├── .DS_Store ├── _config.yml ├── media ├── .DS_Store ├── gurur.jpg ├── vickie-li.jpg ├── aditya-dixit.jpg ├── ahmet-gurel.jpg ├── orwa-atyat.jpg ├── pranit-garud.jpg ├── saad-nasir.jpg ├── sameer-bhatt.jpg ├── sumit-grover.jpg ├── armaan-pathan.jpg ├── godson-bastin.jpg ├── himanshu-giri.jpg ├── luke-stephens.jpg ├── michael-blake.jpg ├── parveen-yadav.jpg ├── robbe-van-roey.jpg ├── kishore-krishna.jpg ├── lauritz-holtmann.jpg ├── mrityunjoy-biswas.jpg ├── nicolas-krassas.jpg ├── nilesh-sapariya.jpg └── sujit-suryawanshi.jpg ├── SecurityStories ├── .DS_Store ├── himanshu-giri.md ├── orwa-atyat.md ├── parveen-yadav.md ├── saad-nasir.md ├── lauritz-holtmann.md ├── luke-stephens.md ├── michael-blake.md ├── gurur-yetiskin.md ├── pranit-garud.md ├── sujit-suryawanshi.md ├── sumit-grover.md ├── aditya-dixit.md ├── nicolas-krassas.md ├── sameer-bhatt.md ├── godson-bastin.md ├── kishore-krishna.md ├── armaan-pathan.md ├── vickie-li.md ├── ahmet-gurel.md ├── robbe-van-roey.md ├── nilesh-sapariya.md └── mrityunjoy-biswas.md └── README.md /.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/harsh-bothra/SecurityStories/main/.DS_Store -------------------------------------------------------------------------------- /_config.yml: -------------------------------------------------------------------------------- 1 | remote_theme: pages-themes/hacker@v0.2.0 2 | plugins: 3 | - jekyll-remote-theme -------------------------------------------------------------------------------- /media/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/harsh-bothra/SecurityStories/main/media/.DS_Store -------------------------------------------------------------------------------- /media/gurur.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/harsh-bothra/SecurityStories/main/media/gurur.jpg -------------------------------------------------------------------------------- /media/vickie-li.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/harsh-bothra/SecurityStories/main/media/vickie-li.jpg -------------------------------------------------------------------------------- /media/aditya-dixit.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/harsh-bothra/SecurityStories/main/media/aditya-dixit.jpg -------------------------------------------------------------------------------- /media/ahmet-gurel.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/harsh-bothra/SecurityStories/main/media/ahmet-gurel.jpg -------------------------------------------------------------------------------- /media/orwa-atyat.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/harsh-bothra/SecurityStories/main/media/orwa-atyat.jpg -------------------------------------------------------------------------------- /media/pranit-garud.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/harsh-bothra/SecurityStories/main/media/pranit-garud.jpg -------------------------------------------------------------------------------- /media/saad-nasir.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/harsh-bothra/SecurityStories/main/media/saad-nasir.jpg -------------------------------------------------------------------------------- /media/sameer-bhatt.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/harsh-bothra/SecurityStories/main/media/sameer-bhatt.jpg -------------------------------------------------------------------------------- /media/sumit-grover.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/harsh-bothra/SecurityStories/main/media/sumit-grover.jpg -------------------------------------------------------------------------------- /media/armaan-pathan.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/harsh-bothra/SecurityStories/main/media/armaan-pathan.jpg -------------------------------------------------------------------------------- /media/godson-bastin.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/harsh-bothra/SecurityStories/main/media/godson-bastin.jpg -------------------------------------------------------------------------------- /media/himanshu-giri.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/harsh-bothra/SecurityStories/main/media/himanshu-giri.jpg -------------------------------------------------------------------------------- /media/luke-stephens.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/harsh-bothra/SecurityStories/main/media/luke-stephens.jpg -------------------------------------------------------------------------------- /media/michael-blake.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/harsh-bothra/SecurityStories/main/media/michael-blake.jpg -------------------------------------------------------------------------------- /media/parveen-yadav.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/harsh-bothra/SecurityStories/main/media/parveen-yadav.jpg -------------------------------------------------------------------------------- /media/robbe-van-roey.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/harsh-bothra/SecurityStories/main/media/robbe-van-roey.jpg -------------------------------------------------------------------------------- /SecurityStories/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/harsh-bothra/SecurityStories/main/SecurityStories/.DS_Store -------------------------------------------------------------------------------- /media/kishore-krishna.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/harsh-bothra/SecurityStories/main/media/kishore-krishna.jpg -------------------------------------------------------------------------------- /media/lauritz-holtmann.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/harsh-bothra/SecurityStories/main/media/lauritz-holtmann.jpg -------------------------------------------------------------------------------- /media/mrityunjoy-biswas.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/harsh-bothra/SecurityStories/main/media/mrityunjoy-biswas.jpg -------------------------------------------------------------------------------- /media/nicolas-krassas.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/harsh-bothra/SecurityStories/main/media/nicolas-krassas.jpg -------------------------------------------------------------------------------- /media/nilesh-sapariya.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/harsh-bothra/SecurityStories/main/media/nilesh-sapariya.jpg -------------------------------------------------------------------------------- /media/sujit-suryawanshi.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/harsh-bothra/SecurityStories/main/media/sujit-suryawanshi.jpg -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # SecurityStories - 52 Weeks, 52 Stories 2 | 3 | **SecurityStories - 52 Weeks, 52 Stories** is a new initiative to share stories of cyber security professionals who are spread across the globe to tell the world about how they started, what were the blockers in their journey, where they were vs where they are now and likewise, interesting stuff. This is to inspire the world and share the less-known stories of cyber security professionals. 4 | 5 | This will be posted on Twitter & LinkedIn and a Repository will be maintained on GitHub. 6 | 7 | Follow me on Twitter for Regular Updates: [Harsh Bothra](https://twitter.com/harshbothra_). 8 | 9 | 10 | # SecurityStories - Story List 11 | ___ 12 | 13 | S.No. | Story | Social Profile 14 | --- | --- | --- 15 | **1** | [Ahmet Gurel](/SecurityStories/ahmet-gurel.md) | [Twitter](https://twitter.com/ahmettgurell) 16 | **2** | [Sumit Grover](/SecurityStories/sumit-grover.md) | [Twitter](https://twitter.com/sumgr0) 17 | **3** | [Nilesh Sapariya](/SecurityStories/nilesh-sapariya.md) | [Twitter](https://twitter.com/nilesh_loganx) 18 | **4** | [Luke Stephens](/SecurityStories/luke-stephens.md) | [Twitter](https://twitter.com/hakluke) 19 | **5** | [Parveen Yadav](/SecurityStories/parveen-yadav.md) |[Twitter](https://twitter.com/parveen1015) 20 | **6** | [Robbe Van Roey](/SecurityStories/robbe-van-roey.md) |[Twitter](https://twitter.com/PinkDraconian) 21 | **7** | [Mrityunjoy Biswas](/SecurityStories/mrityunjoy-biswas.md) | [Twitter](https://twitter.com/mitunjoy11) 22 | **8** | [Aditya Dixit](/SecurityStories/aditya-dixit.md) | [Twitter](https://twitter.com/zombie007o) 23 | **9** | [Nicolas Krassas](/SecurityStories/nicolas-krassas.md) | [Twitter](https://twitter.com/Dinosn) 24 | **10** | [Sameer Bhatt](/SecurityStories/sameer-bhatt.md) | [Twitter](https://twitter.com/sameer_bhatt5) 25 | **11** | [Gurur Yetiskin](/SecurityStories/gurur-yetiskin.md) | [Twitter](https://twitter.com/gy3tiskin) 26 | **12** | [Vickie Li](/SecurityStories/vickie-li.md) | [Twitter](https://twitter.com/vickieli7) 27 | **13** | [Michael Blake](/SecurityStories/michael-blake.md) | [Twitter](https://twitter.com/Michael1026H1) 28 | **14** | [Himanshu Giri](/SecurityStories/himanshu-giri.md) | [Twitter](https://twitter.com/h0i0m0a0n0s0h0u) 29 | **15** | [Kishore Krishna Pai](/SecurityStories/kishore-krishna.md) | [Twitter](https://twitter.com/sillydadddy) 30 | **16** | [Godson Bastin](/SecurityStories/godson-bastin.md) | [Twitter](https://twitter.com/0xGodson_) 31 | **17** | [Orwa Atyat](/SecurityStories/orwa-atyat.md) | [Twitter](https://twitter.com/GodfatherOrwa) 32 | **18** | [Armaan Pathan](/SecurityStories/armaan-pathan.md) | [Twitter](https://twitter.com/armaancrockroax) 33 | **19** | [Saad Nasir](/SecurityStories/saad-nasir.md) | [Twitter](https://twitter.com/iamsaadnasir) 34 | **20** | [Lauritz Holtmann](/SecurityStories/lauritz-holtmann.md) | [Twitter](https://twitter.com/_lauritz_) 35 | **21** | [Sujit Suryawanshi](/SecurityStories/sujit-suryawanshi.md) | [Twitter](https://twitter.com/_codeh4ck3r) 36 | **22** | [Pranit Garud](/SecurityStories/pranit-garud.md) | [Twitter](https://twitter.com/rootsploit) 37 | -------------------------------------------------------------------------------- /SecurityStories/himanshu-giri.md: -------------------------------------------------------------------------------- 1 | # SecurityStories - 52 Weeks, 52 Stories 2 | 3 | ## Story - 12: Featuring **Himanshu Giri** 4 | 5 | ![Himanshu Giri](../media/himanshu-giri.jpg) 6 | 7 | Through the SecurityStories series, Today, we are excited to bring forward the story of Himanshu Giri, a full-time bug bounty hunter and pentester from India. So let's jump straight into learning more about Himanshu's experience. 8 | 9 | ### **Question:** Could you briefly introduce yourself? 10 | 11 | **Himanshu:** I am working as a full time lead pentester at Cobalt and part time pentester at Synack. I have 4+ years of experience in Information Security & Penetration Testing with expertise in Web, Network, Thick Client, and Mobile Application Security. As per the 2020-21 and 2021-22 assessment I was recognized as an Olympian and Hero rank (https://acropolis.synack.com/inductees/himanshugiri/) by Synack Red Team. 12 | 13 | 14 | ### **Question:** How did you get started in Cyber Security? 15 | 16 | **Himanshu:** I started my security career when my father bought a new laptop back in 2011 and my laptop automatically got connected with a open wifi network and after that I researched about the wifi hacking etc. that's how I got the initial kickoff. 17 | 18 | 19 | ### **Question:** What were the initial challenges and blockers you faced? 20 | 21 | **Himanshu:** During my initial days there were no mind-maps, courses and active community. 22 | 23 | 24 | ### **Question:** What learning methodology did you follow or still follow? 25 | **Himanshu:** Hack The Box Walkthroughs (IppSec - YouTube videos) and Twitter and community blog-posts. 26 | 27 | 28 | ### **Question:** What all certifications do you hold, and what certificates would you recommend to the readers? 29 | 30 | **Himanshu:** I currently don't hold any certifications. However, OSCP and PNPT are good choices. 