After spending a few years working in the infosec world, Ankit Singh decided to become a full-time bug hunter. As a computer science engineer, Ankit keeps his curiosities at the forefront of everything he does. We asked him to share some of the things he’s learned throughout his Bug Bounty Journey. Check it out!
Tell us about yourself! What do you like to do when you’re not hacking?
“In one word I’m an “enthusiast”. I’m always curious to explore anything which has an artistic approach towards it. Currently, I’m in my 20s, recently dropped my 9-5 job involvement and opted the mode of full time ethical hacking for my survival. I’m glad I took this decision at the right time because the art of ethical hacking is all about being creative and an explorer, something that I always wanted to pursue. Apart from it, I love exploring nature and wildlife, I’m a painter, a former rap artist. In sports I love martial arts and a special interest towards meditation, spirituality and yoga.”
What do you do for a living?
“I’m a Computer Science Engineering graduate. After my graduation I had my first job as an “Information Security Auditor” where I had the opportunity to perform pentesting and security audits for the government. My second role was in a healthcare organization as “Sr. Cyber Security Analyst” where I carried out the pentesting and assessments for networks, applications and healthcare devices. After dedicating approximately 3.5 years in my job roles, now I’m working as a full time bug hunter.”
Full-time bug hunter and full-time learner! Wow!
When did you first discover the internet?
“My father was a military personnel and during my earlier schooling times I remember we used to have a cyber cafe in the cantonment area meant for the dependents of defense personnels. There I first time accessed the internet. I was so much fascinated with the fact that whatever I was asking, the Yahoo searches were bringing me with the relevant data accordingly. I remember making a lot of searches about “Dinosaurs” since I was so much fascinated about them. Thanks to the movies such as “Jurassic Park” which made me extremely curious about Paleontology.”
We love Jurassic Park, too. “It’s a UNIX system! I know this!” 🧑💻
What area of ethical hacking or cybersecurity is most interesting to you?
“Though I’m personally more into Web Application hacking, I’m passionate about all the aspects of “Cyber Security”. Whether from social engineering to car hacking, I’m always curious to learn more of it. I believe that hacking is not a subject in itself, but it is just about the way you deliver your creativity and exploration to break into something based upon your understanding of how the given technology is built or developed.”
“Your understanding of technology is the “subject” and the additional creativity you employed is the “ethical hacking”. Since technology will always be enhanced and applications will always be developed, so there won’t be any boundaries to ethical hacking and so this can never be referred to as a particular “subject”.”
How has your experience as an ethical hacker evolved over the last year?
“Since the last one year, I learned a lot about many new web attack vectors. I watched many presentations from the major conferences such as BlackHat USA and Defcon. I went through many research papers. Since the last one year, the learning and the achievements I’ve gained by being a full time bug hunter is far more than all those years combined when I was serving my job responsibilities and was only able to contribute to the bug hunt in my part time.”
Anything is possible, especially if you’re Ankit! 👏
Do you have any advice for new hackers or people transitioning into bug bounty?
“As I said earlier, that hacking is not a subject in itself but understanding the technology really is. So for the newcomers the suggestion I usually give is that prior to directly trying to hack stuff, first understand the technology, understand how the protocol operates and it’s different standards, get a hold on application development and scripting languages, start from today. The more you understand how something is built the easier you will be able to break through it. Second, the best platform to learn is to make a habit of going through the publicly disclosed bug reports. That way you will learn the practical approach of implementing an attack in the real world.”
We will stick to writing blogs, but for all of you new-comer hackers, learn everything you can about technology first. ☝️
Do you recall a specific ‘aha’ moment in your personal journey as an ethical hacker?
“Well there been a lot of ‘aha’ moments in my journey. Especially when I find a severe server side bug, and you get lost in that specific moment where you’re able to feel that adrenaline rush and a tsunami of thrill. Such moments cannot be expressed merely in words.”
Why do you hunt with Bugcrowd?
“I’ve been hunting on Bugcrowd since a long time. And through all these years, the one quality I observed in the overall proceedings of Bugcrowd is about the sense of cooperation and supportive attitude that their team possess towards the crowd. Now whether it’s about a support ticket or triage processes. “Cooperation” from the platform was one of the major reasons that even as a full time bug hunter, I invest a major part of my time bug hunting for the programs available on the “Bugcrowd”. I believe Bugcrowd triage team is the most cooperative triage team to work with among any bug bounty platforms out there.”
What piece of advice do you wish someone would have given you sooner in life?
“Ah, well this question speaks up my heart because on a couple of occasions in my life I realized to myself, that if someone would have told me about the bug hunting platforms in my earlier stages of graduation then I guess things would have been somewhat different. Because I remember my college days when I was dedicating a major time on learning and tweaking with the security of things being unaware that some platforms out there would actually help me earn money and build a career for doing the same thing. I came to know about it after I graduated and joined my first cyber security firm. Otherwise I’d have taken the decision to go solo full time even earlier.”
Who is your hero?
“My Mom has always been the best role model I can look up to. If I could have ever learned the meaning of the word “sacrifice” then it wouldn’t have been possible without her. From looking after my school uniform to till date facilitating each and every thing and making sure that I get the best of the environment, delicious food and support to have my hacking or professional stuff done. She’s the one who always got my back and because of whom I’m assured that “everything gon’ be alright” no matter what.”
Tell us a fun fact about yourself!
“If not a hacker, then I would have been a paleontologist for sure! You know, digging them dinosaurs from the crust of your backyard. :)”
You know what they say, curiosity makes a great hacker.