Nikaiw is #58 on the community leaderboard, with a 96.88% acceptance rate and an average bug priority of 2.37. Nikaiw has been on Bugcrowd for less than 6 months and in that time he’s found 31 valid vulnerabilities, with 10 of those being P1’s.
Read below for our interview with Nikaiw and make sure to follow @Nikaiw on Twitter.
Take us back to your early days, what got you started with technology?
I was lucky to have a computer at home quite early. I still remember the first time I got to use it. We had a 286, I was really young and only knew what I had seen from people using it in front of me. My first steps were just reproducing those commands. But then quickly I saw that you could learn from wrong inputs. It was not a big deal to give a wrong input, the program would just tell you what is wrong until you gave it what it wants. It was a fantastic way to learn, I actually learnt the rules of chess that way.
How did you get started in security research?
I started security a while ago just by being curious. I like to understand how things work. In security, you often try to give an unexpected input to a program or script that will make it reach an unexpected result. To do that it is better to know how things work underneath. Several years ago, I also started to do Capture-the-Flag (CTF) which is a good way to have fun and learn as well.
How long have you been doing bug bounty work?
At the beginning of the year, I came across @Mongo who motivated me to look at it. I finally had my first look at the end of January. My first experience was actually really bad, I found around 7 bugs on the first asset that I checked. Except for one, all of them were duplicates and were submitted more than a year ago.
Why do you hack on bug bounties?
I plan to be credited first before @mongo, at least once. Also, you know to save the world. Just kidding 😉
Do you have a specific security focus or specialty that you tend to spend your time on?
Actually nothing in particular but like most people (I think) I love when I can get command execution!
What motivates you to do what you do? What keeps you going?
I like to keep learning new things and techniques, which is something bug bounties write-up and CTF are good for.
Any tips or suggestions that you would give to other bounty hunters?
Be persevering. As said, my first experience was a failure. But do not stop on a failure. You often have to try a lot of payload or endpoint before finding the right one that won’t be filtered by a WAF or the one that will have a flaw.
Where do you think bug bounties are going in the future?
I think bug bounties are getting more and more popular and companies will be more likely to use them in the future to reduce holes in their infrastructure. It’s a win-win situation as it also gives the opportunities to young security passionates to improve their experience on real systems and expand their knowledge.
Where do you hope to be two years from now?
Well that’s a quite tough question. It’s a hard one because you can never know what the future will be made of. But to be perfectly honest and realistic I think that in 2 years I’d be somewhere in between the 17th and the 20th of May 2018 😉