31 | 32 | 33 | ### **Question:** What is your favourite thing to hack on? 34 | 35 | **Himanshu:** External Networks and Web Application 36 | 37 | 38 | ### **Question:** What does your tool arsenal look like - Could you share some? 39 | 40 | **Himanshu:** ProjectDiscovery, Tomnomnom all tools,Burp-suite and some custom made one-liner scripts. 41 | 42 | 43 | 44 | ### **Question:** How do you cope with Burn Outs? 45 | 46 | **Himanshu:** Weekends car rides and bike ride. 47 | 48 | 49 | ### **Question:** What would you advise the newcomers in Cyber Security? 50 | 51 | **Himanshu:** Understanding of Networking Concepts and Web application development idea from front-end to backed will help in a long run. 52 | 53 | 54 | ### **Question:** How do you keep up with the latest trends in Cyber Security - Could you share your go-to resources? 55 | 56 | **Himanshu:** I mostly use Twitter to be updated. 57 | 58 | 59 | ### **Question:** What's your life outside hacking? 60 | 61 | **Himanshu:** Outside hacking I love to play computer games, car driving, bike riding etc. 62 | 63 | 64 | ### Social Profiles 65 | - LinkedIn: https://linkedin.com/in/himanshu-giri-6b7131ba 66 | - Twitter : https://www.twitter.com/h0i0m0a0n0s0h0u 67 | 68 | 69 | 70 | > Did you find Himanshu's story interesting and inspiring? Please share it with your friends and colleagues to spread the word. 71 | 72 | > We will be coming up with more exciting and inspiring stories Weekly. 73 | 74 | Follow Me on [Twitter](https://www.twitter.com/harshbothra_) -------------------------------------------------------------------------------- /SecurityStories/orwa-atyat.md: -------------------------------------------------------------------------------- 1 | # SecurityStories - 52 Weeks, 52 Stories 2 | 3 | ## Story - 17: Featuring **Orwa Atyat** 4 | 5 | ![Orwa Bastin](../media/orwa-atyat.jpg) 6 | 7 | Through the SecurityStories series, Today, we are excited to bring forward the story of Orwa Atyat from Jordan, who is widely known in the bug bounty and security community for his contributions. 8 | 9 | ### **Question:** Could you briefly introduce yourself? 10 | 11 | **Orwa:** I am Orwa, Godfather, a full-time bug hunter. I have owned multiple CVEs, including CVE-2022-21500& CVE-2022-21567. I am LevelUpX Champion Of Bugcrowd 2022/2023 and ranked as top 50 on Bugcrowd and 3rd P1 Warrior. 12 | 13 | 14 | ### **Question:** How did you get started in Cyber Security? 15 | 16 | **Orwa:** By watching a video about that, if you found a bug or if you can report it to the company and take your bounty for that and first video I watched was [github recon and sensitive data exposure] 17 | 18 | 19 | 20 | ### **Question:** What were the initial challenges and blockers you faced? 21 | 22 | **Orwa:** I started in this field without any experience or background in hacking. I didn't know anything, don't know what they meant by the subdomain, domain, port, or any language I searched for leaked passwords. 23 | 24 | 25 | ### **Question:** What learning methodology did you follow or still follow? 26 | **Orwa:** I started learning all available methodologies, but the best was [Jhaddix] & [zseano] 27 | 28 | 29 | 30 | ### **Question:** What all certifications do you hold, and what certificates would you recommend to the readers? 31 | 32 | **Orwa:** Unfortunately, I did not get any certificate, so I can't answer by that 33 | 34 | 35 | 36 | ### **Question:** What is your favourite thing to hack on? 37 | 38 | **Orwa:** [Web-App] and in programs [bank programs] and bugs [server side bugs and information disclosure bugs] 39 | 40 | 41 | ### **Question:** What does your tool arsenal look like - Could you share some? 42 | 43 | **Orwa:** ReconFTW - FFUF - Sqlmap - GitTools - Naabu - Amass - httpx 44 | 45 | ### **Question:** How do you cope with Burn Outs? 46 | 47 | **Orwa:s** By knowing what is in that mind, I deal with it accordingly. 48 | 49 | ### **Question:** What would you advise the newcomers in Cyber Security? 50 | **Orwa:** The focus on Information Disclosure & IDOR bugs and learning from any source for Recon. 51 | 52 | ### **Question:** How do you keep up with the latest trends in Cyber Security - Could you share your go-to resources? 53 | 54 | **Orwa:** By checking Twitter and LinkedIn. I also use Bugcrowd level-up as my go-to resource. 55 | 56 | ### **Question:** What's your life outside hacking? 57 | 58 | **Orwa:** Doing bodybuilding, going out daily, cooking at times and having fun when I'm away from the computer. 59 | 60 | ### Social Profiles 61 | 62 | - Twitter: https://twitter.com/GodfatherOrwa 63 | - LinkedIn: https://www.linkedin.com/in/orwa-atiyat-1b9800198/ 64 | - Youtube: https://www.youtube.com/@orwaatyat2958 & https://www.youtube.com/watch?v=z1rOMrCOGA0&feature=youtu.be 65 | - Medium: https://orwaatyat.medium.com/ 66 | - Bugcrowd: https://bugcrowd.com/OrwaGodfather 67 | - HackerOne: https://hackerone.com/mr-hakhak?type=user 68 | - TikTok: https://www.tiktok.com/@orwa.atyat 69 | 70 | 71 | > Did you find Orwa's story interesting and inspiring? Please share it with your friends and colleagues to spread the word. 72 | 73 | > We will be coming up with more exciting and inspiring stories Weekly. 74 | 75 | Follow Me on [Twitter](https://www.twitter.com/harshbothra_) -------------------------------------------------------------------------------- /SecurityStories/parveen-yadav.md: -------------------------------------------------------------------------------- 1 | # SecurityStories - 52 Weeks, 52 Stories 2 | 3 | ## Story - 5: Featuring **Parveen Yadav** 4 | 5 | ![Parveen Yadav](../media/parveen-yadav.jpg) 6 | 7 | Through the SecurityStories series, Today, we are excited to bring forward the story of Parveen Yadav, a highly skilled hacker, security professional and one of the minds behind the OWASP SeaSides conference. 8 | 9 | Let's jump straight into learning more about him and his experience. 10 | 11 | ### **Question:** Could you briefly introduce yourself? 12 | 13 | **Parveen:** I am working as Product Security Analyst with a well-known Bug Bounty Platform, HackerOne. I have around 12+ years of experience and expertise in the Web application, Network penetration testing, Thick Client Testing, Large Industry printers security assessment, Red Teaming & Mobile Application Testing. I am the co-founder of the OWASP Seasides conference, Goa and founder of Bug Bounty Village and presented at C0c0n and Seasides Conference. 14 | 15 | 16 | ### **Question:** How did you get started in Cyber Security? 17 | 18 | **Parveen:** While I was in college almost a decade back, I learned about cyber security, and it sparked my interest. Since then, I have kept working and growing in this field, mainly through self-learning. 19 | 20 | ### **Question:** What were the initial challenges and blockers you faced? 21 | 22 | **Parveen:** I started in 2011. During that time, there were relatively fewer learning articles, and videos, so I collaborated with other security researchers during that time, and we made some silly mistakes and learned new things as well 23 | 24 | 25 | ### **Question:** What is the learning methodology you followed or still follow? 26 | **Parveen:** Self-learning is the best learning method, and I greatly advocate it. You learn and grow from your mistakes and gain experiences. 27 | 28 | 29 | 30 | ### **Question:** What all certifications do you hold, and what certificates would you recommend to the readers? 31 | 32 | **Parveen:** I hold AWS Certified Cloud Practitioner. Having certification is a personal choice. At the same time, it is unnecessary but could be an excellent credential to show when you are a fresher. 33 | 34 | 35 | ### **Question:** What is your favourite thing to hack on? 36 | 37 | **Parveen:** SQL Injection is my all-time favourite vulnerability, and I scored most of my bounties through this. 38 | 39 | ### **Question:** What does your tool arsenal look like - Could you share some? 40 | 41 | **Parveen:** I love doing Recon and looking for Dependency Confusion. Burpsuite is one of my go-to hacking tools. 42 | 43 | ### **Question:** How do you cope with Burn Outs? 44 | 45 | **Parveen:** I like to chill out with friends and go to amazing places for the holidays to refresh my mind. 46 | 47 | ### **Question:** What would you advise the newcomers in Cyber Security? 48 | 49 | **Parveen:** Engage with your seniors in cyber security. They best guide you on how to start your cyber security career and learn from your mistakes. 50 | 51 | ### **Question:** How do you keep up with the latest trends in Cyber Security - Could you share your go-to resources? 52 | 53 | **Parveen:** Twitter is the best source to keep learning the new latest trends. 54 | 55 | ### **Question:** What's your life outside hacking? 56 | 57 | **Parveen:** I am a fun and chill guy. I like to make friends with everyone and always love to help people. 58 | 59 | 60 | ### Social Profiles 61 | - LinkedIn: https://www.linkedin.com/in/parveen1015/ 62 | - Twitter: https://twitter.com/parveen1015 63 | 64 | > Did you find Parveen's story interesting and inspiring? Please share it with your friends and colleagues to spread the word. 65 | 66 | > We will be coming up with more exciting and inspiring stories Weekly. 67 | 68 | Follow Me on [Twitter](https://www.twitter.com/harshbothra_) -------------------------------------------------------------------------------- /SecurityStories/saad-nasir.md: -------------------------------------------------------------------------------- 1 | # SecurityStories - 52 Weeks, 52 Stories 2 | 3 | ## Story - 19: Featuring **Saad Nasir** 4 | 5 | ![Saad Nasir](../media/saad-nasir.jpg) 6 | 7 | Through the SecurityStories series, Today, we are excited to bring forward the story of Saad Nasir, who is a red teamer and cloud security expert from the United States of America. 8 | 9 | ### **Question:** Could you briefly introduce yourself? 10 | 11 | **Saad:** Saad is a Red Teamer and Cloud Security Expert with extensive knowledge in network and database administration; he has a wide range of expertise in Red Teaming, Web Applications, and Mobile Pentesting. When Saad is free, you’ll find him working to further his skills, engaging with his local community, and playing golf and cricket. 12 | 13 | 14 | ### **Question:** How did you get started in Cyber Security? 15 | 16 | **Saad:** In 2018 I showed interest in Threat Intelligence but ended up choosing Red Teaming as it was more exciting and valuable to me hence started my career in the United States, moving from Information Technology. 17 | 18 | ### **Question:** What were the initial challenges and blockers you faced? 19 | 20 | **Saad:** Choosing the right domain in cybersecurity was challenging, but the help of a close friend saved me from that part, and I ended up starting my career in Red Teaming. 21 | 22 | 23 | 24 | ### **Question:** What learning methodology did you follow or still follow? 25 | **Saad:** Hands-on methodology, If I see something new to me, I try to do it manually through hands-on even though I have to spend resources. That ensures I am learning and following the right approach toward whatever I am doing. 26 | 27 | 28 | ### **Question:** What all certifications do you hold, and what certificates would you recommend to the readers? 29 | 30 | **Saad:** I hold OSCP, PNPT, EJPT, CYSA+ and AWSASS. My recommendation to the reader is to get any cert that allows you to learn Hands-on expertise. PNPT is one of them to get hold of basics and intermediate operations of penetration and networking test. 31 | 32 | 33 | ### **Question:** What is your favourite thing to hack on? 34 | 35 | **Saad:** JWT - abuse of JSON tokens to take over the accounts 36 | 37 | 38 | ### **Question:** What does your tool arsenal look like - Could you share some? 39 | 40 | **Saad:** BurpSuite Pro, Open Source Templates, Cobalt Strike, Python Scripts, etc. 41 | 42 | 43 | 44 | ### **Question:** How do you cope with Burn Outs? 45 | 46 | **Saad:s** Playing Sports, Going out with the family 47 | 48 | 49 | ### **Question:** What would you advise the newcomers in Cyber Security? 