Orwa Atiyat (OrwaGodfather) climbed the hacker ladder quickly after starting his bug hunting journey just 3 years ago. Since then, Orwa has been awarded for both MVP and P1 Warrior, Top Bug Hunter: LevelUpX Champion Buggy Award for the 2022 year, and was most recently a part of the winning team, Tess’s Squad in the 2022-23 Hacker Cup as Team Captain. As a hard worker dedicated to increasing security globally, Orwa’s journey is not only inspirational, but insightful as well. Buckle up for this month’s Researcher Spotlight!
How did you get into the Cybersecurity space?
“The road to cybersecurity is little different for everyone. I was never good at hacking and I did not obtain any scientific qualifications or any certificate in this field. So, I watched the th3g3nt3lman video on the BC YouTube channel about a GitHub topic. It was really cool and easy to understand, so I immediately started looking for leaks and I got 6 bounties in the first month. In my first 3 months, I didn’t understand the meaning of sub domain or domain or ports or anything else but after that, I started reading and watch everything connected with bug bounty topics.”
Don’t walk, run to the Bugcrowd YouTube channel to start learning how to hack. 🏃
What and/or who first sparked your interest in hacking?
“I have wanted to be in this field all my life, but the person who first sparked my interest in hacking was my brother, th3g3nt3lman. I said to myself, ‘Yeah, nothing is impossible; I can do something’…”
The right mindset to achieving your goals: “I can”.
How long have you been hunting?
“I started in 2020 (3 years ago), hunting and learning at the same time.”
When it comes to hunting, learning will be a constant. Keep learning, keep growing.
How have bug bounties impacted your life?
“In fact, bug bounties have completely changed my life. Before bug bounty, I was drowning in debt, but in 3 years I was able to pay off the debt, travel for tourism many times, own my own home, and help my family.”
If this doesn’t inspire you, we don’t know what will.
Are you a part-time or full-time hacker? How much time do you spend hacking each week?
“I hunt full-time, but at the same time I do not exhaust myself. So, I hunt about 5-6 hours per day and the rest of the time I spend with family and friends.”
What has been your biggest challenge while hacking and how did you overcome it?
“There are many challenges but most of them are the feelings of being distracted by the huge number of programs on the table, as there is competition everywhere. I was able to overcome this challenge by putting my focus on certain types of programs and collaborate with friends to divide the tasks. However, do not lose your focus by working on many platforms and programs at the same time. Choose a place where you find comfort to work.”
Do you have any favorite tools or resources to learn? What are they?
“I use a lot of tools all the time, just in recon part subdomain enumeration, port scanning, etc. But, for testing, dorking on google/github/bing, Burp Suite, and nuclei with specific templates. Create a special template for each vulnerability that you have discovered and run this template over nuclei on all programs. Finally, the best place to learn is to watch the community’s Twitter posts. Here you can find all the useful tools in hunting and indexed.”
Bookmark that page for a go-to resource. 👆
Do you have any advice for new hackers or people transitioning into bug bounty?
“1: Focus on information disclosure bugs, 2: Focus on IDOR bugs, 3: If you don’t have background in JS language start learning JS. No one was born an elite hacker, so never give up. Thomas Edison conducted 1000 failed experiments. The 1001 experiment was the light bulb. You will got a lot of N/As – duplicate reports at some point. Accept it because every N/A – duplicate report is one step closer to success.”
What’s an important lesson that you wish you learned early on in your hacking career?
“Learning web languages and how to write excellent reports.”
How do you avoid burnout? How do you take care of yourself and your mental health?
“Sleep well, gym, and most importantly, don’t be an introvert – sit with family and friends. If I’m about to finish finding a bug and I feel exhausted or tired, I stop immediately and go take a break or watch something on TV. Also, after finding a bug, I don’t report directly, I take some time to rest. After I rest, I start sending the report.”
Where do you see your journey going from here? What are some goals you have for this year?
“I see myself finding more bugs/0days and being distinguished, loved and helpful to many both new and old hunters, I would love to see everyone win. A goal I have is Marriage, but I’m still looking for the right wife 😊.”
All the single ladies, all the single ladies. 🎶
Why do you hunt with Bugcrowd?
“The answer will be a bit long and I advise everyone to read it.
I want to point out that I have hacked on many platforms, but Bugcrowd platform is absolutely the best for me, for many reasons and I will mention some of them…
- The reporting form is very clear and easy to understand and the VRT is amazing
- Sorting and displaying of programs is very impressive
- Return to the previous report easily and separate reports for each program individually
- The triage team is very fast, smart, and most importantly very cooperative, which is not found on other platforms
- You can communicate with support immediately and in more than one way, and they are also a great and responsive team
- Challenges, events, and swag is amazing
- The simplest thing is when you tweet about bug or bounty on Bugcrowd you see the Bugcrowd team being the first to congratulate you on this amazing achievement
- Great risk assessment. For example, if I sent a duplicate report, but it showed a high impact, it is closed as a duplicate, but sometimes a blocker is placed for a special team to look at this report.
And more wonderful things, but I need at least 4 pages. From here, I want to thank all the Bugcrowd team especially Tal, Timmy, Jordyn, Rami, Tatiana, Wilson.”
As the Bugcrowd team, we appreciate your resilience in pushing limits to reach your goals.
Tell us what you do for a living or your career aspirations.
“I do not have any certifications that qualify me to work in this field, so I am continuing hunting to get more bounties.”
What does your life look like outside of hacking?
“A natural and wonderful life. I sit with the family and go out with friends, watch parties, but the most important thing is that I spend a lot of time with the children at home. I love them a lot.
I donate 20% of every bounty I get to help people. In the past, I suffered from poverty, so I could not complete my studies and did not obtain certifications. I didn’t want to watch other people suffer from the same thing, so every year I pay the university fees for two people who can’t afford the fees. Thanks to God, so far in 3 years, I have helped 6 people complete their studies at the University.”
Who is your hero?
“I have 3 heroes…
In life: My mother
In success: Denzel Washington
In hacking: My brother, Majd [th3g3nt3lman]”
Tell us a fun fact about yourself!
“My main profession is a chef. At the beginning of bug hunting I was cooking and hunting in the same time from my phone and I remember two funny things that happened at that time. I was roasting the chicken in the oven and at that time I found a critical bug and immediately started reporting from my phone. When I finished writing and sending in the report, I found that the chicken had burned, but it’s ok, still a critical bug I reported, LOL.”
“I want to end this writing with words that I like, when you ask for strength, god will not give you strength, god will give you difficulties to make you strong. When you ask for wisdom, god will give you problems to solve. When you ask for courage, god will give you dangers to overcome. When you ask for patience, god will give you situations where you are forced to wait. When you ask for favors, god will give you opportunities. When you ask for everything so you could enjoy life, god will give you life so you could enjoy everything.
Never give up, never back down. Believe in yourself and be patient. Thanks All!”
Orwa is a great example of what hard work looks like. We are proud of all the milestones you’ve reached so far and can’t wait to see where your journey takes you next.
Want to stay caught up with all things Bugcrowd? Follow us on Twitter and Instagram and don’t forget to join us on Discord! Are you ready to join the hunt? Sign up for a researcher account today and start your hacking journey!