who finds things, breaks things, and lies for fun and profit.

How did you get into the Cybersecurity space?

“I got into the field through the less-interesting tertiary education route where I did degrees in Information Security and Criminology.”

There are numerous paths that can lead to a career in cybersecurity and hacking, and we’re pleased you’ve chosen this one.

What first sparked your interest in hacking?

“Mid-degree, mid-quarter-life crisis, and came across a recording of a DEFCON Las Vegas talk on YouTube. Of course, it’s never just one video. Next thing I know I’m watching talks about weaponising your cat, radio hacking, and Barnaby Jack “jackpotting” an ATM. Not only did it sound fun, but it also sounded like a potential career path that I could stay interested in for the next couple of decades. As YouTube rabbit holes go, this has probably been the most rewarding.”

We know the YouTube rabbit hole all too well.

Are there any women in the cybersecurity field who have influenced you?

“For sure, I’m an amalgamation of all the women that I think are cool. I find other people’s enthusiasm really motivating and energizing, so whenever someone nerds out about something they’re clearly passionate about, I’m starstruck. Another group of women I find really inspiring are those who use their skills, talents, and leadership to spark change. Some of the many many people I think are pretty cool are: Zemmiph0bia, momowowo, pamoshea, and pink_tangent.”

We admire the women who have brought about change, especially in the technology field.

Are there any women in the space who have helped you on your hacking journey?

“There’s been so many women who have helped me both directly (through advice or teaching) or indirectly by running community events and women-oriented events.”

Round of applause for them and you!

How long have you been hunting?

“I started hunting in university as a way to practice and earn some extra cash and have been hunting on and off since then.”

How have bug bounties impacted your life?

“Bug bounties help me save some extra money for the future. I didn’t grow up in the best financial situation, so being able to support myself financially means a lot to me.”

Are you a part-time or full-time hacker? How much time do you spend hacking each week?

“I’m a full-time red teamer and hunt on the side. It depends! Sometimes not at all, other times an unhealthy amount.”

With hunting, it can be hard to start or stop.

What’s the best part about being a female hacker?

“The best part about being a hacker is constantly challenging yourself and learning everyday. As with pretty much everything, it’s not for everyone, but amazing for those who enjoy it. Diversity in any field is essential, and that includes cybersecurity. Being a woman allows me to bring diverse viewpoints, skills and inspires more women to pursue careers in cybersecurity.”

What has been your biggest challenge while hacking? How did you overcome it?

“My biggest challenge is staying consistent and I’m still not perfect with it. I’m trying to overcome it by making hacking a part of a disciplined routine rather than something I do when motivation strikes.”

Excellent advice. Consistency is key to improving your skills!

Do you have any favorite tools or resources to learn?

“I have three favourite types of resources:

Virtual Labs: Virtual labs provide a safe environment for learners to practice their hacking skills without fear of causing damage. i.e. PentesterLab, Hack the Box, and TryHackMe.

Online Courses: Online courses if you do well with a structured learning environment. i.e. Udemy, Code Academy.

Capture the Flag (CTF) Challenges are a good way to practice if competition motivates you. i.e. CTF365, VulnHub, and Hacker101.”

Do you have any advice for young women who might want to start learning about bug bounties?

“Stop thinking about doing it and start. Just do it! Also, reach out to like-minded people in community groups for help and guidance. If bug hunting is your largest stream of income, put aside a good chunk of money from each payout to stop yourself from over-stressing when you hit a dry spell.”

How do you avoid burnout? How do you take care of yourself and your mental health?

“Oh jeeze, I’m still trying to figure this out but this is what I’m trying to make a consistent conscious effort of doing:

Setting boundaries
Specifically by setting clear boundaries between work and personal life. Prioritize rest, relaxation, and personal time to recharge your batteries.

Take breaks
Take frequent breaks throughout the day to rest, recharge, and refocus. Regular breaks can improve productivity and reduce stress levels.

Talk about your feelings
Reach out to friends, family, or a mental health professional for support when you need it. It’s essential to have a support system in place to help manage stress and maintain mental well-being. Therapy is for everyone.”

Thank you for sharing. Mental health is so important and having a support system is essential.

Where do you see your journey going from here? What are some goals you have for this year?

“I intend to keep doing what I’m doing now. Stay learning, getting better at the craft. My goal for this year is to complete some certifications I’ve been putting off.”

One step at a time, you got this.

Why do you hunt with Bugcrowd?

“I hunt with Bugcrowd because Bugcrowd has a range of programs with scopes that interest me.”

Tell us what you do for a living or your career aspirations.

“I’m a red teamer. I’m still trying to figure out my career aspirations at the moment.”

What does your life look like outside of hacking?

“I have too many hobbies and not enough time. I’m an avid gardener, painter, and locksport enthusiast but recently I’ve also been getting into pole dancing and making my own charcuterie.”

Who is your hero?

“Elle Woods from Legally Blonde.”

‘You can do it The Washington Way, but I’m going to do it The Elle Woods Way.’

Tell us a fun fact about yourself!

“I’ve never seen the Star Wars original trilogy.”

Such an honor learning about your journey, Bl3ep! Show your support for International Women’s Day with #IWD2023 and #EmbraceEquality on social. We’re off to watch Star Wars and Legally Blonde.

Looking to stay caught up with all things Bugcrowd? Follow us on Twitter and Instagram and don’t forget to join us on Discord! Are you ready to join the hunt? Sign up for a researcher account today and start your hacking journey!

The post Researcher Spotlight: bl3ep appeared first on Bugcrowd.

How did you get into the Cybersecurity space?

“I trained to be an electrical engineer in college, where I specialized in embedded systems and communication between computer systems. After college I worked as a network engineer for a MSP and over the years my interest started to shift more to cybersecurity as a professional career rather than a hobby. In 2018 the incident at OPCW in the Hague where Russian spies tried to hack into a WiFi network was the point where I decided I wanted to use my skill to make our world more secure. So after that I decided to get some Offensive Security certifications and get a day job in the cybersecurity sector. Looking back at my life it is no big surprise I got to where I am today.”