50 | **Saad:** I won’t tell somebody to learn this and that, watch this video and try to be hands-on with the operations. This 12 hours video is enough to get a basic understanding of hacking. 51 | 52 | https://www.youtube.com/watch?v=fNzpcB7ODxQ 53 | 54 | And here is my advice if you are new in the field: 55 | 56 | Overcome the fear that you can do it. Listen to everyone but decide what you like and want to proceed with. Don’t just watch how others do it, prepare, build and try to be hands-on to develop your skills. 57 | 58 | 59 | ### **Question:** How do you keep up with the latest trends in Cyber Security - Could you share your go-to resources? 60 | 61 | **Saad:** Hack the Box Challenges, Staying up to date with the CISA handles, following the news using the threat Intel resources. 62 | 63 | 64 | ### **Question:** What's your life outside hacking? 65 | 66 | **Saad:** Interesting! Outside of hacking, I love to drive different cars and sports; I am an opening batsman in Cricket and a Golf player. Besides that, I am involved in community events, and I am the founder of Security BSides Albuquerque @BSides_ABQ conference. 67 | 68 | 69 | ### Social Profiles 70 | 71 | - LinkedIn: https://www.linkedin.com/in/iamsaadnasir 72 | 73 | 74 | > Did you find Saad's story interesting and inspiring? Please share it with your friends and colleagues to spread the word. 75 | 76 | > We will be coming up with more exciting and inspiring stories Weekly. 77 | 78 | Follow Me on [Twitter](https://www.twitter.com/harshbothra_) -------------------------------------------------------------------------------- /SecurityStories/lauritz-holtmann.md: -------------------------------------------------------------------------------- 1 | # SecurityStories - 52 Weeks, 52 Stories 2 | 3 | ## Story - 20: Featuring **Lauritz Holtmann** 4 | 5 | ![Lauritz Holtmann](../media/lauritz-holtmann.jpg) 6 | 7 | Through the SecurityStories series, Today, we are excited to bring forward the story of Lauritz Nasir, who is a red teamer and cloud security expert from the United States of America. 8 | 9 | ### **Question:** Could you briefly introduce yourself? 10 | 11 | **Lauritz:** Lauritz is a Red Teamer and Cloud Security Expert with extensive knowledge in network and database administration; he has a wide range of expertise in Red Teaming, Web Applications, and Mobile Pentesting. When Lauritz is free, you’ll find him working to further his skills, engaging with his local community, and playing golf and cricket. 12 | 13 | 14 | ### **Question:** How did you get started in Cyber Security? 15 | 16 | **Lauritz:** In 2018 I showed interest in Threat Intelligence but ended up choosing Red Teaming as it was more exciting and valuable to me hence started my career in the United States, moving from Information Technology. 17 | 18 | ### **Question:** What were the initial challenges and blockers you faced? 19 | 20 | **Lauritz:** Choosing the right domain in cybersecurity was challenging, but the help of a close friend saved me from that part, and I ended up starting my career in Red Teaming. 21 | 22 | 23 | 24 | ### **Question:** What learning methodology did you follow or still follow? 25 | **Lauritz:** Hands-on methodology, If I see something new to me, I try to do it manually through hands-on even though I have to spend resources. That ensures I am learning and following the right approach toward whatever I am doing. 26 | 27 | 28 | ### **Question:** What all certifications do you hold, and what certificates would you recommend to the readers? 29 | 30 | **Lauritz:** I hold OSCP, PNPT, EJPT, CYSA+ and AWSASS. My recommendation to the reader is to get any cert that allows you to learn Hands-on expertise. PNPT is one of them to get hold of basics and intermediate operations of penetration and networking test. 31 | 32 | 33 | ### **Question:** What is your favourite thing to hack on? 34 | 35 | **Lauritz:** JWT - abuse of JSON tokens to take over the accounts 36 | 37 | 38 | ### **Question:** What does your tool arsenal look like - Could you share some? 39 | 40 | **Lauritz:** BurpSuite Pro, Open Source Templates, Cobalt Strike, Python Scripts, etc. 41 | 42 | 43 | 44 | ### **Question:** How do you cope with Burn Outs? 45 | 46 | **Lauritz:s** Playing Sports, Going out with the family 47 | 48 | 49 | ### **Question:** What would you advise the newcomers in Cyber Security? 50 | **Lauritz:** I won’t tell somebody to learn this and that, watch this video and try to be hands-on with the operations. This 12 hours video is enough to get a basic understanding of hacking. 51 | 52 | https://www.youtube.com/watch?v=fNzpcB7ODxQ 53 | 54 | And here is my advice if you are new in the field: 55 | 56 | Overcome the fear that you can do it. Listen to everyone but decide what you like and want to proceed with. Don’t just watch how others do it, prepare, build and try to be hands-on to develop your skills. 57 | 58 | 59 | ### **Question:** How do you keep up with the latest trends in Cyber Security - Could you share your go-to resources? 60 | 61 | **Lauritz:** Hack the Box Challenges, Staying up to date with the CISA handles, following the news using the threat Intel resources. 62 | 63 | 64 | ### **Question:** What's your life outside hacking? 65 | 66 | **Lauritz:** Interesting! Outside of hacking, I love to drive different cars and sports; I am an opening batsman in Cricket and a Golf player. Besides that, I am involved in community events, and I am the founder of Security BSides Albuquerque @BSides_ABQ conference. 67 | 68 | 69 | ### Social Profiles 70 | 71 | - LinkedIn: https://www.linkedin.com/in/iamLauritznasir 72 | 73 | 74 | > Did you find Lauritz's story interesting and inspiring? Please share it with your friends and colleagues to spread the word. 75 | 76 | > We will be coming up with more exciting and inspiring stories Weekly. 77 | 78 | Follow Me on [Twitter](https://www.twitter.com/harshbothra_) -------------------------------------------------------------------------------- /SecurityStories/luke-stephens.md: -------------------------------------------------------------------------------- 1 | # SecurityStories - 52 Weeks, 52 Stories 2 | 3 | ## Story - 4: Featuring **Luke Stephens** 4 | 5 | ![Luke Stephens](../media/luke-stephens.jpg) 6 | 7 | Through the SecurityStories series, Today, we are excited to bring forward the story of Luke Stephens, a highly skilled ethical hacker and security content creator from Australia who needs no introductions and is widely known for his work in the community. So let's jump straight into learning more about him and from his experience. 8 | 9 | ### **Question:** Could you briefly introduce yourself? 10 | 11 | **Luke:** I'm Luke Stephens. I go by hakluke online. I'm a computer hacker and indie founder. I'm a pentester and bug bounty hunter, but these days I spend most of my time running my businesses, Haksec.io (a pentesting consultancy) and HackerContent.com (a marketing agency for cybersecurity businesses) 12 | 13 | ### **Question:** How did you get started in Cyber Security? 14 | 15 | **Luke:** I started hacking at a very young age - I can't really remember precisely what drew me to it, but I know that the movie "The Matrix" had a significant part to play. 16 | 17 | ### **Question:** What were the initial challenges and blockers you faced? 18 | 19 | **Luke:** When I learned to hack, minimal resources were available on the internet. Today we are spoiled for choice! 20 | 21 | 22 | ### **Question:** What is the learning methodology you followed or still follow? 23 | **Luke:** ❌ Learn, learn, learn, learn, do. 24 | ✅ Learn, do, learn, do, learn, do. 25 | 26 | I only really learn things if I need to know them for the project that I'm currently on. That way, my learning always has a purpose and a goal. I rarely sit down and watch tutorials about something because I might need it at some point in future. 27 | 28 | 29 | ### **Question:** What all certifications do you hold, and what certificates would you recommend to the readers? 30 | 31 | **Luke:** I have a Bachelor of Music and OSCP. 32 | 33 | I would recommend something other than the Bachelor of Music. It hasn't advanced my career in cybersecurity. It was fun, though. 34 | 35 | ### **Question:** What is your favourite thing to hack on? 36 | 37 | **Luke:** I love to hack on web applications. 38 | 39 | 40 | ### **Question:** What does your tool arsenal look like - Could you share some? 41 | 42 | **Luke:** A lot of my tools are ones I have written myself. I open source most of them on my GitHub, https://github.com/hakluke. 43 | 44 | Other than that, I use Burp Suite and a bunch of tools from ProjectDiscovery. 45 | 46 | 47 | ### **Question:** How do you cope with Burn Outs? 48 | 49 | **Luke:** I stop doing whatever is burning me out. I also review the basics: Am I sleeping enough? Am I eating good food? Am I exercising? Am I giving myself time to relax? 50 | 51 | ### **Question:** What would you advise the newcomers in Cyber Security? 52 | 53 | **Luke:** Don't lose your creativity. As soon as people get a cybersecurity job, they lose their curiosity and creativity. 54 | 55 | Try to keep your fire burning. 56 | 57 | ### **Question:** How do you keep up with the latest trends in Cyber Security - Could you share your go-to resources? 58 | 59 | **Luke:** Mostly Twitter, but I also sign up for several good newsletters. Namely Securibee's "Hive Five Newsletter" and Daniel Meissler's newsletter. 60 | 61 | 62 | ### **Question:** What's your life outside hacking? 63 | 64 | **Luke:** When I am not hacking, I mostly enjoy hanging out with my family. 65 | 66 | ### Social Profiles 67 | - Twitter: https://twitter.com/hakluke 68 | - Web: https://hakluke.com 69 | - LinkedIn: https://linkedin.com/in/hakluke/ 70 | - Newsletter: https://getrevue.co/profile/hakluke 71 | - Mastodon: https://infosec.exchange/@hakluke 72 | - YouTube: https://youtube.com/hakluke 73 | - TikTok: https://tiktok.com/@hakluke 74 | - Insta: https://instagram.com/hakluke_ 75 | - Discord: hakluke#1337 76 | 77 | > Did you find Luke's story interesting and inspiring? Please share it with your friends and colleagues to spread the word. 78 | 79 | > We will be coming up with more exciting and inspiring stories Weekly. 80 | 81 | Follow Me on [Twitter](https://www.twitter.com/harshbothra_) -------------------------------------------------------------------------------- /SecurityStories/michael-blake.md: -------------------------------------------------------------------------------- 1 | # SecurityStories - 52 Weeks, 52 Stories 2 | 3 | ## Story - 13: Featuring **Michael Blake** 4 | 5 | ![Michael Blake](../media/michael-blake.jpg) 6 | 7 | Through the SecurityStories series, Today, we are excited to bring forward the story of Michael Blake, a seasoned application security engineer from United States and a top bug bounty hunter. So let's jump straight into learning more about Michael's experience. 8 | 9 | ### **Question:** Could you briefly introduce yourself? 10 | 11 | **Michael:** My name is Michael Blake. I am an application security engineer and a bug bounty hunter. 12 | 13 | ### **Question:** How did you get started in Cyber Security? 14 | 15 | **Michael:** Cyber security was an interest I accidentally discovered. When I was a kid, I played quite a few video games. One of the things I loved doing what looking up bugs / glitches in games or trying to discover my own. I loved getting out of maps or doing anything I wasn't meant to be able to do. This later turned into modding video games, which then led me to hacking and security. 16 | 17 | 18 | ### **Question:** What were the initial challenges and blockers you faced? 19 | 20 | **Michael:** My technical knowledge was fairly limited when I was learning how to hack. I was still in high school and only just learning how programming works. Hacking was still a mostly black-hat activity at the time with bug bounty programs just in their infancy. So there weren't nearly as many resources as there are today. 