Hi Victor ! You’ve recently joined Yogosha’s community, and we’ve heard that you had quite an interesting background.
Could you tell us more about yourself & how you started hacking?
Hi ! My name is Victor, I am 23 years old, and currently an apprentice OTC Product Manager at a pharmaceutical company. I am specialized in marketing for the pharma industry, and hacking. Also, I just got recruited as a Cybersecurity Engineer in a red team, by a member of Yogosha’s community.
As far as I remember, I have always been very passionate about hacking. I spent my childhood disassembling pretty much everything I had (from a gameboy to a radio or a fan…). I really started hacking when I was 13, thanks to Jon Erickson’s Hacking, The Art of Exploitation. Then, in college, I got seriously into hacking and hunting Bug Bounties, and I helped a friend of mine to pay his student loan. After getting my first bounties, I decided to dig further, and applied for Yogosha’s selection tests. The exam was quite challenging and really fun, I’m really glad to be a part of the community !
Which advice would you give to someone starting in Bug Hunting ?
When I first started, in the 2000’s, there was a really elitist culture in hacking. Nowadays, it seems like everyone says that anyone can do it. It is nice to encourage people to start hacking, but you must remember that it’s still a complex and technical field, that you cannot simply master in a couple weeks. People should not think that it is going to be easy or they might be discouraged really fast. Hacking requires a lot of work and perseverance : As soon as I get off work, i spend the evening, or the night learning and working my skills.
On a more technical aspect, for a total novice, I would recommend Overthewire’s challenge to familiarize one with Unix systems. Websites offering vulnerable machines and CTFs such as Vulnhub are also great ways to train yourself. Pentesterlab also offers a great variety of exercises and lessons, which helped me a lot. OWASP Juice shop is also a great vulnerable machine, with a lot of different attack vectors and levels to solve.
Finally, here some classic books to discover : Hacking, The Art of Exploitation by Jon Erickson ; The Web Application Hacker’s Handbook (and you can find the “v3” on portswigger’s website) ; and The Tangled Web by Michał Zalewski. I’m also excited for the future release of The Bug Bounty Bible by Matthew Telfer.
In the end, there’s a ton of resources for autodidacts. Do not hesitate to ask questions to the community which is really friendly. Show your thought process, and your determination to learn.
What do you think is important in a Bug Bounty platform ?
I really enjoy exchanging with the team and the other hunters. There’s a great family spirit at Yogosha, and we can talk together through a Slack channel. We are not lost in a mass of hunters, the team is really responsive, and the payouts are fast.
On public platforms, there are a lot of hunters, which is -in one way- great, because you can get to know them and share knowledge. But as the number of hunters grow, the number of reports grows too, and the client can be “drowned” in a sea of reports of questionable quality. I prefer the concept of a selected and qualitative community, which is beneficial both for the platform, client and hackers.
Finally, there is a heated debate in the community, which is the non-contractual aspect of Bug Bounties. The program is the only judge of the validity of the bug and of it’s payout. From the constant controversies, and the complexity of the issue, I would advocate for a more selective approach for the clients, hackers and triagers.
What do you focus on when you start Bug Hunting ?
When I am hunting, i try to stick to the classic philosophy of hacking, which is to overcome your limits and to think out of the box -while still being as comprehensive as possible-. I like the comparison with a castle that you are trying to break into : You inspect the castle, check the perimeter, register what is going in and out, seek for secret entrances etc…
Sometimes, what is defined originally as out-of-scope might allow you to penetrate in-scope. It is a lot like visualizing data : You get numerous ramifications, and from these isolated datas, you get to the root of a bug by following the breadcrumbs. In the past, I alreay found out-of-scope bugs in a client which allowed me to get a hold on most of their infrastructure.
What attracts you in Bug Hunting ?
To me, Bug Hunting is first and foremost a legal way to do something that I love, while staying on the right side of the law. There’s an awesome mix of freedom and curiosity : The money you make relies mostly on your skills, and you’re free to work whenever and wherever you like. And of course, the unending intellectual challenge ! It’s a great ratio between invested time, financial income and intellectual challenge (that I also found in the pharma industry)
Which bugs do you prefer to hunt ?
I don’t necessarily have a favorite category of bugs. What I enjoy most is having the biggest impact possible, from getting really sensitive data, to own the system. If I had to choose one, I would say Improper Access Control where you can override the limits and privileges you are supposed to be granted.
I also really enjoy OSINT, which is getting as much intel as you can from ‘open source’ datas. In a bug bounty program, I did a lot of OSINT, gathered a lot of intel out of the initial scope, and got inside an admin account which managed their code base. Investigation is an awesome part of Bug Bounties
Where do you see yourself in the future ?
My primary objective is to make enough of a living, so my family and children can be free. In our world, freedom is tied to money. I also want to be able to keep solving a variety of intellectual challenges. I think entrepreneurship might be an important part in my life. As a hacker, even if I love breaking things, I do love constructing them.
Twitter : @DoomerOutrun
GitHub : @doomeroutrun