What and/or who first sparked your interest in hacking?

“All my life I have been curious to learn how things work, especially appliances and computer programming. When I was around 7 years old in the mid 90’s my dad showed me how to write simple computer programs and I was sold on the idea of machines doing boring work for me rather than having to do it myself. In the early 00’s while in high school I started getting into topics such as reverse engineering and OS design which lead to writing key generators and cracking software protection. During this period I learned that if people said something can’t be done it’s usually because more effort is required rather than something being impossible (try harder, haha).”

No matter how many times you fail, keep trying. One day, when you get it right, you’ll look back and be glad you didn’t give up.

“Later on, when I was in college I was lucky to land a student job for a company that was looking at building new project using embedded Linux appliances. This was in a time before popular single board computers such as the Raspberry Pi, which meant support and tooling for platforms other than Intel was pretty fragmented. I had to learn a lot of low level things even though I had been using Linux and compiling kernels for 10 years by then. With all this background knowledge I started to find increasing numbers of vulnerabilities in devices and software throughout the years.”

How long have you been hunting?

“I have been doing research and writing exploits on and off for about 15 years now. It was only after I started hunting for bugs on Bugcrowd in 2019 that I have adopted a more professional stance and started to plan time to work on certain projects taking into account the returns on my time invested.”

How have bug bounties impacted your life?

“Bounties have certainly impacted my life! While the housing market was quite tough at the time, I was able to buy a nice house with a greatly reduced mortgage because of money I made off bug hunting. It was quite interesting having to explain mortgage agents and notarial staff that no money was being laundered haha.”

No money laundering around here, just saving the world!

Are you a part-time or full-time hacker? How much time do you spend hacking each week?

“On average I spend around 10 hours a week hacking. I choose to work part-time to make sure it stays something I enjoy rather than becoming a chore :)”

Thinking about becoming a full-time hacker? Check out Codingo’s blog here, which outlines a list of important pros and cons to consider if you want to turn bug bounties into a living.

What has been your biggest challenge while hacking and how did you overcome it?

“On top of time management it’s certainly hard to keep focus if there is a period where I don’t find anything for a while. It is also quite frustrating to be stuck on something where you have a hunch it can be exploited but haven’t found the to do that way yet. By now I have learned when to park a problem and have another crack at it after I’ve had more time to think about it.”

We might need your tips on how to know when it’s time for a break or to keep hunting.

Do you have any favorite tools or resources to learn? What are they?

“I have found there are not a lot of tools required for the way I work. For reverse engineering I tend to stick to software like Ghidra, jd-gui and good old `grep` :). In the end I figure that if something can be found with a tool somebody will have found it by now so I prefer the manual approach. Apart from tools I have found documentation on (standard) libraries to be invaluable when working out how an application works, I think I have yet to find a project where I didn’t consult the trusty old `man` pages. To sharpen my skills I usually just download random software from the internet to analyze and attack, somehow I feel a bigger sense of achievement breaking something nobody broke before rather than training on labs where so many people have been before. Gettings some CVEs in reward is a nice bonus ;)”

Do you have any advice for new hackers or people transitioning into bug bounty?

“Find your niche, if you do the same as all other hackers you’ll end up with a lot of frustration from duplicate reports. Also make sure to understand things as low level as you feel comfortable with and then go a little bit deeper, because understanding how something works helps in finding ways around common fixes. There have been many times where I was able to bypass fixes just because developers didn’t know obscure details of software involved. Don’t be afraid to invest time in a new skill that might not pay out directly, for instance why not make it a personal goal to learn regular expressions before the end of the year?”

“Never let other people tell you what to learn, if you have a hunch something might be useful why not spend (a reasonable amount of) time on it! Recently I have noticed an increasing number of online classes about bug bounty hunting. I would avoid replicating something other people do and instead focus on your own research, as the industry gets more mature you’ll need to stand out from the crowd if you want to be one of the top players in the field.”

What’s an important lesson that you wish you learned early on in your hacking career?

“I learned the hard way that vendors might not always be as happy about your responsible disclosures. Especially before I started hunting on Bugcrowd I sometimes felt let down by vendor responses (or even the lack thereof). Managing my own expectations is one of the most important lessons I have learned from bug hunting. In my experience Bugcrowd is pretty good at standing up for researches and this alleviates headaches from dealing with vendors. On the other hand, the world is not just black and white so try to understand any criticism you receive and be sure to accept a good counter argument after considering it objectively.”

How do you avoid burnout? How do you take care of yourself and your mental health?

“It certainly comes down to planning, I try to plan my projects to keep enough downtime in between to give my brain some time to breathe. Learning when to take a break and when to stop are the most important things to keep motivated and avoid burnout. I live in a rural area so I definitely make sure to spend enough time outside in nature with my family and to get some exercise to keep fit. Any stressful day can be rescued with a nice bike ride along the seaside!”

Where do you see your journey going from here? What are some goals you have for this year?

“I am always trying to challenge myself to force personal growth and this year will be no exception. I feel I have to work on my reverse engineering skill for software written in Go, it is something I have been putting off way too long! Apart from that I would love to get more experience in serverless computing and find some nice fat bugs there.”

“With the pandemic somewhat died down I also hope to find the time to attend more in-person events, the Las Vegas Bug Bash last year was great fun and gave me a taste for more after doing everything remotely the last years.”

Why do you hunt with Bugcrowd?

“I feel really in tune with the Bugcrowd staff and customers. Over the years it has been great to deal with mostly the same people and I especially enjoy doing follow-up testing on private programs. I especially appreciate the way Bugcrowd is always trying to enable my personal growth by working on great (private) programs where I can learn something new while at the same time applying my existing knowledge to earn a bit of cash at the same time.”

