Researcher Spotlight: Ambassador Hagai Sason


  •  
  •  
  •  
  •  

With the launch of the Bugcrowd Ambassador program, we’re regularly sharing stories from our global hacker community. This week we’re putting the Spotlight on Hagai Sason, a Bugcrowd Ambassador in Israel.

Feel free to follow on Twitter @HagaiSason

When Hagai was a kid he enjoyed playing puzzles to challenge his mind. His affinity for mind games developed into an interest in the cross section of human behavior and solving puzzles, particularly crypto crossword puzzles. These enticed him to learn more about solving logical puzzles, a skill that he now combines with hacking as a penetration tester. In fact, Hagai says his biggest findings come from logical attacks, more than injections or technical mistakes.

After serving in the military in Israel, Hagai decided to study web technologies, which bridged his other passion of emerging tech. Toward the end of his degree, he took a course on information and network security where a guest lecturer spoke to his class and demoed a SQL injection. This was a major awakening moment for Hagai, pointing him toward a future in cybersecurity as a pen tester.

Post-college, Hagai took another course in network and defensive security but found himself bored and gaining an adversarial mindset. Things fell into place when a consulting company reached out to hire and teach him the basics of breaking systems. Since then, Hagai’s passion for breaking has led him into becoming an incredible red team member.

Read more on his story here:

How did you get into Cybersecurity?

  • “I was always passionate about mind challenges and logic puzzles. By nature I’m much more talented with breaking things than building them. When I was studying at the university, I took an information-security course with a quick and very basic application hacking session. Immediately I fell in love and since then I always knew that this is what I wanted to do, and started to teach myself from online sources and training frameworks. In 2015, I started my penetration testing career and worked for two security consulting companies in Israel. I entered the bug bounty world this past year, motivated by the challenge, curiosity, and my experience. I was really excited to be announced as Bugcrowd MVP for 2018.”

How do you manage your personal life, work, and bug bounties?

  • “Hacking is satisfying and fun for me and I’m also doing it during my daytime job. My time for bug bounties is usually on weekends. It’s a bit addictive, so don’t let it take control over you.”

What are a few of your favorite hacking/security tools? Why should others use those?

  • “I’m not a great believer of automatic tools and scanners. Your mind is a pretty good tool to deal with the challenges. BurpSuite is a must. I’ll recommend the Pro version because of some great extensions (and it’s funny, but if you have some experience with Burp, you must be addicted to the search button.) Reconnaissance tools like manual Google dork, Shodan, Nmap, and Sublist3r are also helpful.”

What is a quick hacking tip or technique that you recommend?

  • “If you want to dive deep into an application, isolate yourself from your surrounding environment with good meditation music. You’ll find that your investigations will be more effective. My personal recommendation (for metal-heads) is Wavering radiant album by Isis.”

What advice would you give to someone who is starting out as a beginner in bug bounties?

  • “Generally, don’t search for the obvious findings such as XSS and SQL injections, they’ll probably be marked as duplicates. Try to find vulnerabilities which require complexity, mostly logical attacks and advanced server-side injections.”

 How have bug bounties impacted your life?

  • “Bug bounties have made a big impact for me. It’s an additional source of income and a significant way to extend knowledge, techniques, and professionalism.”

What do you like to do in your free time, when you’re not doing bug bounties or working?

  • “Don’t have much of it, but I like to travel around the world, watch quality TV, learn and investigate new stuff, play football (this thing you Americans call “soccer”) and watch my favorite team LFC (Liverpool Football Club).”

Thank you so much to Hagai for his time and for his great contributions to the bug bounty community!

Interested in becoming an ambassador? Apply to become a Bugcrowd Ambassador today!  If you have any questions, please Twitter direct message @ChloeMessdaghi