21 | 22 | 23 | ### **Question:** What learning methodology did you follow or still follow? 24 | **Michael:** I only learn by doing. I can read blog posts all day long, but it doesn't really click until I exploit the bug myself. 25 | 26 | 27 | ### **Question:** What all certifications do you hold, and what certificates would you recommend to the readers? 28 | 29 | **Michael:** I have a degree is software engineering. No certifications. The degree helped me get my foot in the door with becoming a web developer. Being a web developer (and doing bug bounties as a hobby) got my foot in the door to become an appsec engineer. 30 | 31 | 32 | ### **Question:** What is your favourite thing to hack on? 33 | 34 | **Michael:** Web applications. I don't think I've narrowed it down further than that. Once I find a thread to pull on, I will stick there for as long as I can. 35 | 36 | 37 | ### **Question:** What does your tool arsenal look like - Could you share some? 38 | 39 | **Michael:** My tool arsenal changes constantly. Sometimes I'm running custom tools hoping to find some bugs through automation. Sometimes, I'm running nothing but ffuf and Burp Suite. It depends what target I'm hacking. 40 | 41 | 42 | ### **Question:** How do you cope with Burn Outs? 43 | 44 | **Michael:** I don't really have any method of dealing with burn outs. I hack as a hobby and as a second income source, so I typically just hack when I have time and when it sounds entertaining to me. 45 | 46 | 47 | ### **Question:** What would you advise the newcomers in Cyber Security? 48 | 49 | **Michael:** Everyone is different. Do what works for you. Find what you enjoy and become good at that. Successful people in this field often have their own niches. 50 | 51 | 52 | ### **Question:** How do you keep up with the latest trends in Cyber Security - Could you share your go-to resources? 53 | 54 | **Michael:** I mainly just stay on Twitter to keep up with cyber security trends. Other than that, some podcasts such as Darknet Diaries and Malicious Life. 55 | 56 | 57 | ### **Question:** What's your life outside hacking? 58 | 59 | **Michael:** A full time job plus hacking keeps me pretty busy. Outside of this, other hobbies of mine include: golfing, hiking, photography, and astrophotography. 60 | 61 | ### Social Profiles 62 | - Twitter: https://twitter.com/Michael1026H1 63 | - LinkedIn: https://www.linkedin.com/in/michael-blake-oit/ 64 | 65 | 66 | > Did you find Michael's story interesting and inspiring? Please share it with your friends and colleagues to spread the word. 67 | 68 | > We will be coming up with more exciting and inspiring stories Weekly. 69 | 70 | Follow Me on [Twitter](https://www.twitter.com/harshbothra_) -------------------------------------------------------------------------------- /SecurityStories/gurur-yetiskin.md: -------------------------------------------------------------------------------- 1 | # SecurityStories - 52 Weeks, 52 Stories 2 | 3 | ## Story - 11: Featuring **Gurur Yetiskin** 4 | 5 | ![Gurur Yetiskin](../media/gurur.jpg) 6 | 7 | Through the SecurityStories series, Today, we are excited to bring forward the story of Gurur Yetiskin, a seasoned security researcher from Turkey. So let's jump straight into learning more about him and from his experience. 8 | 9 | ### **Question:** Could you briefly introduce yourself? 10 | 11 | **Gurur:** Hello, I am Gurur Yetiskin. I have been doing research on cyber security since 2017. As of 2019, I have been working professionally in cyber security. I am a senior cyber security consultant and lead the application security team. In my spare time, I do security research on bug bounty platforms. 12 | 13 | 14 | ### **Question:** How did you get started in Cyber Security? 15 | 16 | **Gurur:** After studying in Belgium and France in 2017, I started to be interested in cyber security, but I can say that I encountered the sector literally during my university years. After taking lessons from great names such as Özgür Alp, Ali K. and Tayfun Acarer during my university education, I quickly started cyber security. 17 | 18 | 19 | ### **Question:** What were the initial challenges and blockers you faced? 20 | 21 | **Gurur:** Finding the right resource among all the resources on the internet. There are thousands of sources, true or false, so sometimes I have trouble finding the right source. 22 | 23 | 24 | ### **Question:** What learning methodology did you follow or still follow? 25 | **Gurur:** My methodology is first to understand the vulnerability and why. Then I read all the public articles and posts about this vulnerability online. Finally, after reviewing all the information, I start hunting. Reading through all the resources and general bug bounties about the vulnerability takes a long time. Still, when I come across something I've read during testing, knowing what to do is an incredible feeling. 26 | 27 | 28 | ### **Question:** What all certifications do you hold, and what certificates would you recommend to the readers? 29 | 30 | **Gurur:** I currently have OSWP, CEH and MCP certificates. I am an active OSWE student and will take the OSWE exam this year. Since I work on web application security, I recommend OSWA and OSWE certificates. OSWA may be more accurate for beginners. I love Offensive Security resources. 31 | 32 | 33 | ### **Question:** What is your favourite thing to hack on? 34 | 35 | **Gurur:** I love account takeover vulnerabilities. Generally, the first thing I look for in an application is logical errors that disrupt the workflow. 36 | 37 | 38 | ### **Question:** What does your tool arsenal look like - Could you share some? 39 | 40 | **Gurur:** Burp Suite, nmap, and subfinder I use classic subdomain tools like. 41 | 42 | 43 | ### **Question:** How do you cope with Burn Outs? 44 | 45 | **Gurur:** I usually take a short break and focus on the things I love. 46 | 47 | 48 | ### **Question:** What would you advise the newcomers in Cyber Security? 49 | 50 | **Gurur:** I can say this for those who want to advance in the bug bounty area. I recommend not looking for any vulnerabilities without knowing all the vulnerabilities. This was my biggest mistake when I started because I only knew the basic vulnerabilities. So I only started looking for them in bug bounty programs, but naturally, I failed, which caused my morale to deteriorate. After you have mastered all the vulnerabilities, starting hunting will be much more helpful. 51 | 52 | 53 | ### **Question:** How do you keep up with the latest trends in Cyber Security - Could you share your go-to resources? 54 | 55 | **Gurur:** I follow new security research and follow up-to-date bug bounty writeups. 56 | 57 | 58 | ### **Question:** What's your life outside hacking? 59 | 60 | **Gurur:** I love listening to music and exploring new places. Whenever I have time, I go to concerts and places I have never been to. 61 | 62 | 63 | ### Social Profiles 64 | - Twitter: https://twitter.com/gy3tiskin 65 | - Linkedin: https://www.linkedin.com/in/gyetiskin/ 66 | - Website: https://gyetiskin.com 67 | 68 | 69 | > Did you find Gurur's story interesting and inspiring? Please share it with your friends and colleagues to spread the word. 70 | 71 | > We will be coming up with more exciting and inspiring stories Weekly. 72 | 73 | Follow Me on [Twitter](https://www.twitter.com/harshbothra_) -------------------------------------------------------------------------------- /SecurityStories/pranit-garud.md: -------------------------------------------------------------------------------- 1 | # SecurityStories - 52 Weeks, 52 Stories 2 | 3 | ## Story - 22: Featuring **Pranit Garud** 4 | 5 | ![Pranit Garud](../media/pranit-garud.jpg) 6 | 7 | Through the SecurityStories series, Today, we are excited to bring forward the story of Pranit Garud, who is an information security expert from India. 8 | 9 | ### **Question:** Could you briefly introduce yourself? 10 | 11 | **Pranit:** I am Pranit Garud, also known as RootSploit. I have over 5 years of experience in various aspects of cybersecurity, including Red Teaming, Application Security, Smart Contract Auditing, Attack Surface Management, and OSINT. I am currently dedicating my time as a full-time Bug Bounty/Penetration Tester and Security Researcher. 12 | 13 | 14 | ### **Question:** How did you get started in Cyber Security? 15 | 16 | **Pranit:** During my college years, I developed an interest in hacking and began experimenting with Wi-Fi and phishing pranks with friends. As my curiosity grew, I began to focus on exploiting network & web application-based vulnerabilities and reporting them to organizations through bug bounty programs. 17 | 18 | 19 | ### **Question:** What were the initial challenges and blockers you faced? 20 | 21 | **Pranit:** Initially, I faced several challenges such as lack of basic knowledge and difficulty in finding resources. There were limited resources available on hacking, and not all of them were accurate or relevant. I overcame these challenges by finding out relevant cybersecurity books, bug bounty and CTF write-ups which improved my skills. 22 | 23 | 24 | ### **Question:** What learning methodology did you follow or still follow? 25 | **Pranit:** When learning anything, I rely on the concept of first principles and mental models. 26 | 27 | 28 | ### **Question:** What all certifications do you hold, and what certificates would you recommend to the readers? 29 | 30 | **Pranit:** 31 | - Certified Ethical Hacker (CEH) v9 32 | - Offensive Security Certified Professional (OSCP) 33 | - Amazon Web Services Security Fundamentals 34 | 35 | I would recommend readers to prioritize developing skills more than certification as in most of the real-life scenarios your ability to dissect the problems and find solution. 36 | 37 | 38 | 39 | ### **Question:** What is your favourite thing to hack on? 40 | 41 | **Pranit:** Web Applications & Recon are one of my favourite things to hack on 42 | 43 | 44 | 45 | ### **Question:** What does your tool arsenal look like - Could you share some? 46 | 47 | **Pranit:** It depends on the target scope, however, I use the below tools for most of my engagements: 48 | - Subfinder, sublist3r, amass, ffuf, dirsearch 49 | - Nmap, rustscan, mitm6, responder, impacket, greyhound, GoPhish 50 | - Nuclei, Remix IDE, truffle, ganache 51 | And many more 52 | 53 | 54 | 55 | ### **Question:** How do you cope with Burn Outs? 56 | 57 | **Pranit:** To deal with burnouts, I do a few things that have worked for me: 58 | - Create a hacking routine: Set regular working hours that are precise (For Eg: 3-4 hours per day) 59 | - Exercise: Regular exercise may significantly reduce stress and burnout. 60 | - Hobbies: Having a hobby that you enjoy might help you take a break from hacking. 61 | 62 | 63 | ### **Question:** What would you advise the newcomers in Cyber Security? 64 | **Pranit:** Become comfortable with not knowing anything". I've learned multiple aspects of cyber security over the years, and each one demands a unique strategy and prior knowledge which is attainable once you are comfortable in not knowing anything and learning. 65 | 66 | 67 | 68 | ### **Question:** How do you keep up with the latest trends in Cyber Security - Could you share your go-to resources? 69 | 70 | **Pranit:** These are few learning resources I have followed over the years: 71 | Basics: TryHackMe Rooms, Pentester Labs 72 | Bug Bounty: HackerOne Hactivity, Intigriti Bug Bytes, HacktheBox Web Challenges 73 | Network: HacktheBox Boxes, TryHackMe 74 | Red Team: HacktheBox Labs - Dante, Offshore, Rasta 75 | Writeups/News: Twitter, Infosec Writeup, Linkedin 76 | 77 | 78 | 79 | ### **Question:** What's your life outside hacking? 80 | 81 | **Pranit:** Outside of hacking I enjoy working out, riding and travelling. 