Tell us what you do for a living or your career aspirations.

“I have a day job at an internet service provider where am part of a team responsible for overall security of the organisation. While it is not as technical as the projects I do for Bugcrowd, I really like the dynamics of working with people from all over the organization to increase our security level. In the end corporate security is actually so much more about humans and their behaviour than it is about implementing technical solutions. Taking somebody through their workflow and finding ways to do this in a safe way that is still productive is a challenge that never gets tired.”

What does your life look like outside of hacking?

“I have a lovely family with two small kids, so family time really helps me to relax. Nothing better to get my mind off computers than seeing them grow up and explore the world. My other hobbies include reading (I consider the e-reader I bought back in 2012 to be the best purchase in my life), walking, cycling and cooking (my partner is a vegetarian so I have learned how to cook great vegetarian meals that she and I both can enjoy!). I am also part of group with regular game nights where we play role playing games such as Call of Cthulhu using an online boardgame platform while we chat about nonsense on Discord.”

Who is your hero?

“I don’t really have a hero per se but I do like to take to heart the advice Raymond Chen gave back in 2006 in his blog post “It rather involved being on the other side of this airtight hatchway” (https://devblogs.microsoft.com/oldnewthing/20060508-22/?p=31283) when I assess the impact of security issue. He also has some greatly detailed articles about computer architectures, if you like low level and obscure stuff you should certainly check it out!”

Tell us a fun fact about yourself!

“Once while travelling in China, I ended up giving an impromptu masterclass on how to make pizza to staff and customers at a Chinese supermarket. It was a pretty surreal setting with people getting ingredients from the store shelves and some even going out on motorbikes to look elsewhere for stuff they didn’t have in this shop. In the end they brought out an oven into the middle of the store where we baked some pizzas and before sharing them with the audience.”

Our next LevelUpX is going to feature Erik on how to make pizza. We’re kidding (maybe ).

Want to stay caught up with all things Bugcrowd? Follow us on Twitter and Instagram and don’t forget to join us on Discord! Are you ready to join the hunt? Sign up for a researcher account today and start your hacking journey!

The post Researcher Spotlight: Erik de Jong appeared first on Bugcrowd.

How did you get into the Cybersecurity space?

“Almost 10 years ago now, but I kinda discovered it by accident. I found a bug in a Google product, and was rewarded with a bounty. From that point on, I was hooked!”

We’re very glad you found that first bug which led you here.

What and/or who first sparked your interest in hacking?

“My parents got a used Commodore 64 computer for our family when I was younger, and that required a bit of coding knowledge to play games. A few years after that, we got a 486, and I discovered Visual Basic. I started making my own programs and games, and I guess I never really stopped :)”

Who wants to play the games Eric created? We know we do!

How long have you been hunting?

“Since 2014/2015”

How have bug bounties impacted your life?

“I do this full time, so it’s allowed me to provide for my family. While I have been able to spend money on some fun things, the best thing that bug bounties have afforded me is the time to spend with my family and friends. It’s hard to put a price on that! :)”

You’re right, time spent with family and friends is always time spent well.

Are you a part-time or full-time hacker? How much time do you spend hacking each week?

“Full time! I spend more time that I’d like to on hacking each week – it’s just so addictive But, I do try to force myself away to enjoy time with friends and family.”

A career and a passion all in one? Goals.

What has been your biggest challenge while hacking?

“Burnout is tough, since there is ALWAYS something happening. If you step away, someone else might step up. Besides burnout, I have unfortunately encountered some shady individuals that have tried to take advantage of myself and others. It’s frustrating to see your research being presented by another individual as their own, and being rewarded for doing so.”

We’re sorry to hear about this unfortunate event, as no one’s work should EVER be stolen. We’re all inspired by you for continuing on your own hacking journey. Keep going!

Do you have any favorite tools or resources to learn?

“I’ve learned so much from other researchers in the community. The community itself is an amazing resource. If someone is eager to teach how they do things, I’d always recommend sitting down and listening to what they have to say :)”

Do you have any advice for new hackers or people transitioning into bug bounty?

“Be weary if you’re planning on doing this full-time from the beginning. It can be very challenging to be counting on a bounty to pay your bills, especially when the bounty isn’t what you expected, or doesn’t get paid at all. Look towards what are a good fit for you, your interest opportunity or necessity. What a natural interest you have this is fun to you, a path you can follow and have a deeper understanding and apply to bug bounty. Opportunities that you are learning or plan to learn something new that you can apply to your research. And for necessity, are you being forced to learn something for school / work how can you find the benefit in those situations to apply whats learned towards bug bounties.”

Don’t wait for opportunities to come to you, create opportunities for yourself.

What’s an important lesson that you wish you learned early on in your hacking career?

“Just because you find a valid bug, doesn’t mean that it’ll turn into money. More often than not, the end result will be no bounty. Don’t let that discourage you though – try to look where few have looked before, or try to look for something that not many others are looking for.”

How do you avoid burnout and take care of your mental health?

“The first step to avoid burnout is to acknowledge that it’s real, and that you aren’t the special case that isn’t affected! For me, I have to force myself to step away from the screens. I have programs written to lock down what I’m working on at predetermined intervals, to ensure I take the breaks I should. On top of that, I’m a big proponent of meditation and mindfulness.” 

Deep breath in, deep breath out.

Where do you see your journey going from here? What are some goals you have for this year?

“Every day, I see significant vulnerabilities patched, and new vulnerabilities pop up and get exploited for evil. The work that I do helps to limit how badly things can be exploited, while at the same time providing for my family. I kinda see myself doing this for the foreseeable future, or until there are no more vulnerabilities on the internet :)”

Talk about a win-win!

Why do you hunt with Bugcrowd?

