This week we’re putting the Spotlight on Alyssa, a Bugcrowd Ambassador.
Feel free to follow Alyssa on Twitter @Alyssa_Herrera_
Alyssa first started hacking in middle school. She was frustrated that the school systems would monitor and track students’ online activity. She Googled how to bypass them and found that you could use default credentials for the admin accounts in order to bypass them and play games. Since it was easy for her to bypass the school systems, she was excited to keep learning more about hacking. Windows XP was the first target she hacked, followed by the school’s website. She never really found any vulnerabilities, but became excited to find out what web applications were running on them.
In high school, not knowing there was a whole ethical hacking community, she pursued unethical hacking. However, she quickly switched gears when she discovered there was a niche field where you can legally and ethically hack various websites for possible monetary rewards. She came across Google’s bug bounty program. Alyssa began to go down the ethical hacking rabbit hole, and researched about other bug bounty platforms, such as Bugcrowd.
How did you get into Cybersecurity?
“My interest in information security started in high school when I began to look into the legal realm of hacking and transitioning away from the childish antics of hacking random sites just to show that I knew how to. Google and other forms of bug bounties drew my interest as it provided a legal outlet as well as a legitimate way to start a career in doing something I excelled at. “
How do you manage your personal life, work, and bug bounties?
“I do bug bounties full time, so managing it isn’t exactly hard. I spend several hours every day bug bounty hunting. I work on programs, take breaks in between to focus on personal life so I don’t get burnt out .”
What are a few of your favorite hacking/security tools? Why should others use those?
“Burp suite is by far my favorite tool of the trade. I use the professional burp suite edition personally but the community edition is just as good as the professional version. It’s quite useful in providing a workbench to do everything from intercepting requests, keeping track of requests being made, etc. Aqua tone is another tool that’s quite useful in discovering subdomains on any given target which can provide you a larger attack surface to work off.”
What is a quick hacking tip or technique that you recommend?
“Google dorking is by far the best tip, there’s lots of sensitive information you can discover on a target by using a google search query. Additionally checking pdf, doc, excel, etc. in particular can reveal sensitive internal documents that shouldn’t be publicly available.”
What advice would you give to someone who is starting out as a beginner in bug bounties?
“The best advice I could give would start reading disclosed bug reports, write-ups, and practicing on capture the flag challenges.”
How have bug bounties impacted your life?
“It’s been a massive improvement in my life, given me a career of sorts and has taken me across the world to meet other hackers.”
What do you like to do in your free time, when you’re not doing bug bounties or working?
“Mainly playing video games with friends, learning Danish and drawing.”
Thank you so much to Alyssa for her time and for her great contributions to the bug bounty community! Interested in becoming an ambassador?
Apply to become a Bugcrowd Ambassador today! If you have any questions, please Twitter direct message @ChloeMessdaghi