Although Farah may be new to the InfoSec community, her Youtube channel has quickly become a must-watch for anyone looking to LevelUp their hacking skills!
Farah started sharing hacking resources she’s used through her Twitter and LinkedIn back in May of 2020. Since then, she’s begun a full-time Pentesting job with Inspira and started a new YouTube channel to document her Bug Bounty Journey.
Although she’s a self-proclaimed n00b, we think her content is a fantastic resource for anyone looking to work on new targets or just learn something new. We appreciate the contributions she’s already made to the community and look forward to seeing what she comes out with next!
Check out Farah’s channel, including a great video on GraphQL here!
How did you get into Cybersecurity? How long have you been hunting?
I was pursuing a Bachelor’s degree in Mass Media and when I was in the second year of my course, I attended a workshop about Ethical Hacking. The concepts that were talked about in the workshop were pretty basic but they really caught my interest and since I had a lot of free time on my hands, I decided to dig deeper into Cybersecurity. I slowly learnt about the various domains in InfoSec and realized that finding bugs in applications was an area that I wanted to tap into. After completing 2 internships where I got the opportunity to pentest web apps and learnt a lot along the way, I finally started hunting on VDPs and then bug bounty programs around 4 months ago.
Why did you choose you Bugcrowd handle? Does it have any specific meaning?
My Bugcrowd handle is simple. It’s my name.
How have bug bounties impacted your life?
Bug bounties have made me more independent than I could have ever imagined. When I first started posting about my bounties on LinkedIn, I received a crazy huge amount of messages from people asking me how they could get started and what resources I had used to get started in bug bounties.
I couldn’t possibly answer all of them so I decided to start a YouTube channel to share my knowledge and answer those questions on a much wider platform. Since then, my life has done a full 180 and the exposure I got enabled me to meet some wonderful people across the globe, work with some great companies and get a full-time job as a pentester. All of this would have never happened if I hadn’t started bug bounties.
Do you hunt full time? If not, why?
I don’t hunt full time as of now. My time is divided between my full-time job as a pentester, working on videos for my YouTube channel and hunting on bug bounty programs. For me, bug bounties are an additional source of income and a way to make my free time a little more productive.
What do you do for work outside of bug hunting?
I am currently working full time as a pentester. Apart from that, I spend most of my time working on my YouTube videos.
How much time do you spend hunting bugs?
This keeps fluctuating but the time I give to hunting bugs has definitely reduced since I started my job. So on an average, I’d say I spend about 1-2 hours every day hunting.
Do you have any favorite tools or resources to learn? Why?
There are a bunch of resources that I keep going back to. One of them has to be the Web Application Hacker’s Handbook. Even though it’s an old book, it gives me an extremely fresh perspective to look for bugs and sparks ideas in my mind that I can use while hunting.
Another one is PentesterLab– it’s great to learn new concepts and attack techniques and the course videos along with the hands-on labs make it very easy to follow.
Do you have any simple tips that you use when you are hunting?
I make sure to test each and every functionality thoroughly, especially all input fields including cookies, headers, parameters etc. If there’s any interesting or weird behavior, I refer to some bookmarked resources to help me proceed further with an attack.
Do you have any advice for new hackers or people transitioning into bug bounty?
Don’t restrict yourself to learning from only one resource at a time. Read books, blogs and writeups, watch videos, practice what you’ve learnt on labs, learn how to code and integrate a little bit of everything in your day. At first, start with VDP’s or points-only programs since it’s easier to find bugs on those. Once you find your first bug and get some motivation, transition into bug bounty programs. This worked for me when I started and it might work for you too.
When you aren’t hunting bugs, what do you do for hobbies/fun?
When I’m not hunting or working, I swim, spend time with friends, watch Netflix, listen to music and treat myself to some great food.
Why do you hunt with Bugcrowd?
Bugcrowd is a very beginner-friendly platform. Apart from that, their support team is great and very responsive to researchers which I think is a huge benefit in today’s bug bounty scene
Follow Farah on Twitter @farah_hawa01 to keep up with her bug bounty journey!
Stay tuned for more Community Spotlights. Want to join Farah and be part of the Crowd? Join our Discord and sign up for a Researcher Account!