82 | 83 | 84 | ### Social Profiles 85 | 86 | - LinkedIn: https://www.linkedin.com/in/pranit-garud/ 87 | 88 | - Twitter: https://www.twitter.com/rootsploit 89 | 90 | 91 | 92 | > Did you find Pranit's story interesting and inspiring? Please share it with your friends and colleagues to spread the word. 93 | 94 | > We will be coming up with more exciting and inspiring stories Weekly. 95 | 96 | Follow Me on [Twitter](https://www.twitter.com/harshbothra_) -------------------------------------------------------------------------------- /SecurityStories/sujit-suryawanshi.md: -------------------------------------------------------------------------------- 1 | # SecurityStories - 52 Weeks, 52 Stories 2 | 3 | ## Story - 21: Featuring **Sujit Suryawanshi** 4 | 5 | ![Sujit Suryawanshi](../media/sujit-suryawanshi.jpg) 6 | 7 | Through the SecurityStories series, Today, we are excited to bring forward the story of Sujit Suryawanshi, who is an information security expert from India. 8 | 9 | ### **Question:** Could you briefly introduce yourself? 10 | 11 | **Sujit:** I have been working in information security from last 4+ years. I have good understanding of Application Security Processes, Exploiting and Researching Vulnerabilities, Security Best Practices, Threat Modeling and Information Security Strategy, Risk Assessments of Applications and Infrastructure. Currently, I'm working as Security Engineer in PayPal and I perform Penetration Testing, Vulnerability Assessment, Source Code Review of Web, Mobile, Network, Desktop, CLI Applications. 12 | 13 | 14 | ### **Question:** How did you get started in Cyber Security? 15 | 16 | **Sujit:** I started hacking in college, and I was pretty much a script kiddie back then. I used to hack public wireless networks and I used to perform MITM, Phishing, Password Spraying attacks on social media/college accounts of friends as a part of pranks. Later on I got curiosity to know more about hacking and cracking, that's where I learn to crack games to cheat. Along with that, I did some research in security field and got to know about offensive security, penetration testing and all other stuff. 17 | 18 | 19 | ### **Question:** What were the initial challenges and blockers you faced? 20 | 21 | **Sujit:** I didn't have a computer to learn more about security, so I used to perform most of the attacks on Raspberry Pi with Kali Nethunter and I didn't have any Wi-Fi at home, so I used to visit internet cafes in order to learn more and do some research about different types of vulnerabilities and attacks. 22 | 23 | 24 | ### **Question:** What learning methodology did you follow or still follow? 25 | **Sujit:** For learning different things in this field, I used to follow some people on the internet in order to learn more. I used to watch their YouTube videos, read blogs and articles about security. At that time, IRC was famous, so I used to have conversation about security stuff on IRC channels. 26 | 27 | 28 | ### **Question:** What all certifications do you hold, and what certificates would you recommend to the readers? 29 | 30 | **Sujit:** As of now, I hold CEH and Advanced Penetration Testing certificate. I will recommend readers to go for core level certificated such OffSec, SANS. 31 | 32 | 33 | ### **Question:** What is your favourite thing to hack on? 34 | 35 | **Sujit:** My favorite thing to hack on is Web, Mobile and CLI as I get to play with code and memory of the applications. 36 | 37 | 38 | 39 | ### **Question:** What does your tool arsenal look like - Could you share some? 40 | 41 | **Sujit:** Most of the time, I do things manually but yeah for automating security I use some tools such as amass, dirbuster, ffuf, httpx, nuclei, MobSF, BurpSuite etc. 42 | 43 | 44 | ### **Question:** How do you cope with Burn Outs? 45 | 46 | **Sujit:s** When I feel burn out, I go outside, have a coffee, ride a bike, and sometimes I play video games as well. 47 | 48 | ### **Question:** What would you advise the newcomers in Cyber Security? 49 | **Sujit:** I would recommend newcomers to go for core security rather than just sticking with some basic stuff. There are n number of things to learn and discover in security. Learn more advanced stuff, If any exploit is working, analyze how it's working, what exactly happening in that particular MSF Module. Read more code and try to understand the logic behind it. Think out of the box while testing applications. Do research on Zero Days and their exploits. Automate processes to hunt vulnerabilities (especially zero days) 50 | 51 | 52 | ### **Question:** How do you keep up with the latest trends in Cyber Security - Could you share your go-to resources? 53 | 54 | **Sujit:** I follow Twitter, Telegram Channels, YouTube and Podcasts to keep myself updated with latest trends in Cyber Security. 55 | 56 | 57 | ### **Question:** What's your life outside hacking? 58 | 59 | **Sujit:** Outside of Hacking, I spend time with my family and friends more. I go on trekking, camping and riding with my friends. Apart from this, I like to visit different cafés to try out new food/drinks. 60 | 61 | 62 | ### Social Profiles 63 | 64 | - LinkedIn: https://www.linkedin.com/in/codeh4ck3r 65 | - Twitter: https://twitter.com/_codeh4ck3r 66 | 67 | 68 | 69 | > Did you find Sujit's story interesting and inspiring? Please share it with your friends and colleagues to spread the word. 70 | 71 | > We will be coming up with more exciting and inspiring stories Weekly. 72 | 73 | Follow Me on [Twitter](https://www.twitter.com/harshbothra_) -------------------------------------------------------------------------------- /SecurityStories/sumit-grover.md: -------------------------------------------------------------------------------- 1 | # SecurityStories - 52 Weeks, 52 Stories 2 | 3 | ## Story - 2: Featuring **Sumit Grover** 4 | 5 | ![Sumit Grover](../media/sumit-grover.jpg) 6 | 7 | Through the SecurityStories series, Today, we are excited to bring forward the story of Sumit Grover, a highly skilled ethical hacker from India. So let's jump straight into learning more about him and from his experience. 8 | 9 | ### **Question:** Could you briefly introduce yourself? 10 | 11 | **Sumit:** Hi! My name is Sumit Grover, and I'm passionate about computer security forensics, and I've been a full-time bug bounty hunter for the last seven months. I came across the term "bug bounty" about two years back while watching a security-related video on YouTube. After that, I registered on all available platforms while unsure how to begin. With some experience in vulnerability assessment and penetration testing, I slowly started reading Medium articles and other blogs on bug bounty. That's when I came across Luke's (@hakluke) automation for Subdomain Takeovers. I then started using these techniques and refining them almost every day. After some time, I found my first subdomain takeover and began the actual journey in bug bounty. 12 | 13 | ### **Question:** How did you get started in Cyber Security? 14 | 15 | **Sumit:** The Cyber Security journey began with a Discovery Channel's show on Hackers featuring a story from Ernst and Young a long time back. This show inspired me to get into cyber security and be an ethical hacker. So back in 2005, I completed my Certification in Ethical Hacking. 16 | 17 | ### **Question:** What were the initial challenges and blockers you faced? 18 | 19 | **Sumit:** Back in the day, finding and reporting vulnerabilities you'd come across on the internet to the responsible teams was a big challenge. For example, I still remember a price change vulnerability I came across on the Indiatimes Shopping website while making an actual purchase. Still, it took me many rounds of emails to finally get their attention and have the fix in place. 20 | 21 | 22 | ### **Question:** What is the learning methodology that you followed or that you still follow? 23 | **Sumit:** As a learning process, there will be better mediums, so I go through medium posts, blogs, youtube videos, and Twitter feed to learn about the specific topics of interest. I also connect with people to discuss my challenges and share my experiences with them. 24 | 25 | 26 | ### **Question:** What all certifications do you hold, and what all certificates would you recommend to the readers? 27 | 28 | **Sumit:** I've successfully only completed CEH and attempted the CHFI certifications for now. Depending on the role people are targeting to achieve, knowledge is more important than actual certifications. Having credentials may only get you into the job role, but one can only be successful with the basic know-how of the tasks. 29 | 30 | ### **Question:** What is your favourite thing to hack on? 31 | 32 | **Sumit:** My favourite bug has been Subdomain Takeover, and it continues to excite me to hunt for them after three years. 33 | 34 | 35 | ### **Question:** What does your tool arsenal look like - Could you share some? 36 | 37 | **Sumit:** I use recon tools and methodologies to collect as much data as possible and do this every day. The recon toolset I use is already known to the public, like Amass, Findomain, Subfinder, Sublist3r, Assetfinder etc. 38 | 39 | ### **Question:** How do you cope up with Burn Outs? 40 | 41 | **Sumit:** Honestly, I'm yet to experience my burnout. Since I've ensured to spend time with the family, learn new tricks, optimize my automation workflow etc. I keep taking break sessions while still having those dedicated, focused moments to hunt. 42 | 43 | ### **Question:** What would you advise the newcomers in Cyber Security? 44 | 45 | **Sumit:** It is essential to know about everything in Cyber Security, but it is most important to be a specialist in at least one technology/process. Learn about everything happening in the industry while you master one skill that you enjoy. This is important from my experience. 46 | 47 | ### **Question:** How do you keep up with the latest trends in Cyber Security - Could you share your go-to resources? 48 | 49 | **Sumit:** I'm active on Twitter and get all the latest news and connections from there. Along with that, I've subscribed to blog posts and medium users sharing the topics of my interest. 50 | 51 | 52 | ### **Question:** What's your life outside hacking? 53 | 54 | **Sumit:** I'm very social and spend quality time with family and friends. I enjoy travelling and am a big-time foodie. At the same time, I also enjoy occasional cooking for the family. 55 | 56 | ### Social Profiles 57 | - Twitter: https://twitter.com/sumgr0 58 | 59 | > Did you find Sumit's story interesting and inspiring? Please share it with your friends and colleagues to spread the word. 60 | 61 | > We will be coming up with more exciting and inspiring stories Weekly. 62 | 63 | Follow Me on [Twitter](https://www.twitter.com/harshbothra_) -------------------------------------------------------------------------------- /SecurityStories/aditya-dixit.md: -------------------------------------------------------------------------------- 1 | # SecurityStories - 52 Weeks, 52 Stories 2 | 3 | ## Story - 8: Featuring **Aditya Dixit** 4 | 5 | ![Aditya Dixit](../media/aditya-dixit.jpg) 6 | 7 | Through the SecurityStories series, Today, we are excited to bring forward the story of Aditya Dixit, a highly skilled ethical hacker from India who is working to modernize Web3 Security and traditional pentest. So let's jump straight into learning more about him and from his experience. 8 | 9 | ### **Question:** Could you briefly introduce yourself? 10 | 11 | **Aditya:** I'm leading the Research at CredShields, and the Pentest teams at Cobalt Labs and HackerOne. I love taking things apart, and I'm glad I get to do this as a full-time job. 12 | 13 | At CredShields, we work on Smart Contract Security, Audits, and automation & research on SolidityScan. In my other two positions, I lead teams of pentesters in delivering high-quality pentest services to our clients. 14 | 15 | 16 | ### **Question:** How did you get started in Cyber Security? 