This week we’re putting the spotlight on Dinesh, one of our newest Bugcrowd Ambassadors.
Meryl Streep once said, “I have a theory that movies operate on the level of dreams, where you dream yourself.” Dinesh started dreaming about becoming a hacker while watching action hacking movies as a kid. By the time he was 17 years old, he was reading about hacking and how to access computers remotely.
In this new virtual world, Dinesh started to connect virtually with hackers all over the world. The curiosity of escalating system vulnerabilities he found to stakeholders and finding out their impact was driving him to connect with the ethical hacking community. He became obsessed with trying to do the right thing. But for a time, he didn’t know who to reach out to or what to do.
He came across some of his hacker friends sharing Facebook posts about bug bounty programs and took it as an opportunity to hack without having to worry about being punished and make some money at the same time. So he started to participate in bug bounty programs on Bugcrowd.
It’s now been 6 years of hacking, and Dinesh has worked his way up to be one of the top white hat hackers in India. The experience he garners bug bounty hunting enhances his ability to secure systems, and he gets to use his developer skills on the backend without fearing about exploiting networks illegally.
Feel free to follow Dinesh V. on Twitter @D_J_Hack
How did you get into Cybersecurity?
“I loved watching hacking kinda stuff in movies. So, I googled about hacking FB accounts of my friends, which I came to know that there is something called bug bounty. Getting paid to protect FB and other networks from getting hacked. I came to the conclusion that hacking FB accounts ain’t that easy. It was then that I started to learn about hacking websites via SQL injection. Slowly I learned how to finds bugs on top sites. Most importantly, learned Ruby On Rails which helped with understanding how everything works on the backend, especially hunting on ROR web applications. Learning how inputs are being sent to the application has helped me a lot in bug hunting. I always try to find loopholes on Ruby On Rails’ application.”
How do you manage your personal life, work, and bug bounties?
“I spend most of my time on developing when in the office. After office hours, I spend my time on bug hunting and other hacking things. Once in a while, I visit my hometown to see my family.”
What are a few of your favorite hacking/security tools? Why should others use those?
“sublist3r – This is a subdomain enumeration tool that helps me find subdomains of the target domain. Some programs will accept vulnerabilities from all their subdomains and products. While using this, you find all the subdomains, which allows you to have lots of vulnerabilities.”
What is a quick hacking tip or technique that you recommend?
“Reverse Whois lookup – Find the whois of the domain and do a reverse whois lookup so that you can get domains owned by that company. Most of them will be out of scope. If you tend to find P1 or P2 vulnerability in those OOS domains, most of the programs will patch them and you might end up getting rewarded.”
What advice would you give to someone who is starting out as a beginner in bug bounties?
“Learn programming languages in depth, so you can figure out how each and every web application works. More knowledge about the web application equals to more chances of finding unique vulnerabilities”
How have bug bounties impacted your life?
“I started bug hunting when I was studying in my 2nd year of engineering. When I started bug hunting, I managed to take care of all my expenses while also taking care of the expenses of my family.”
What do you like to do in your free time, when you’re not doing bug bounties or working?
“I like to speed on motorcycles. The speed is thrilling. After riding, my head is clear and relaxed.”
Thank you so much to Dinesh for his time and for his great contributions to the bug bounty community!
Interested in becoming an ambassador? Apply to become a Bugcrowd Ambassador today! If you have any questions, please Twitter direct message @ChloeMessdaghi