“The Bugcrowd team is a big reason why I hunt with Bugcrowd. Early on in my career, I made some real connections with the staff, and that meant a lot to me. I’ve had some great bounties from Bugcrowd, but it’s the people there that keep me coming back more than anything else.”

What does your life look like outside of hacking?

“I’m lucky to have both 7 and 4 year old daughters who provide wonderful special times together.  Myself and my partner enjoy seek adventures of life seeing new places and people, enjoying games, and being in nature :)”

Who is your hero?

“Anyone who is willing to put in the effort to be a better person, or share kindness to anyone in anyway that leaves them and our world in a better place :)”

Spread kindness.

Tell us a fun fact about yourself!

“For a few years, I worked at an amusement park during their Halloween season as one of the actors that scares people. Here’s a video! https://youtu.be/zWT1sPLaF1o”

Watch the video. We promise it will make your day better.

We’re all ready to take on 2023 now, thanks to TodayIsNew. If you’re a bug bounty hunter and ever feel stuck or discouraged, remember to trust the process. You’ve got an entire community cheering for you, including us!

Want to stay caught up with all things Bugcrowd? Follow us on Twitter and Instagram and don’t forget to join us on Discord! Are you ready to join the hunt? Sign up for a researcher account today and start hacking!

The post Researcher Spotlight: TodayIsNew appeared first on Bugcrowd.

What and/or who first sparked your interest in hacking?

“I learned about hacking when I was in high school. I wondered what hacking is. Then I spent more time learning about hacking. 10 years ago as far as I know, was also the time when the Bugcrowd platform was born. I accumulate experience and knowledge every day and create for myself excitement, passion, curiosity, and conquering difficult hacking target.”

How long have you been hunting?

“I’ve been into hacking for about 8 years, however, I started bug bounty hunting in the last year of 2019 in earnest when I graduated college. I have more time to study and learn. Although I knew and created an account on the bug bounty platform, I didn’t join and hunt before that. I wish I started bug bounty hunting sooner. When I was a student, I hacked really because of passion and to learn and practice skills.”

It’s never too late. Way to go for it!

How did you get into the Cybersecurity space?

“My road to cybersecurity started with CTF competitions when I was a student. I participate and form a team to participate in CTF online and inter-university competitions for information security training every year. I learn from the experience of the brothers who went before me. Then I entered the internship at my company now and started the training process, diving into the job of Cybersecurity.”

Taking on new challenges is how we grow. Don’t let the fear of the unknown stop you from trying.

How have bug bounties impacted your life? Any favorite purchases? Paying off bills? Or, saving for the future?

“Truly bug bounty changed my life. Being persistent, and participating in bug bounty platforms and programs has given me a significant source of income to help support my family. I was able to pay off my parents’ debt, buy a house, buy a car for my family, and have investments and savings. The most special thing that bug bounty gives me is really quality community relationships. I got to know many famous hackers, bug bounty hunters in the world and many top hackers on the platforms. I became more known in the community and built my name. Collaborating on bug bounty is really cool and brings great value to us. I learned how other hackers hunt, know each person’s special skills and share about their food.”

This is amazing. Hard work always pays off. And, to see you continuously give to those around you is an inspiration.

Are you a part-time or full-time hacker? How much time do you spend hacking each week?

“Currently, I am earning bug bounty part time. My main job is still Red Team for my company. But with this job, I have more time and access to many technologies, commercial products, and techniques that bypass WAF. It helps me to recognize the technologies and products that companies and organizations often use in the world. When playing bug bounty I focus on recon and fuzzing the target’s assets.”

What has been your biggest challenge while hacking? How did you overcome it?

“For me, the hardest thing about bug bounty hunting is staying focused and persistent in not giving up on the target you choose. There are thousands of programs from companies and organizations across bug bounty platforms. And choosing a good program to focus on hunting is important. Participating in the hunt for too many programs will lead to distraction and not going deep into the infrastructure and learning the functionality of the applications of those programs. I have encountered this situation and hit a dead end when not getting good results. Choosing a target to hack is already hard, keep hacking on that target is even harder. Because there are not always security vulnerabilities in sight. It needs perseverance, and always keeping an eye on your target for any changes. Unless you can do automation and continuous monitoring.

When I am stuck with these difficulties, I look to friends and colleagues to share and receive advice. Sometimes I take a break to regain my energy. Therefore, keeping positive energy is also very important to have a high concentration, and a comfortable mind when hunting. Sometimes it’s a bit of luck.”

We’re sending positive vibes to you and every hacker reading this. You got this!

Any favorite tools or resources?

“I use Burpsuite as my main tool for pentest. Don’t rely too much on automated scanning tools, they can be useful on a case-by-case basis, but most will yield false positives and duplicates. Or for targets with strong WAF, using automatic scanning tools will get you blocked. I focus mainly on recon and manual testing. In addition, updating information about new vulnerabilities such as 1day, 0day is also very useful. If those vulnerabilities affect large numbers and are critical, I try to do research to reproduce these vulnerabilities as quickly as possible and do mass scans on the targets I have. Updating news, blogs from other researchers also gives you a lot of new knowledge. I highly recommend following these people on twitter: @samwcyo, @Rhynorater, @Jhaddix, @fransrosen, @albinowax, @steventseeley, @rootxharsh, @infosec_au, @GodfatherOrwa, @NahamSec who have contributed and shared a lot of technical exploit knowledge, bug bounty hunting method.”

Do you have any advice for new hackers or people transitioning into bug bounty?

“3 years ago I am also a newbie to bug bounty, I started researching unique vulnerabilities that are not published on internet, playing VDP bots to earn first points. From there you may receive invitations to some private programs. Focus on high-level and critical vulnerabilities, not on low-hanging fruit stuff. Because if you do things that many other people can do, like scan existing nuclei, you will have a very high duplicate rate or low impact vulnerabilities. Choose for yourself the best programs that respond quickly, pay quickly, and are fair to researchers. It is important that you keep your passion, active hunting bug bounty and try to interact with people in the bug bounty community more, create a good network and collaborate together. Always read the rules when hunting on the programs and keep the ethics of a professional hacker. What makes the difference between hackers comes from their hacking mindset. Everyone has a different mindset. You need to train a mindset about hacking, and think out of box when hunting.”

