Hi Everyone, My name is Mohammad Saqlain (Aka mrroot ) from India and I have been doing bug bounty since 2020. Prior to that, I was interested in Pentesting. Due to this pandemic I lost my job and then I came across Zseano talk the first ever live hacker mentoring with zseano (https://youtu.be/-6tv1kvBZDQ). This talk sparked a lot of interest in me, and since then I have started my bug hunting journey and continued to read, learn and practice.
Profile on Hackrate
Profiles on Social Media
Tell us a bit about yourself: what does your life look like now?
Personally, I've had a dream since I was a child. I wanted to be a hacker, and while I was in my final year of graduation, I was really interested in developing and hacking stuff. Now, I am precisely what I wanted to be and bug bounty has changed everything. Bug bounty hunting is something I enjoy doing from the comfort of my own home.
I spend an average of 8-9 hours every day, until something piques my interest, in which case I don't see time, but I spend the most of my time learning in the evenings. The most important aspect of bug bounty, in my perspective, is learning.
First steps in bug hunting
How did you get into bug bounty hunting?
I think it was back in September – 2019 when I was doing my CEH Certification, Bug bounty started becoming widespread, people are getting into the field of bug bounty. But at that time my interest was in Pentesting.
I was looking for a job in August 2020, but due to the pandemic, I was unable to find it. As a result, I have changed my interest into bug hunting. Then I started to invest the majority of time learning the fundamentals of web applications, Common vulnerabilities.
When I first started out, I made a lot of mistakes in my learning. I just rushed through everything, which led to me becoming frustrated because I could not even find anything.
Then I began to realize where I was making mistakes? So, what should I do now? How can I fix this? There are several resources available on the internet, keep in mind that understanding is more important than simply reading. Don’t hesitate to ask for help, Learn about the most common vulnerabilities and
- Read write-ups ( PentesterLand , Paperseebug)
- Books ( Web Application Hacker Handbooks, Real-World-Bug-Hunting-Field, Zseano methodology )
- Read Disclosed bugs. ( BugBountyHunter-Disclosed )
- Follow Intigriti Bug Bytes ( Bug Bytes )
- for Practice: a) PortSwigger- Web Security Academy b) BugBountyHunter - Playground
Do you have any tips for our audience on what you do when you approach a new target?
Personally, I would like to suggest that approach target as a fresh perspective and read the program policy, Documentation (REST API, GraphQL and WebSocket etc), Analyze the application as a user experience, Map the application functionalities, Weird Behaviors and then try to break them with your skills and Don’t forget to Chain bugs . Try to fuzz as Authenticated, it reveals more endpoints than normal Fuzzing.
About the testing methodology
Do you follow a pre-defined methodology or do you prefer to change your methods regularly?
I follow a pre-defined methodology, as far as my learning experience I use less tools and my primary focus is to understand the application behavior like Registration, Login, Role based access, Business related, Application logic. I do a simple recon finding subdomains, gathering endpoints and collecting JS files.
Do you have any favorite tool or favorite wordlist to test with?
If you want a better result, I recommend creating a custom tool with some features to discover leakage of sensitive information, backup files with custom wordlists and combination of Gospider and Paramspider tool to find the parameters to play with it. I use assetnotes wordlist and some custom wordlist.
Favorite bug classes
Do you have any favorite vulnerabilities to focus on during testing?
Open Redirects and Cross Origin Resource Sharing are two of my favorite ones to look for while testing. It's possible to combine these bugs like XSS with CORS to leak information, Open Redirect to leak OAuth Tokens, in terms of increasing impact and getting high payouts.
Certifications and Achievements
Do you have any security certificates? How important do you think certifications are nowadays?
Yes, I have completed my CEH certification and am currently preparing for eWPT.I believe that certification does not play an important role when it comes to bug bounty, but if it is for a job, most companies prioritize certifications along with experience.
What would you consider your most impressive achievement? What bounty are you most proud of?
I have not really done anything specific yet because I've only recently started. If I get invites to the programs at Hackrate I would love to find one ☺
Future of bug bounty
Can bug bounty hunting be a full-time job?
Yes, it can be, but there are some pros and cons. Maintain a mutual understanding with the platforms triage team, if you want continual progress in bug hunting rather than just submitting bugs and getting paid out. Before being a full-time bug bounty hunter, it's necessary to have at least some experience.
What is the role of automation in security testing?
Although automation in security testing can be used to uncover security risks, at the end human brain is still required to test the application's logic.
What are your expectations of bug bounty platforms?
In my opinion, bug bounty platforms are a bridge between hackers and companies. The triage teams must fully understand what the hackers are reporting before passing it to the companies. Bug Bounty Platforms must provide response efficiency for submitted reports, average time to resolution, and average time to bounty.Personally I love swags, hackevents and new programs to play with them.
What is your impression of HACKRATE?
At Hackrate the triagers have excellent communication skills, which I appreciate. In addition to evaluating the report, they'll determine the best option to follow for both the hacker and company. Although Hackrate has two programs but their responsiveness to bug hunters is appreciable and they are providing real-world based labs for a better learning experience for everyone.