17 | 18 | **Aditya:** I was fortunate enough to know Shashank since we were kids. He introduced and taught me hacking and bug bounties in 2012-13. I was intrigued by the fact that you could earn just by hacking into websites and securing them simultaneously. I started with Bugcrowd back in the day. 19 | 20 | ### **Question:** What were the initial challenges and blockers you faced? 21 | 22 | **Aditya:** During that time, there was a shortage of publicly available resources and limited awareness. Initially, there was not much support for this type of work, there was a negative stigma attached to hacking, and it was often viewed as an illegal activity. 23 | 24 | However, as people began to recognize its value in helping organizations identify and fix vulnerabilities in their systems, their perception began to shift, creating many job opportunities. 25 | 26 | 27 | ### **Question:** What is the learning methodology you followed or still follow? 28 | **Aditya:** To learn new things efficiently, I often read articles or blog posts for quick and detailed information. When I want to delve deeper into a subject, I read books and watch video series, taking notes as I go. Keeping notes is a beneficial practice. 29 | 30 | 31 | ### **Question:** What all certifications do you hold, and what certificates would you recommend to the readers? 32 | 33 | **Aditya:** My first cert was OSCP. I've also done AWS Cloud Practitioner and Security Specialty. 34 | There are numerous certificates available, each with its own syllabus. The specific certificate a person chooses will depend on their needs and interests. 35 | 36 | ### **Question:** What is your favourite thing to hack on? 37 | 38 | **Aditya:** My favourite things to hack on are the Web apps, Android apps and Smart Contracts. 39 | 40 | 41 | ### **Question:** What does your tool arsenal look like - Could you share some? 42 | 43 | **Aditya:** I'm not much of a tool connoisseur. I use most of the tools widely used by others in the field. This includes tools from Project Discovery's arsenal, Amass, tools by tomnomnom, hakluke, passive sources like Shodan and Censys, port scanners like nmap and masscan, ffuf for fuzzing, and of course, The Burp Suite and its plugins. 44 | 45 | 46 | ### **Question:** How do you cope with Burn Outs? 47 | 48 | **Aditya:** Take a break, go out, go to the gym, listen to music, and read books. Just make sure you're not constantly looking at your screen. I play guitar. Music always helps. 49 | 50 | 51 | ### **Question:** What would you advise the newcomers in Cyber Security? 52 | 53 | **Aditya:** For all the OSCP enthusiasts out there, Try Harder! It's always challenging, but I promise it gets easier as you go. 54 | Keep yourself updated with the current trends, events, and hacks in the field, and read blogs and articles published by others. Do write-ups of your own findings and research. 55 | 56 | 57 | ### **Question:** How do you keep up with the latest trends in Cyber Security - Could you share your go-to resources? 58 | 59 | **Aditya:** Twitter is my go-to source. I also follow newsletters and blogs, such as SolidityScan, Blockthreat, Portswigger, and Intigriti. 60 | 61 | HackTricks and PayloadAllTheThings are incredible when I need to look for anything specific during my pentests. 62 | 63 | 64 | ### **Question:** What's your life outside hacking? 65 | 66 | **Aditya:** I like automating things and building tools that make my work easier. Your brain is for having ideas, not storing them. Organize your workflow, so you spend less time de-cluttering it. 67 | 68 | I also learn and play guitar, read many novels, and give myself a break on weekends. 69 | 70 | ### Social Profiles 71 | - Blog: http://blog.dixitaditya.com/ 72 | - Twitter: https://twitter.com/zombie007o 73 | - LinkedIn: https://www.linkedin.com/in/ad17ya/ 74 | 75 | > Did you find Aditya's story interesting and inspiring? Please share it with your friends and colleagues to spread the word. 76 | 77 | > We will be coming up with more exciting and inspiring stories Weekly. 78 | 79 | Follow Me on [Twitter](https://www.twitter.com/harshbothra_) -------------------------------------------------------------------------------- /SecurityStories/nicolas-krassas.md: -------------------------------------------------------------------------------- 1 | # SecurityStories - 52 Weeks, 52 Stories 2 | 3 | ## Story - 9: Featuring **Nicolas Krassas** 4 | 5 | ![Nicolas Krassas](../media/nicolas-krassas.jpg) 6 | 7 | Through the SecurityStories series, Today, we are excited to bring forward the story of Nicolas Krassas, an OG hacker and active community contributor from Switzerland with experience since the era when internet speeds were measured in kbps, with his first computer being an Amiga 500. So let's jump straight into learning more about him and from his experience. 8 | 9 | ### **Question:** Could you briefly introduce yourself? 10 | 11 | **Nicolas:** I'm a senior penetration tester and your friendly security guy. I like to assist people with security questions and guide them through a solution. I come from an era where internet speeds were measured in kbps, with my first computer being an Amiga 500. 12 | 13 | 14 | ### **Question:** How did you get started in Cyber Security? 15 | 16 | **Nicolas:** Whilst working as a member of the support team on a local Internet Service Provider in the year 1998, I came up with a logical security issue at that time which was allowing users to login into the Annex ( modem installation ) and authenticate without username/password combination. The case fascinated me, and I started looking more towards security issues, exploits and misconfigurations. 17 | 18 | 19 | ### **Question:** What were the initial challenges and blockers you faced? 20 | 21 | **Nicolas:** At that time, the initial challenges were the difficulties of looking for information. There were several underground security groups/teams where information was exchanged, but it wasn't easy to be part of them while you were starting this path. 22 | 23 | 24 | ### **Question:** What learning methodology did you follow or still follow? 25 | **Nicolas:** The process has been the same through the years, continuous education. I collect information and security posts from various sources daily, which I will read and practice when techniques seem essential for my work. 26 | 27 | 28 | ### **Question:** What all certifications do you hold, and what certificates would you recommend to the readers? 29 | 30 | **Nicolas:** I have held CISSP certification for the last eight years. Certificates of any sort are not in my mentality. I won't say they are unsuitable for starting people, but they are not the result. Certifications are a 'nice to have' for people trying to find a job and learn towards a career path. However, they are not an absolute measure of knowledge and shouldn't be measured as one. The popular ones in our career path will be OSCP and HTB CPTS. Ultimately, what will make a difference is how much time one will spend on a topic and how much he will pursue a path with constant effort. 31 | 32 | ### **Question:** What is your favourite thing to hack on? 33 | 34 | **Nicolas:** I love working on internal/external host targets. I'm more focused on service exploitation rather than web applications. 35 | 36 | 37 | ### **Question:** What does your tool arsenal look like - Could you share some? 38 | 39 | **Nicolas:** I will use nmap or rumble/runzero, httpx from project discovery, nuclei with custom templates, of course, Burp suite proxy, sqlmap and a few custom python scripts build through the years. 40 | 41 | 42 | ### **Question:** How do you cope with Burn Outs? 43 | 44 | **Nicolas:** I had the opportunity to work in different IT positions (sysadmin/network admin/security) through the years. When I feel tired, I will focus on another area. 45 | 46 | 47 | 48 | ### **Question:** What would you advise the newcomers in Cyber Security? 49 | 50 | **Nicolas:** The main advice I can share is don't give up and keep learning. People starting now in Cyber Security are often lured by posts that appear with high payouts from security bounties or positions. These are not the norm. These cases should be treated as exceptions. Cyber Security path takes time, and it's a process without end. There won't be a moment that one could say now I know all, or even I know enough. There is always more to learn. 51 | 52 | 53 | 54 | 55 | ### **Question:** How do you keep up with the latest trends in Cyber Security - Could you share your go-to resources? 56 | 57 | **Nicolas:** I keep a relatively large RSS feed repository with more than 800 feeds from where I will select items that I believe are essential and relevant for me to read daily. 58 | 59 | 60 | 61 | ### **Question:** What's your life outside hacking? 62 | 63 | **Nicolas:** As a family person, I will try to keep a tight schedule in my daily life. I keep a routine exercise schedule of 4 days during the week with a mix of weight/cardio training. My job is also my hobby, and with kids, I will spend most of my time reading by now having their daily schedule and being independent. 64 | 65 | 66 | ### Social Profiles 67 | - LinkedIn: https://www.linkedin.com/in/nicolas-krassas-8409876/ 68 | - Twitter: https://twitter.com/Dinosn 69 | 70 | 71 | > Did you find Nicolas's story interesting and inspiring? Please share it with your friends and colleagues to spread the word. 72 | 73 | > We will be coming up with more exciting and inspiring stories Weekly. 74 | 75 | Follow Me on [Twitter](https://www.twitter.com/harshbothra_) -------------------------------------------------------------------------------- /SecurityStories/sameer-bhatt.md: -------------------------------------------------------------------------------- 1 | # SecurityStories - 52 Weeks, 52 Stories 2 | 3 | ## Story - 10: Featuring **Sameer Bhatt** 4 | 5 | ![Sameer Bhatt](../media/sameer-bhatt.jpg) 6 | 7 | Through the SecurityStories series, Today, we are excited to bring forward the story of Sameer Bhatt, a seasoned security researcher and the friendly HackerOne triager who keeps working on your reports. So let's jump straight into learning more about him and from his experience. 8 | 9 | ### **Question:** Could you briefly introduce yourself? 10 | 11 | **Sameer:** I'm Sameer Bhatt, known as your friendly Debugger. I'm currently working as a Senior security analyst, but I started my journey in this field as a bug bounty hunter. In these 5+ years of experience, I have been actively involved in bug bounty and penetration testing. 12 | 13 | 14 | ### **Question:** How did you get started in Cyber Security? 15 | 16 | **Sameer:** I heard about bug bounty for the first time in 2016 while pursuing my bachelor's degree. I was active and interested in open source contribution, and we organized one security event. In that event, I learned about this particular area of cyber security and started self-learning about it from the internet; 17 | 1. I tried to gather some online courses and resources, i.e., cybrary. 18 | 2. I started following security researchers online on social media platforms, solved some CTF challenges and joined conferences/ events to meet more researchers and learn from them. 19 | 3. I met many outstanding researchers from whom I have learned many things. 20 | 21 | In that self-learning phase, I have also started exploring more about bug bounty/ responsible discourses and initiated my bug bounty journey. The first bug I reported was a duplicate; my first bounty was $150. 22 | 23 | After completing my bachelor's degree, I started my professional journey as a Security analyst, where I performed pen-testing on various assets and broadened my skill set. Also, I love 💖 doing things for the InfoSec community; Hence I have also started giving talks in local community chapters to share what I learned and to keep learning from others. I also contribute to the community by making Vulnerable Labs and writing blog posts about my research and work. 24 | 25 | 26 | ### **Question:** What were the initial challenges and blockers you faced? 