Ninad Mishra is a full-time hacker who has navigated challenges, pursued knowledge persistently, and developed a unique perspective on ethical hacking and device exploration.
Ninad grew up in Bhopal, a small city in Madhya Pradesh, India. His love for his city stems from the amazing forests that add to the atmosphere of peace and tranquility. His favorite fact about Bhopal is that “We have many wild tigers in the area, and a whole research project is going on to study and help tigers and other animals live and sustain themselves so close to civilization.”
Ninad’s relationship with technology began early. “Ever since childhood, I have loved technology and computers,” he recalls. “I always had this curiosity to try and figure out how things work. As a child, I always broke my toys to see what was inside. Soon, I became interested in electronics and computers and started learning and trying out different things. For example, what would happen if I changed Windows Registry values? How can I customize things that aren’t meant to be customizable?”
(Photo source: Ninad’s old Windows machine)
This early fascination wasn’t just about using technology but also about understanding its intricacies. “I started reading about different tips and tricks related to tech and eventually started surfing hacking forums,” he explains, marking the beginning of his cybersecurity journey.
Pursuing a passion in cybersecurity and hacking
Like so many others, Ninad’s path to becoming a professional hacker was not without obstacles. “Picking cybersecurity as my full-time career was my biggest challenge,” he shares. Growing up in a small town that limited his exposure to the field, he encountered significant skepticism: “Some people suggested to me that ethical hacking is illegal, and many of my relatives recommended that I become a developer instead of going into cybersecurity.”
Undeterred, he pursued his passion, initially learning web development while maintaining his interest in hacking. The pivotal point came through bug bounties and vulnerability disclosure programs (VDPs). “Thanks to bug bounties and VDPs, I was able to meet and talk with people who were actually working in cybersecurity,” he says. This not only validated his career choice but also helped him to gradually win his family’s support.
Today, he specializes in network security and web application testing, working full-time as a hacker and senior security consultant for Bugcrowd. “It’s amazing. I get the opportunity to get exposure to both sides by understanding a client’s priorities and requirements and understanding a hacker’s mindset and point of view,” he explains.
Hacking methodology and achievements
Ninad’s approach to hacking is methodical and patient. “Don’t try to automate everything,” he advises aspiring hackers. “Instead, focus more on manual testing and try using automation to increase the efficiency of manual testing.” His approach is about gaining a deeper understanding of technology and exploring it, not just coming up with quick solutions.
The impact of his work is evidenced by his professional achievements. He has been hacking for seven years and has gained some really cool recognition. For example, “On a test, I once found a zero-day on an Oracle service that was being used by one of our customers. Oracle also gave me written acknowledgement and CVE-2022-21606.”
Another moment he is very proud of came earlier in his career: “I also worked with the Indian government VPDs and reported a few vulnerabilities to the National Critical Information Infrastructure Protection Centre (NCIIPC), for which I was later invited to a conference held by the Indian government.” As such, bug bounties have been transformative in more ways than one, helping him pay college tuition fees and establishing his reputation in the industry.
Expanding beyond hacking web applications
The evolution of technology, particularly artificial intelligence (AI), fascinates him. “It’s amazing to see that AI is already being heavily used in various applications and in offensive security,” he observes. He predicts a future where “there will be a lot of tools based on AI that will help in security testing” and anticipates the emergence of “pentesters with specialization in AI and LLMs.”
Ninad has also started to dabble in areas beyond web applications. He’s exploring hardware hacking, experimenting with tools like Flipper Zero, and learning to program microcontrollers: “Hardware hacking is a fascinating field,” he shares, recommending aspiring hardware hackers to “learn more about programming ICs, reading datasheets, and understanding how they work.”
Advice for hackers and goals
To combat the inevitable burnout hackers experience, Ninad adopts a holistic approach to his work. “Whenever I feel like I am burning out, I change the technology or activity I’m working on,” he explains. This might mean switching from web hacking to exploring mobile hacking or local exploits. Additionally, he emphasizes mental and physical well-being: “I believe that a healthy brain resides in a healthy body. So I make sure my diet is good and I meditate daily.”
Looking forward, his goals are clear: “Learning more about Web3, hardware hacking, and AI are the goals of this year, mainly increasing my skill set and coming up with some new exploits.” His ideal career? A role that allows continuous learning and skill growth, such as being a red teamer.
For resources, he recommends PortSwigger labs, Twitter, and Medium for learning and tools like httpx, ffuf, and nuclei for automation. One piece of advice he wishes he had received earlier is “Always take notes. There are so many technologies and attack scenarios, so taking notes is crucial.”
His philosophy on hacking is easy enough to follow—“Hacking is simple. Just question everything and break every rule there is.” This sentiment encapsulates not only his technical approach but his mindset of maintaining constant exploration, working to overcome obstacles, and remaining centered.
Check out Ninad’s gaming content here and follow him for hacking advice at X.