Today, E Hacking News had a chance to interview one of the Indian Security researcher, prakhar prasad, who recently received $5000 reward from Paypal for a file uploading vulnerability.
1. Introduce yourself
I'm Prakhar Prasad, 19 years old from Ranchi, Jharkhand.I love playing and breaking Web Applications' Security. I've found critical vulnerabilities in majority of popular websites like Google, Facebook, Twitter, PayPal, Adobe, Apple, Symantec, Nokia-Siemens Networks and etc.
Athough I'm also working on Exploit Writing, Anti-Virus evasion techniques and Malware Analysis.
2. How did you get into Information security field?
I got into Information Security when I was in class 10th, because of an incident. One fine morning I was reading my local newspaper and on the main page of newspaper it was a screenshot of my state government's website showing - "Hacked by Ashiyane Digital Security Team". This incident facinated me completely like - How someone can change the website's homepage with his own message. I started Googling around and then learnt how websites and stuff worked from security point of view.
Then the love for information security took me to a whole new level. Sleepless nights, with a burning desire to learn as much as possible.
3. When did you start Bug hunting?
I started bug hunting back in July 2012.
4. What is your first finding , how did you feel at that time?
My first finding was a clickjacking bug in Google Website Translator Toolkit, that allowed me to add arbitrary "Admin/Editor" on someone's account by redressing page.
5.What is the favorite vulnerability found by you?
Umm.. My favorite one is the Blind SQL Injection bug I found on PayPal's Notifications website. But I also like a permission bug I found in a PayPal acquisition that allowed me to unsubscribe any user of my choice from their mailing list.
6. How much have you earned so far from Bug hunting?
I'd keep it private :) But it's more than enough !
7. You're hunting bugs for fun, for profit, or to make the world a safer place?
I hunt bugs, basically for fun and keeping world a safer place. But now various bug bounty programs have started that allows me to earn alongside with the points I mentioned.
8.What is your future plans?
Can't say anything right now, I'm still learning things. But I want to do something really big for my country, India
9. How did you feel when you received $5000 from Paypal?
It was a huge surprise. When my bug got validated I was expecting some big amount. But when I was paid the exact, it was enormous.
10. What is your advice for new bug hunters?
Just use Google to learn everything from scratch, it is the most powerful tool to gain knowledge of ANY KIND. Don't opt for some Tom, Dick and Harry Ethical Hacking courses, they teach half-baked concepts and suck your money. Google is the best thing to get things started, don't be like a spoon-feeding child. I'd recommend a book called the Web Application Hacker's Handbook, to start off.
One must watch Nir Goldshlager's HITBAMS2012 talk on Killing a Bug Bounty Program Twice. It's the best video out there regarding bug hunting.
Automated tools just can't find bugs in big websites, plus it kills the fun of finding bugs manually. Semi-automated/Manual tools are cool to work with like Burp Suite and Zed Attack Proxy.
11. What do you think about E Hacking News?
It's a very good news source, keeps me updated about happenings of InfoSec world. I appreciate the work done by the team.
BreakTheSecurity is also doing a great job, in providing tutorials and similar stuff.
Keep the Good Work Up !
12. Thank you, Is there anything else you want to add?
I'm very thankful to EHackingNews for providing me the platform to share my views and experiences !
If anyone wants to connect with me, then I'm on Twitter - @prakharprasad
My best wishes to all learners and ehackingnews.
SOURCE---> ehackingnews
My first finding was a clickjacking bug in Google Website Translator Toolkit, that allowed me to add arbitrary "Admin/Editor" on someone's account by redressing page.
5.What is the favorite vulnerability found by you?
Umm.. My favorite one is the Blind SQL Injection bug I found on PayPal's Notifications website. But I also like a permission bug I found in a PayPal acquisition that allowed me to unsubscribe any user of my choice from their mailing list.
6. How much have you earned so far from Bug hunting?
I'd keep it private :) But it's more than enough !
7. You're hunting bugs for fun, for profit, or to make the world a safer place?
I hunt bugs, basically for fun and keeping world a safer place. But now various bug bounty programs have started that allows me to earn alongside with the points I mentioned.
8.What is your future plans?
Can't say anything right now, I'm still learning things. But I want to do something really big for my country, India
9. How did you feel when you received $5000 from Paypal?
It was a huge surprise. When my bug got validated I was expecting some big amount. But when I was paid the exact, it was enormous.
10. What is your advice for new bug hunters?
Just use Google to learn everything from scratch, it is the most powerful tool to gain knowledge of ANY KIND. Don't opt for some Tom, Dick and Harry Ethical Hacking courses, they teach half-baked concepts and suck your money. Google is the best thing to get things started, don't be like a spoon-feeding child. I'd recommend a book called the Web Application Hacker's Handbook, to start off.
One must watch Nir Goldshlager's HITBAMS2012 talk on Killing a Bug Bounty Program Twice. It's the best video out there regarding bug hunting.
Automated tools just can't find bugs in big websites, plus it kills the fun of finding bugs manually. Semi-automated/Manual tools are cool to work with like Burp Suite and Zed Attack Proxy.
11. What do you think about E Hacking News?
It's a very good news source, keeps me updated about happenings of InfoSec world. I appreciate the work done by the team.
BreakTheSecurity is also doing a great job, in providing tutorials and similar stuff.
Keep the Good Work Up !
12. Thank you, Is there anything else you want to add?
I'm very thankful to EHackingNews for providing me the platform to share my views and experiences !
If anyone wants to connect with me, then I'm on Twitter - @prakharprasad
My best wishes to all learners and ehackingnews.
SOURCE---> ehackingnews
0 comments:
Post a Comment
Thank You For Comment...