27 | 28 | **Sameer:** Initially, I needed to figure out where to start. Also, more resources were needed on the internet. But In the curiousness to learn something new, I did a lot of research. Later I started with the basic concepts one by one, understanding the different tools/ techniques/ concepts by following some online materials and doing healthy discussions with many researchers, peers and friends online/ offline. Also, I have participated in conferences/ events/ local chapters to develop my skill set. 29 | 30 | 31 | ### **Question:** What learning methodology did you follow or still follow? 32 | **Sameer:** I believe self-learning is the best way, and whenever I learn something new, I always try to build something out of it and keep notes to track it, i.e., when I started learning python, I started making some tools and attempted to solve some problems. 33 | 34 | 35 | ### **Question:** What all certifications do you hold, and what certificates would you recommend to the readers? 36 | 37 | **Sameer:** I do not have any certificates yet, and it is more of a personal choice as it will benefit you when you apply for a job as a fresher, but yeah! Knowledge is more important than actual certifications. 38 | 39 | 40 | ### **Question:** What is your favourite thing to hack on? 41 | 42 | **Sameer:** Mostly, I hack on Web, API and Mobile, but recently I got interested in game hacking. 43 | 44 | 45 | ### **Question:** What does your tool arsenal look like - Could you share some? 46 | 47 | **Sameer:** I do not have a specific list or set of tools, but mainly I do the manual analysis and focus on business logic vulnerabilities by understanding application functionalities. Hence the only tool I always use is Burp Suite. 48 | 49 | 50 | ### **Question:** How do you cope with Burn Outs? 51 | 52 | **Sameer:** I do not get burnout quickly because I haven't experienced it yet!! But to refresh my mind I watch anime, play games/ sports, write some poetries or draw something. Also, Sometimes I hang out with my friends/ family and have fun. 53 | 54 | 55 | ### **Question:** What would you advise the newcomers in Cyber Security? 56 | 57 | **Sameer:** Keep Improving your observation skill, and do not lose creative thinking. Find your own learning path and create a methodology that keeps you excited and interested in learning new things. 58 | 59 | 60 | ### **Question:** How do you keep up with the latest trends in Cyber Security - Could you share your go-to resources? 61 | 62 | **Sameer:** Mostly Twitter, by following security researchers, companies and recent vulnerabilities. Apart from that, I also follow my friends, who are active in the cyber security field, to know the bugs and methods they think are interesting from their blog or Twitter posts. 63 | 64 | 65 | ### **Question:** What's your life outside hacking? 66 | 67 | **Sameer:** Outside hacking, I watch anime, play games/ sports, and hang out with friends and family!! 68 | 69 | 70 | ### Social Profiles 71 | - Website: https://bhattsameer.github.io/ 72 | - Twitter: https://twitter.com/sameer_bhatt5 73 | - LinkedIn: https://linkedin.com/in/bhatt-sameer 74 | - Github: https://github.com/bhattsameer 75 | - Instagram: https://www.instagram.com/bhatt_sameer 76 | 77 | 78 | > Did you find Sameer's story interesting and inspiring? Please share it with your friends and colleagues to spread the word. 79 | 80 | > We will be coming up with more exciting and inspiring stories Weekly. 81 | 82 | Follow Me on [Twitter](https://www.twitter.com/harshbothra_) -------------------------------------------------------------------------------- /SecurityStories/godson-bastin.md: -------------------------------------------------------------------------------- 1 | # SecurityStories - 52 Weeks, 52 Stories 2 | 3 | ## Story - 16: Featuring **Godson Bastin** 4 | 5 | ![Godson Bastin](../media/godson-bastin.jpg) 6 | 7 | Through the SecurityStories series, Today, we are excited to bring forward the story of Godson Bastin, a seasoned CTF player from India. So let's jump straight into learning more about him and from his experience. 8 | 9 | ### **Question:** Could you briefly introduce yourself? 10 | 11 | **Godson:** Hey all! I am Godson and go by the username @0xGodson over the internet. Right now doing my bachelor's in computer application. I mostly work on pentest projects, helping build securebinary.in. I do research in my free time about browsers and javascript. I love working for/with open-source projects. I also love playing CTFs. You can find my blogs at https://blog.0xgodson.com, and you can try my challenges at https://ctf.0xgodson.com and sharpen your exploitation skills 😉 12 | 13 | 14 | ### **Question:** How did you get started in Cyber Security? 15 | 16 | **Godson:** Like everyone, everything started when I got into a random conversation with my friends during my school time about "hacking". Those days, I didn't have a laptop or a good internet connection. I googled a lot about hacking and saw some random blogs with code I didn't understand. So, I started learning programming before everything. I used to start learning programming with the phone. Then I got a laptop after a year, learned networking, Linux, and programming and got some internet community friends, which greatly affected my learning curve. I played HackTheBox, TryHackMe, and portswigger labs with them as a hobby. I loved that period and decided to continue my journey. That's how I started my career. I recommend getting some friends if you are beginning 😁 17 | 18 | 19 | ### **Question:** What were the initial challenges and blockers you faced? 20 | 21 | **Godson:** I didn't face any blockers when I started because I spent $0 till now to learn something. Everything is free there. But my university used to be a blocker, and I felt like wasting 8 hrs/per day for nothing. So, I quit and joined correspondence education. I don't recommend stopping university unless you believe you can spend your time in a more meaningful way 😄 22 | 23 | 24 | ### **Question:** What learning methodology did you follow or still follow? 25 | **Godson:** I don't have a specific methodology. But first, I will try googling about that before getting started. Then reading documentation and getting hands-on experience along with documentation always helps me. I used to follow this, and I still follow this 😄 26 | 27 | 28 | ### **Question:** What all certifications do you hold, and what certificates would you recommend to the readers? 29 | 30 | **Godson:** I don't have any certifications. I don't recommend doing any certifications (a bit controversial topic). But it's okay to have certificates. I believe certifications are to prove skills. There are many other ways to demonstrate the skills. Still, it depends on the individual's learning mindset. 31 | 32 | 33 | ### **Question:** What is your favourite thing to hack on? 34 | 35 | **Godson:** I love spending time on Javascript, DOM, and Browser Client Security, which I find super interesting. Apart from this, I love Source Code Review Because it's challenging and help me to learn about a specific language deeply. 36 | 37 | 38 | ### **Question:** What does your tool arsenal look like - Could you share some? 39 | 40 | **Godson:** I do not have personal automation tools. But I do have some automation scripts. So I created those scripts to automate the recon process and organize the collected data. 41 | 42 | Most of the tools I use are public tools from projectdiscovery's, tomnomnom's tools, s0md3v's tools and so on. 43 | 44 | Right now working on an automation tool that finds DOM Based Vulns (no false positives) like DOM XSS, Prototype Pollution, CSTI and so on. Planning to make it open source soon after completing it. 45 | 46 | 47 | ### **Question:** How do you cope with Burn Outs? 48 | 49 | **Godson:s** Taking regular breaks and spending time with family and friends can help to overcome burnout. If I lack the motivation to hack, I spend my time learning something new instead of hacking. I play the piano in my free time, which always helps me to calm down. 50 | 51 | 52 | 53 | ### **Question:** What would you advise the newcomers in Cyber Security? 54 | 55 | **Godson:** I recommend newcomers explore every side of cyber security. If they can't find themselves on the edge of their seat at any point during this process, then I don't recommend continuing the cycle. Because it would be hard to work on cyber security without passion. I recommend finding out if they are passionate about cyber security or just about money. If they are passionate about computers and tech, then spend more time on your passion and trust the process 56 | 57 | 58 | ### **Question:** How do you keep up with the latest trends in Cyber Security - Could you share your go-to resources? 59 | 60 | **Godson:** Twitter and Writeups. I am following some great researchers on Twitter, which helps me to stay updated. Apart from Twitter, I follow pentester.land to catch the most recent writeups, and I always focus on CTF writeups. Because it never failed to teach something new 61 | 62 | 63 | 64 | ### **Question:** What's your life outside hacking? 65 | 66 | **Godson:** It's not great, but I plan to improve this year by spending more time with family and friends and planning vacations. 67 | 68 | ### Social Profiles 69 | - Twitter: https://twitter.com/0xGodson_ 70 | - Github: https://github.com/0xGodson 71 | - LinkedIn: https://www.linkedin.com/in/godson-bastin-378269225/ 72 | 73 | 74 | 75 | > Did you find Godson's story interesting and inspiring? Please share it with your friends and colleagues to spread the word. 76 | 77 | > We will be coming up with more exciting and inspiring stories Weekly. 78 | 79 | Follow Me on [Twitter](https://www.twitter.com/harshbothra_) -------------------------------------------------------------------------------- /SecurityStories/kishore-krishna.md: -------------------------------------------------------------------------------- 1 | # SecurityStories - 52 Weeks, 52 Stories 2 | 3 | ## Story - 15: Featuring **Kishore Krishna Pai** 4 | 5 | ![Kishore Krishna Pai](../media/kishore-krishna.jpg) 6 | 7 | Through the SecurityStories series, Today, we are excited to bring forward the story of Kishore Krishna Pai, a seasoned security researcher from India who is currently settled in Australia. So let's jump straight into learning more about him and from his experience. 8 | 9 | ### **Question:** Could you briefly introduce yourself? 10 | 11 | **Kishore:** Hi all, 12 | 13 | My name is Kishore Krishna Pai. I am working as a Senior Pentester. 14 | 15 | I am a self-taught Cyber Security Senior Consultant with a passion for programming and a penchant for learning new technologies. I have been a reliable team player who envisages and develops production-worthy systems and applications for my clients. 16 | 17 | After 8 years as a programmer (JAVA ), I switched to cyber security. I became a Bug Bounty Hunter and eventually a Security Consultant. 18 | 19 | 20 | ### **Question:** How did you get started in Cyber Security? 21 | 22 | **Kishore:** Hi all, 23 | 24 | My name is Kishore Krishna Pai. I am working as a Senior Pentester. 25 | 26 | I am a self-taught Cyber Security Senior Consultant with a passion for programming and a penchant for learning new technologies. I have been a reliable team player who envisages and develops production-worthy systems and applications for my clients. 27 | 28 | After 8 years as a programmer(JAVA ), I switched to cyber security. I became a Bug Bounty Hunter and eventually a Security Consultant. 29 | 30 | 31 | ### **Question:** What were the initial challenges and blockers you faced? 