Andras Benyak

Hungary
ID verified
CISSP
OSCP
eWPTX
CREST CRT
CRTP

whoami

I began my career in London where I had the chance to work with some insanely talented people who are currently within the top 5 of all major bug bounty platforms. Overall, I have been working in offensive security for more than half a decade now, where I had the chance to participate in pretty much all areas of security starting from the classic pentests to red team, physical security, and a lot more. Aside of running my own company, I currently work as a Head of Penetration Testing in a US based company where I lead the Offensive Security Department. I used to spend quite a bit of a time with bug bounties, unfortunately I do not always have the time now but still can dedicate about 5-6 hours a week to it.

Profile on Hackrate

First steps in bug hunting

How did you get into bug bounty hunting?

When I began studying network security I came across some bug bounty platforms and started to commit to those in my free time.

Hacker insight

Do you have any tips for our audience on what you do when you approach a new target?

The advice I would give to anyone who is starting now, is what nobody told me in the beginning: do not be put off by the number of issues that had already been reported! Safely ignore those and start to do your own checkup on the tests. It can be a real issue if you check how many reports have already been submitted and you decide that it is “not worth it”. I have found so many high-risk issues in applications that were open for many months and had a ton of reports that I don’t even remember…

About the testing methodology

Do you follow a pre-defined methodology or do you prefer to change your methods regularly?

Well, majority of the bug bounties are web application and API based ones. When it comes to these, to me it is vital to understand what the application is trying to do under the hood, what was the intended purpose of the way the application passes the messages and so on. So, to begin with I always do a click around and simply build a mind map of what is going on. Unless you understand the application thoroughly it is easy to miss access controls issues that are usually critical in nature but are also very easy finds if you see through the code.

Favorite bug classes

Do you have any favorite vulnerabilities to focus on during testing?

My favourite are access control issues and PDF generation functionalities. Some old type of PDF generators are terrible and aside of SSRF you can most of the time achieve LFI or even RCE with some messing around.

Certifications and Achievements

Do you have any security certificates? How important do you think certifications are nowadays?

I do have a handful of certificates and whereas they are important, I believe knowledge is before any kind of certificates. I have seen guys with zero certs being able to explain the full working of Kerberos whereas some seniors don’t know why they can not authenticate to a Domain Controller when the local time is more than 5 minutes off. In this industry knowledge and willingness to learn is more valuable than certs in my view.

Some of my certs:

  • CISSP (Certified Information Systems Security Professional)
  • OSCP (Offensive Security Certified Professional)
  • eWPTXv2 (Web Application Penetration Tester eXtreme)
  • CREST CRT (Crest Registered Tester)
  • CRTO (Certified Red Team Operator)
  • CRTP (Certified Red Team Professional)
  • AWS-CCP (Amazon Certified Cloud Practitioner)
  • CREST CPSA (Crest Practitioner Security Analyst)
  • CompTIA Network +
What would you consider your most impressive achievement? What bounty are you most proud of?

I have found several serious injection type vulnerabilities and access control bypass issues for large companies.

Future of bug bounty

Can bug bounty hunting be a full-time job?

I think bug bounty can definitely be a full-time job however it is a competitive field and requires one to be on tope of their game if they want to make a living solely out of bug bounty.

What is the role of automation in security testing?

Automation is absolute key, especially nowadays. The big bug bounty guys have it all automated where most issues get evidence automatically generated (such as DNS takeover). If you take bug bounty, seriously get very familiar with Kubernetes!

What are your expectations of bug bounty platforms?

When it comes to bug bounty platforms, I have always looked for ease of communication and how well the application was built.

What is your impression of HACKRATE?

As a reason I am quite happy with HACKRATE as it is very convenient to get around it and has all the main functions that a good bug bounty platform should have in my opinion.

Badges

Newcomer

7/11/2024

Bounty_Hunter

7/11/2024

Monster

2/19/2025

Supporter

2/19/2025