With the launch of the weekly Researcher Spotlight, we will share stories from our global hacker community. This week we’re putting the Spotlight on Mikhail Egorov, also goes by 0ang3el.
Feel free to follow Mikhail Egorov on Twitter @0ang3el
Mikhail lives In Russia, Moscow and has been a security researcher for 6 years. When he was about 15 years old, he stumbled across a magazine about mathematics and puzzles on cryptography. In return, he became passionate in solving such puzzles. From there, he entered a university to study cryptography and programming.
His university provided solid knowledge in cryptography and mathematics. While finishing up at university, it became apparent that in Russia he couldn’t find an interesting and well-paying job. Mikhail began to self-educated in infosec and was introduced to hacking. It captured him since it seemed so cool to learn how to break things, and also to be able to go deeply in new technologies. And one of the most applied ways of increasing his talents was through bug bounty while earning an income.
His discovery of bug bounty was through a blog post. After reading, he did a quick search on companies that provided a bug bounty platform. This was when he came across the Bugcrowd website. His first submission on Bugcrowd took him half a day, and turned out to be a P2. After being paid out, he realized a new lifestyle and potential with Bugcrowd. Still today he continues using our platform.
How did you get into Cybersecurity?
“All started from getting master degree in information security. At university I got solid knowledge in cryptography and mathematics. But my knowledge in practical security and programming was quite superficial, and I began to self-educate. I read books and blog posts, took online courses on Coursera, EDX, Udemy platforms. Also, at that time, I enjoyed reading magazine ‘Xakep’. It’s a popular magazine issued in Russia about hacking and practical infosec. I realized that my further career should be in offensive security field, while I worked as a security consultant on defensive side. In 2013 I got pentester job and passed OSCP exam. I started bug bounties in the end of 2014 on Bugcrowd. I was just curious how it works and decided to have a try. Quickly I’ve found P2 bug that gave me first bounty – $500. That was super exciting.”
How do you manage your personal life, work, and bug bounties?
“It’s really painful. Often urgent tasks on main job requires my full energy, and I have no time for bug bounties at all. I often need breaks from hacking to be with my family.”
What are a few of your favorite hacking/security tools? Why should others use those?
“I mostly test web applications. I use Burp Suite Professional, sqlmap, devtools in browser. I developed several tools by myself for finding specific classes of bugs. For mobile apps testing, I love to use Frida.”
What is a quick hacking tip or technique that you recommend?
“Personally I use Project Sonar data sets by Rapid7 for subdomains enumeration. You can grab scope for all accessible programs and quickly get subdomains.”
What advice would you give to someone who is starting out as a beginner in bug bounties?
“Don’t lose courage, always try harder.”
How have bug bounties impacted your life?
“Significantly. It’s an additional source of income. Bug bounties motivates to learn new things.”
What do you like to do in your free time, when you’re not doing bug bounties or working?
“Traveling, hiking, birdwatching.”
Thank you so much to Mikhail for his time and for his great contributions to the bug bounty community!
Interested in becoming an ambassador? Apply to become a Bugcrowd Ambassador today! If you have any questions, please Twitter direct message @ChloeMessdaghi