That’s some excellent advice right there.

What’s an important lesson that you wish you learned early on in your hacking career?

“Learn to automate, monitor the assets of your goals, and program your own tools. I have seen many successful people with automation who are top hackers on bug bounty platforms with auto subdomain takeover techniques, monitoring and very fast warning when a misconfig vulnerability appears over time or There are new domains created and changed. I think the inevitable trend of bug bounty is to automate things easily and quickly at scale. If you do this well you will have a passive source of money without much effort from bug bounty.”

How do you avoid burnout? How do you take care of yourself and your mental health?

“I and other hackers experienced this burnout when for a while there was no new report on the platform. That really stresses me out playing bug bounty. I consider myself a person who doesn’t take good care of myself when my lifestyle is not in moderation, I often have to stay up at night due to the difference in time zones. I often joke with my friends in the bug bounty community that when I wake up you go to sleep and when I go to sleep you wake up. Because most of the new private program invitations on Bugcrowd usually open between 18-19h UTC which corresponds to 1-2am in my time zone. There are nights when I sit up waiting for the program to open and hunt but it does not bring good results. At that time I really wanted to close the computer and go to sleep. Or there was a good program I had to stay up until morning trying to find the most bugs. Because with bug bounty you have to be the fastest or really good to compete with other hackers. Now I don’t stay up as much at night as I did when I first started playing and have a good source of bug bounty income, maintain a steady state so I don’t have a lot of burnout. I strongly advise bug bounty players to take care of their health. Health is the most important thing. If you suffer from burnout try to find something to entertain yourself, stop hunting and take a break like watching movies, traveling, jogging, or talking with friends.”

We agree. Take care of your health and your health will take care of you.

Where do you see your journey going from here? What are some goals you have for this year?

“Bug bounty is really a long and wonderful journey for me. I’ve had 3 years of ups and downs with bug bounty. Especially this year is a memorable and successful year for me. I got Live Hacking event invites from 2 big bug bounty platforms. There is a regret that I cannot attend these events in person to meet and interact with international friends and hack with them. I also gained more popularity and found myself great collaborators, and quality bug bounty programs from big companies that I was very excited to hunt. For me those are the goals I achieved with this year’s bug bounty. I was able to buy a house early and a car early with my bug bounty earnings, helping my family, my friends something I didn’t think I could do so soon when I first started playing bug bounty.”

Why do you hunt with Bugcrowd?

“Bugcrowd is my favorite platform and spends most of my time hunting on corporate programs. I like the triage team with people who really leave an impression and respect like Tal, Timmy, Codingo and Vortex. I like the responsiveness, fast support for critical P1 vulnerabilities and quick interaction of the platform with customers, respect, fairness between the platform for professional hackers. In addition, I also spend time on some of my favorite programs on other platform for large-scale searchable vulnerabilities with more scope of targets like other hackers to help maximize the income from bug bounty.”

Go Triage team!

What does your life look like outside of hacking?

“I don’t have many friends outside, most of them are colleagues in the cybersecurity industry. I just got married a few weeks ago and it’s a new life for me. I need to spend more time with my family. Sometimes I play games, watch movies and travel for more life experiences.”

Who is your hero?

“There are so many good people in the cybersecurity industry that I really admire their talent like my colleagues. But for me, the person who gives me the motivation to try to do a good job is my mother. My mother is a real hero in my eyes. My mother worked hard to raise me and send me to school like any other child. When I have difficulties, I often confide in my mother to explain and listen to her advice. She teach me to do the right thing. My mother is my spiritual support. I want to say that I love my mother very much.”

Shoutout to your mother.

Feeling inspired? Us, too! Thanks, anhnt1337, for sharing everything about your journey from being on Red Team and hacking with Bugcrowd to your life outside of work! Keep up the good work out there. 

Want to stay caught up with all things Bugcrowd? Follow us on Twitter and Instagram and don’t forget to join us on Discord! Are you ready to join the hunt? Sign up for a researcher account today and start hacking!

The post Researcher Spotlight: anhnt1337 appeared first on Bugcrowd.

Nowadays, Nagli has started his own Application Security B2B startup named shockwave.cloud, which is on its early stages. The company is based on Nagli’s automation and methodology he’s been researching throughout his bug bounty journey. Keep reading to stay inspired!

What sparked your interest in hacking?

“I was always interested and curious about the Hacking world, especially with Application Security and bug bounties because it doesn’t require any prerequisites to pick up a target and to start digging in to find vulnerabilities. It feels a little like ‘Super Powers’ to find critical severity with massive business impact on major corporations.”

Hackers = Superheroes of the internet

How did you get into Cybersecurity? How long have you been hunting?

“I tried to study on and off in my childhood but wasn’t consistent. Since moving to my final role in the military I started picking up things more seriously starting with an Open Source course at Stanford University named CS253 – Web security, it’s pretty technical but I liked going over the slides and 20 hours of videos as first glimpses to Application Security. I’ve been actively hunting for ~2.5 years now.”

Improving your skills is always important if you want to become a more technical hacker. Follow in Nagli’s footsteps and start learning.  

How have bug bounties impacted your life?

“I didn’t expect the bug bounty side gig to explode as it did. My automation has picked up pace, especially after the Log4J vulnerability craze, which helped me score some nice bounties. Mostly now I don’t worry financially because I save all my bug bounty earnings and live based on my full time job paychecks. Also, the opportunity to travel the world and meet new friends globally is fantastic – in only 2022 I flew to 7 different bug bounty competitions across multiple continents – Dubai, Paris, Denver, Austin, Vegas, Singapore, Barcelona.”

Benefits of hacking: fulfilling a passion, making money, securing gaps, traveling to new places, and meeting new friends! What are you waiting for?!

Are you a part-time or a full-time hacker? How much time do you spend hacking?

“I still consider myself part-time, although its pretty much over my head every hour in the day checking my Slack notifications for any new vulnerabilities that my automation has picked up – It’s also a big hobby for me so I spend quite some time everyday hacking.”

The best part of hacking is when you get to consider it a hobby and a job.  

What has been your biggest challenge while hacking? How did you overcome it?

“After doing pretty well in a certain month or quarter and seeing the leaderboards all square up to the starting point, it can be stressful and challenging to keep the same pace and consistency of finding bugs. When you have some “dry” periods it can be mentally challenging. However, it’s good to keep yourself distracted on other activities such as gym, hanging out with friends, Fifa, Netflix and to remember that the whole ‘Gamification’ of bug bounties are just arbitrary numbers.”

We’ll see you in a Fifa match soon, Nagli. But, better watch out! Our defense is the best.

Do you have any favorite tools or resources to learn? Why?

“Twitter feed all day long. I can spend hours just scrolling down the feeds checking for new techniques and keeping up with the latest additions in the Bug Bounty space.”

There are some excellent tips on Twitter, but remember to scroll with control.  

Do you have any advice for new hackers or people transitioning into bug bounty?

“Pick up practical Udemy courses from instructors who have rich experience in bug bounty, who actually find bugs, and who are doing well themselves. Focus on a small set of bugs and try to execute it across many programs. Read write-ups and document everything online by typing (without copy pasting).”

What’s an important lesson that you wish you learned early on in your hacking career?

“Always remember to surround yourself with like-minded people who share the same values as you. If you feel some friendships start to become toxic or money driven, it’s probably better to let it go nicely rather than clinging into it.”

Read that again ^

How do you avoid burnout? How do you take care of yourself and your mental health?

“As I said earlier, mainly distractions which does not involve me sitting in front of my computer : )”

Where do you see your journey going from here? What are some goals you have for this next year?

“Hopefully I’d love to continue with my consistency in finding impactful bugs and helping other companies close their security gaps, whether with my latest startup product offering or just occasionally through the platforms. Also, I hope to keep the same relationships I’ve created this last year with many people across the industry, whether if it’s doing collaborations together, meeting up at Live Hacking Events, or just by chatting few times a week in Slack.”

You’ve done some amazing things already and we’re excited to see where you go next! Slack is also a good place to share your milestones, connect with others, and share educational resources.

Why do you hunt with Bugcrowd?

“Bugcrowd staff is very open to feedback and researcher friendly. The standout things for me when I hunt on Bugcrowd without a doubt is the excellent formula for triaging P1 issues in matter of minutes, 1 day maximum, and the “Make it right fund” which came in clutch for me in few occasions and is very appreciated.”

What does your life look like outside of hacking?

“I like to travel the world, big fan of Arsenal in the premier league (going to couple of games every year) and hanging out with friends playing video games. Also, since March I’ve started hitting the gym 4 times a week which became a routine for me, good for distraction and healthy lifestyle : )”

Who is your hero?

“I don’t know if to call it a ‘hero’, but I really admire Justin (Rhynorater) consistent work into finding bugs, he is one of the smartest hackers I’ve met and collaborated with – very consistent with his Live Hacking Events performances under high pressure, mostly for the fact that his bugs vary between Web, API, Mobile, IOT, Hardware and his openness into chatting and collaborations!”

Keep inspiring other hackers, Rhynorater! Thank you, Nagli, for sharing your bug bounty journey and tips with all of us. We look forward to watching your startup business excel and know we’ll be cheering you on every step of the way! 

Want to stay caught up with all things Bugcrowd? Follow us on Twitter and Instagram and don’t forget to join us on Discord! Are you ready to join the hunt? Sign up for a researcher account today and start hacking!

The post Researcher Spotlight: Nagli appeared first on Bugcrowd.

What sparked your interest in hacking?

I believe my interest in hacking came from the curiosity to break things and figuring out what the mechanics are behind them.

Stay curious, folks.

How long have you been hunting?

I have been into hacking for about 8 years, however started taking bug bounties seriously in mid-2019, I believe.

Do you hack part-time or full-time?

I have been hacking full-time for over two years. It varies, but usually 15-25/hrs each week.

Why do you hunt with Bugcrowd?

Bugcrowd’s triage team has been great to work with so far, as you usually get triages within a few minutes to a few hours of sending a submission. Furthermore, there’s the make-it-right fund to insure your bounties are paid correctly in case a program owner doesn’t respond. The teams, the caring support, and the researcher success team.

Making us blush over here.

What has been your biggest challenge while hacking? How did you overcome it?

Last year, a number of my private researches were used by program owners for their own benefits. Bugcrowd was quick to identify the issue and block the leak, even though it didn’t happen on on their platform. I have learned to report only to trusted programs and share the exploit codes and information on a need-to-know basis.

We got your back, Hx01!

What are your favorite tools or resources?

Nothing fancy, I mostly use chrome dev tools, burp, a few chrome extensions, and python scripts I created.

See Your tools don’t have to be crazy. Find some of your favorites and gain a solid understanding of how to utilize them.

What’s an important lesson that you wish you learned early on in your hacking career?

It’s important to set work-life balance, otherwise it may affect your mental health in the long run.

We agree. Try not to sacrifice your mental health for hacking.

How do you avoid burnout while hacking?

I usually take breaks when I feel like I might burn out and don’t go back to hacking until my gut feeling says so.

100%. Always trust your gut.

Where do you see your hacking journey going from here?

I have no idea. Honestly, I’m going with the flow and investing time on technologies that I find interesting.

Sounds like it’s been working for you so far. Keep up the outstanding work!

Do you have any advice for new hackers or people transitioning into bug bounty?

Invest time on coming up with your own methodology instead of chasing for bug bounty one-liners, as the results are usually duplicates and disappointments. The income from bug bounties lacks stability, so in case you have people who depend on you, I’d suggest not going full-time or leaving your job until you have enough savings that can last up to the first 6-8 months. There’s lots of unknown vulnerabilities and attack vectors to be found, which no one has ever thought of. ‘The world is your oyster’.

Invest time in yourself, trust yourself.

Thank you, Hx01, for sharing your bug bounty journey with us. The world is truly your oyster, so go after it and #OuthackThemAll.

Want to stay caught up with all things Bugcrowd? Follow us on Twitter and Instagram and don’t forget to join us on Discord! Are you ready to join the hunt? Sign up for a researcher account today and start hacking!

The post Researcher Spotlight: Hx01 appeared first on Bugcrowd.

Tell us what you do for a living!

“I try to hack things and, when successful, I get paid for it. Sometimes that works, often it doesn’t…but, failure is part of the process, right? I also enjoy writing security-related tools, and have a few public ones on my GitHub profile.”

There’s no success without failure. 

What sparked your interest in hacking?

“I have always been fascinated by computers and software in general. When I was younger I wanted to become a developer, but over time I realized I was more attracted by the security implications of writing code in certain ways. From there, hacking software made by some of the largest companies in the world felt like a great challenge, so I did just that.”

Way to step up to the challenge!

How did you get into Cybersecurity? How long have you been hunting?

“I got seriously into cybersecurity when I realized bug bounty platforms were a thing, around 3 years ago: I wish I had started earlier! It felt great to figure out I could make money doing the things I loved.”

It’s never too late to start. If you’re thinking about getting into Bug Bounty, go for it! 

How have bug bounties impacted your life?

“Quite frankly, bug bounties made my life a lot better on multiple levels. The most important thing is that they allowed me to get in touch and collaborate with many of the best hackers in the world. This was (and it still is!) a great opportunity to make new friends and learn new things, some of which you can’t just grasp by reading books or blog posts.”

Making us emotional over here.

Are you a part-time or full-time hacker? How much time do you spend hacking?

“I’m a full-time hacker thus I spend most of my work time hacking. However, “hacking” doesn’t only mean directly attacking a target. It also means reading books, learning new things, writing code, and even randomly chatting with other hunters on Slack. Doing many different things helps not to get bored, and in this field, there are many options available!”

What has been your biggest challenge while hacking? How did you overcome it?

“There are many tough challenges to overcome when doing bug bounties, but one of the hardest ones for me is staying focused. That’s easy when you have a super cool bug you’re working on, but it becomes harder when it has been a while since the last time you had found something interesting. When that happens, I try to hack something else or, if needed, take a small break and come back at it later.”

See… Breaks are important. Make sure you give yourself time to rest and recharge. 

Do you have any favorite tools or resources to learn? Why?

“I really like uncommon bugs. Bugs that you know the other side (triage) will enjoy reading and likely won’t be duplicates. Weird edge cases that nobody had deeply studied before. Any resource from people like James Kettle (@albinowax) or Frans Rosen is good material on that front.”

Save these #BugBountyTips.

Do you have any advice for new hackers or people transitioning into bug bounty?

“Read a lot, be curious, and don’t forget to network with the right people! Also, when making the jump, don’t expect to make money from day one (or month one). Always have a backup plan during the transition.”

What’s an important lesson that you wish you learned early on in your hacking career?

“Quick dirty scripts can sometimes work just as well as well-written software. And often, that means saving a lot of time, which is a scarce resource. This has been difficult to accept but it’s one of these things that separates software engineering from bug bounty hunting: breaking stuff doesn’t have to be elegant!”

How do you avoid burnout? How do you take care of yourself and your mental health?

“Thankfully, I’m not one of those people that regularly suffer from burnout: in fact, I don’t think I can say I ever experienced a serious one. However, as I said before, I do lose focus and interest in hacking from time to time. I think the best way to overcome these challenges is to leverage the freedom that bug bounties give us and take breaks when needed: this is why it’s crucial to have some spare money to make that possible.”

Where do you see your journey going from here? What are some goals you have for this year?

“Finding more bugs is always the goal, but more specifically, I want to focus on my automation so that it can find unique behaviors that normal scanners miss. Time will tell if that works or not!”

Why do you hunt with Bugcrowd?

“Like most full-time hackers, I hunt on all major bug bounties platforms as a way to maximize the scope I’m legally allowed to hack. However, Bugcrowd is certainly the platform I enjoy most and where things go very smoothly most of the time. I love the crazy fast triage times for critical bugs, all the good things Bugcrowd does for researchers, and interacting with the people working there.”

We feel the same about you, sw33tLie, you’re awesome! 

What does your life look like outside of hacking (family/hobbies)?

“I’m 21 and, apart from spending too many hours in front of a computer, I am not very different from my peers. In my free time, I enjoy playing the piano and hanging out with friends. Life outside hacking can often be interesting, especially when you get asked what you do for a living. Career advice: it seems there are many people out there that would love to hack somebody else’s Instagram account. Instead of the word “hacker”, use “security engineer”…it will help!”

Who is your hero? (hacking and/or life)

“Hero is a big word, but if there’s a person I truly admire in the field it has to be Guillermo Gregorio (@bsysop). I collaborate with him most of the time because it just works well for us, and trust my words, he’s crazy, in a good way. I sometimes ping him at the weirdest times, and he always replies quickly: I’m not sure if he even sleeps! bsysop always has your back. He truly is a good vibes guy and I’m sure everyone in the community agrees on this. Super recommended, but please, don’t steal my collab buddy too much! I feel I will regret these words…”

Bsysop, if you’re reading this, we also think you’re pretty cool. We love to see all of you researchers collaborating, as it will always improve your skills and possibly create long-lasting friendships.

Want to stay caught up with all things Bugcrowd? Follow our Twitter and join our Discord! Ready to join sw33tLie as a bug hunter? Sign up for a researcher account today and start hacking!

The post Researcher Spotlight: Paolo Arnolfo (sw33tLie) appeared first on Bugcrowd.

Tell us about yourself! What do you like to do when you’re not hacking? 

“In one word I’m an “enthusiast”. I’m always curious to explore anything which has an artistic approach towards it. Currently, I’m in my 20s, recently dropped my 9-5 job involvement and opted the mode of full time ethical hacking for my survival. I’m glad I took this decision at the right time because the art of ethical hacking is all about being creative and an explorer, something that I always wanted to pursue. Apart from it, I love exploring nature and wildlife, I’m a painter, a former rap artist. In sports I love martial arts and a special interest towards meditation, spirituality and yoga.”

What do you do for a living?

“I’m a Computer Science Engineering graduate. After my graduation I had my first job as an “Information Security Auditor” where I had the opportunity to perform pentesting and security audits for the government. My second role was in a healthcare organization as “Sr. Cyber Security Analyst” where I carried out the pentesting and assessments for networks, applications and healthcare devices. After dedicating approximately 3.5 years in my job roles, now I’m working as a full time bug hunter.” 

Full-time bug hunter and full-time learner! Wow! 

When did you first discover the internet?

“My father was a military personnel and during my earlier schooling times I remember we used to have a cyber cafe in the cantonment area meant for the dependents of defense personnels. There I first time accessed the internet. I was so much fascinated with the fact that whatever I was asking, the Yahoo searches were bringing me with the relevant data accordingly. I remember making a lot of searches about “Dinosaurs” since I was so much fascinated about them. Thanks to the movies such as “Jurassic Park” which made me extremely curious about Paleontology.”

We love Jurassic Park, too. “It’s a UNIX system! I know this!”

What area of ethical hacking or cybersecurity is most interesting to you?

“Though I’m personally more into Web Application hacking, I’m passionate about all the aspects of “Cyber Security”. Whether from social engineering to car hacking, I’m always curious to learn more of it. I believe that hacking is not a subject in itself, but it is just about the way you deliver your creativity and exploration to break into something based upon your understanding of how the given technology is built or developed.”

“Your understanding of technology is the “subject” and the additional creativity you employed is the “ethical hacking”. Since technology will always be enhanced and applications will always be developed, so there won’t be any boundaries to ethical hacking and so this can never be referred to as a particular “subject”.” 

How has your experience as an ethical hacker evolved over the last year?

“Since the last one year, I learned a lot about many new web attack vectors. I watched many presentations from the major conferences such as BlackHat USA and Defcon. I went through many research papers. Since the last one year, the learning and the achievements I’ve gained by being a full time bug hunter is far more than all those years combined when I was serving my job responsibilities and was only able to contribute to the bug hunt in my part time.”

Anything is possible, especially if you’re Ankit!

Do you have any advice for new hackers or people transitioning into bug bounty?

“As I said earlier, that hacking is not a subject in itself but understanding the technology really is. So for the newcomers the suggestion I usually give is that prior to directly trying to hack stuff, first understand the technology, understand how the protocol operates and it’s different standards, get a hold on application development and scripting languages, start from today. The more you understand how something is built the easier you will be able to break through it. Second, the best platform to learn is to make a habit of going through the publicly disclosed bug reports. That way you will learn the practical approach of implementing an attack in the real world.”

We will stick to writing blogs, but for all of you new-comer hackers, learn everything you can about technology first.

Do you recall a specific ‘aha’ moment in your personal journey as an ethical hacker?

“Well there been a lot of ‘aha’ moments in my journey. Especially when I find a severe server side bug, and you get lost in that specific moment where you’re able to feel that adrenaline rush and a tsunami of thrill. Such moments cannot be expressed merely in words.”

Why do you hunt with Bugcrowd?

“I’ve been hunting on Bugcrowd since a long time. And through all these years, the one quality I observed in the overall proceedings of Bugcrowd is about the sense of cooperation and supportive attitude that their team possess towards the crowd. Now whether it’s about a support ticket or triage processes. “Cooperation” from the platform was one of the major reasons that even as a full time bug hunter, I invest a major part of my time bug hunting for the programs available on the “Bugcrowd”. I believe Bugcrowd triage team is the most cooperative triage team to work with among any bug bounty platforms out there.”

What piece of advice do you wish someone would have given you sooner in life?

“Ah, well this question speaks up my heart because on a couple of occasions in my life I realized to myself, that if someone would have told me about the bug hunting platforms in my earlier stages of graduation then I guess things would have been somewhat different. Because I remember my college days when I was dedicating a major time on learning and tweaking with the security of things being unaware that some platforms out there would actually help me earn money and build a career for doing the same thing. I came to know about it after I graduated and joined my first cyber security firm. Otherwise I’d have taken the decision to go solo full time even earlier.”

Who is your hero?

“My Mom has always been the best role model I can look up to. If I could have ever learned the meaning of the word “sacrifice” then it wouldn’t have been possible without her. From looking after my school uniform to till date facilitating each and every thing and making sure that I get the best of the environment, delicious food and support to have my hacking or professional stuff done. She’s the one who always got my back and because of whom I’m assured that “everything gon’ be alright” no matter what.”

Tell us a fun fact about yourself!

“If not a hacker, then I would have been a paleontologist for sure! You know, digging them dinosaurs from the crust of your backyard. :)”

You know what they say, curiosity makes a great hacker.   

Want to stay caught up with all things Bugcrowd? Follow our Twitter and join our Discord! Ready to join Ankit as a bug hunter? Sign up for a researcher account today and start hacking!

The post Researcher Spotlight: Ankit Singh appeared first on Bugcrowd.