32 | 33 | **Kishore:** My experience as a developer helped me a lot. I was able to pick up things really fast. The challenges I faced were mainly mental, where I was challenged to accept the bad side of bug bounty programs, wherein they don't pay you, and I felt cheated. I had to accept it and move on. 34 | 35 | Eventually, I stopped doing Bug Bounties. I am in no way good at Bug Bounties because of this. 36 | 37 | 38 | 39 | ### **Question:** What learning methodology did you follow or still follow? 40 | **Kishore:** I try to learn from different sources ie videos, books, practice labs etc. I skim through the topics on the first, and in the second, I take notes and try to understand the concept. 41 | 42 | I try to contact an expert in that field and have a chat and take their opinion about what is the best way to learn a new skill. 43 | 44 | 45 | 46 | ### **Question:** What all certifications do you hold, and what certificates would you recommend to the readers? 47 | 48 | **Kishore:** I currently hold the following certifications: 49 | CRTP 50 | eWPTX 51 | OSCP 52 | CREST CPSA 53 | CREST CRT 54 | 55 | I am not a big fan of certs. But the industry gives very much value to these certs. So I had to do it to land a job. 56 | 57 | I recommend the OSCP cert as it's a well-valued certificate in the industry. 58 | 59 | 60 | ### **Question:** What is your favourite thing to hack on? 61 | 62 | **Kishore:** I like looking for Access Control, Authentication, and information disclosure issues. 63 | 64 | 65 | ### **Question:** What does your tool arsenal look like - Could you share some? 66 | 67 | **Kishore:** I use only a few tools than Burp Suite, such as Nuclei scanner, SQLMap and other tools depending upon the project. I just search in Google and use it. 68 | 69 | ### **Question:** How do you cope with Burn Outs? 70 | 71 | **Kishore:** 72 | - Meditation 73 | - Walking 74 | - Being in the nature 75 | 76 | 77 | ### **Question:** What would you advise the newcomers in Cyber Security? 78 | 79 | **Kishore:** 1. Try to be humble. This community is very small and has a lot of beneficial people. Take an approach of growing together rather than focusing only on your own growth. 80 | 2. If you can get hold of a Mentor, your growth will be much faster. Anyone can approach me if you need any suggestions/guidance. I am not a pro compared to many legends in the community, but if you are a beginner, I can help. 81 | 3. Learn at least one programming language. Try building a website using any new technology stack. This exercise will help you immensely. 82 | 4. Take it slowly. There is a lot to learn. You will get there. Don't be disheartened by the success of others. You will be there soon. 83 | 5. If you climb the ladder by pulling someone down, the same will happen to you eventually. So having an excellent helpful mentality is very important. I am not trying to give a lecture on philosophy here. I have seen in the CyberSec community the value of having good connections is unbelievable. So if people think you are a nice person without much greed, you will be surrounded by like-minded, helpful people and reap its benefits. 84 | 85 | 86 | 87 | ### **Question:** How do you keep up with the latest trends in Cyber Security - Could you share your go-to resources? 88 | 89 | **Kishore:** I used to be very active on Twitter. But not now. Twitter is a good source for keeping up with the latest happenings in Cybersecurity. 90 | Nowadays, I just read the newsletter circulated in my office, which is very good and keeps me updated. 91 | 92 | 93 | 94 | ### **Question:** What's your life outside hacking? 95 | 96 | **Kishore:** I am a son, husband and father. I like spending time with my family and playing with my daughter and dog. My favourite thing is those moments of solitude I get when camping or being in nature without any company. 97 | 98 | I like to travel. Most of my travels are away from busy cities. 99 | 100 | ### Social Profiles 101 | - LinkedIn: https://www.linkedin.com/in/kishore-k-pai/ 102 | - Twitter: https://twitter.com/sillydadddy 103 | 104 | 105 | 106 | > Did you find Kishore's story interesting and inspiring? Please share it with your friends and colleagues to spread the word. 107 | 108 | > We will be coming up with more exciting and inspiring stories Weekly. 109 | 110 | Follow Me on [Twitter](https://www.twitter.com/harshbothra_) -------------------------------------------------------------------------------- /SecurityStories/armaan-pathan.md: -------------------------------------------------------------------------------- 1 | # SecurityStories - 52 Weeks, 52 Stories 2 | 3 | ## Story - 18: Featuring **Armaan Pathan** 4 | 5 | ![Armaan Pathan](../media/armaan-pathan.jpg) 6 | 7 | Through the SecurityStories series, Today, we are excited to bring forward the story of Armaan Pathan, who is currently working as a Senior Security Engineer and is well known for his exciting research and bug bounty work. 8 | 9 | ### **Question:** Could you briefly introduce yourself? 10 | 11 | **Armaan:** Greetings, I'm Armaan. I currently hold the position of a senior security engineer at Certus Cybersecurity. I also have around eight years of expertise in bug bounty, and I am always eager to expand my knowledge. Besides that, I am passionate about travelling the globe and immersing myself in diverse cultures. 12 | 13 | 14 | ### **Question:** How did you get started in Cyber Security? 15 | 16 | **Armaan:** My parents discontinued our internet connection due to my poor performance in 10th grade. I had to go to my friend's house to use Facebook. During that time, my friend used a Firefox plugin to capture all Facebook cookies. He took advantage of this, gained access to my account, and sent messages to my contacts without my knowledge. Initially, I contemplated retaliating by hacking into his account, but instead, I became fascinated with cybersecurity and began exploring various types of vulnerabilities and related topics. 17 | 18 | 19 | ### **Question:** What were the initial challenges and blockers you faced? 20 | 21 | **Armaan:** After completing 12th grade, my parents took a new internet connection, but unfortunately, the speed was only 1 Mbps, and my computer had an Intel Pentium 3 CPU, which was slow and too lagging. Furthermore, The internet had limited resources for learning about new vulnerabilities. 22 | 23 | 24 | 25 | ### **Question:** What learning methodology did you follow or still follow? 26 | **Armaan:** During my early days in cybersecurity, I joined various cybersecurity groups on Facebook to learn more. Through one of these groups, I learned about multiple types of cyber attacks, including injection-related ones. In addition, I read several books, such as Linux Basics, Nmap Documentation, and The Web Application Hacker's Handbook. After completing a topic, I used to perform test cases on websites with vulnerability disclosure programs. 27 | 28 | My approach to learning in cybersecurity involves the following: 29 | Solving labs on Pentesterlab. 30 | Regularly reading blogs. 31 | Connecting with cybersecurity professionals and bug hunters to discuss new topics and attack scenarios. 32 | Additionally, I participate in bug bounty programs to gain insight into new technologies. 33 | 34 | 35 | 36 | ### **Question:** What all certifications do you hold, and what certificates would you recommend to the readers? 37 | 38 | **Armaan:** While I hold the OSCP certification, I recommend becoming a member of Hackthebox, Pentesterlab, and Appsecengineer.com for individuals looking to enter the cybersecurity field. These websites provide ample materials to help you gain knowledge and stay up-to-date in the area without needing to pursue certifications. 39 | 40 | 41 | ### **Question:** What is your favourite thing to hack on? 42 | 43 | **Armaan:** My preference lies in application security hacking encompassing web, mobile, and APIs. I prefer applications with multiple roles and modules and various web services in the backend, as they typically provide significant scope to execute diverse test cases. Moreover, regarding bug bounties, I am not one to constantly switch between different programs. Instead, I concentrate on a single program for 3-4 years and remain vigilant for any updates, such as changes to the UI, If the company has introduced any new modules etc. 44 | 45 | ### **Question:** What does your tool arsenal look like - Could you share some? 46 | 47 | **Armaan:** Although I don't do reconnaissance and depend on myself for the tools, I do use several tools such as httpx, katana, nuclei, naabu, and sqlmap. Additionally, I utilize active and passive scans within the burp suite and certain plugins such as reflector, para minor, IP rotate, and custom macros to conduct access control-related test cases. 48 | 49 | 50 | ### **Question:** How do you cope with Burn Outs? 51 | 52 | **Armaan:s** In the past, burnout used to have a very negative effect on me. However, I've since discovered that I can overcome burnout by taking vacations every three months to different countries, listening to music, shopping, and spending quality time with loved ones. 53 | 54 | 55 | ### **Question:** What would you advise the newcomers in Cyber Security? 56 | **Armaan:** If you're new to cybersecurity, it's recommended that you attempt to solve a few CTF challenges per week on various platforms like Hackthebox and Pentesterlab. As for those who aspire to become bug bounty hunters, please don't get discouraged by encountering N/A and duplicate situations, as even top bug bounty hunters have faced such challenges in their careers. 57 | 58 | 59 | ### **Question:** How do you keep up with the latest trends in Cyber Security - Could you share your go-to resources? 60 | 61 | **Armaan:** In my approach, I explore diverse technologies, such as understanding how certain JavaScript functions work within a web page, how developers implement them, and how attackers can exploit them. I keep up-to-date by following multiple researchers on Twitter and regularly practice my skills by completing labs on PentesterLab. 62 | 63 | 64 | ### **Question:** What's your life outside hacking? 65 | 66 | **Armaan:** Besides hacking, I enjoy spending quality time with my friends and family, exploring various destinations, trying diverse cafes, savouring delicious cuisine, and listening to music. 67 | 68 | ### Social Profiles 69 | 70 | - Twitter: https://twitter.com/armaancrockroax 71 | - LinkedIn: https://www.linkedin.com/in/armaan-pathan/ 72 | 73 | 74 | > Did you find Armaan's story interesting and inspiring? Please share it with your friends and colleagues to spread the word. 75 | 76 | > We will be coming up with more exciting and inspiring stories Weekly. 77 | 78 | Follow Me on [Twitter](https://www.twitter.com/harshbothra_) -------------------------------------------------------------------------------- /SecurityStories/vickie-li.md: -------------------------------------------------------------------------------- 1 | # SecurityStories - 52 Weeks, 52 Stories 2 | 3 | ## Story - 12: Featuring **Vickie Li** 4 | 5 | ![Vickie Li](../media/vickie-li.jpg) 6 | 7 | Through the SecurityStories series, Today, we are excited to bring forward the story of Vickie Li, a seasoned security researcher from USA and also the author of "Bug Bounty Bootcamp". So let's jump straight into learning more about Vickie's experience. 8 | 9 | ### **Question:** Could you briefly introduce yourself? 10 | 11 | **Vickie:** My name is Vickie, and I currently work as a security engineer at Instacart. I am the author of bug bounty bootcamp (https://nostarch.com/bug-bounty-bootcamp). I’ve been working in tech for quite a while now, first starting as a software developer then I transitioned into infosec through bug bounties. 12 | 13 | 14 | ### **Question:** How did you get started in Cyber Security? 15 | 16 | **Vickie:** I started my career in cybersecurity through bug bounty hunting! I’ve done pen testing, consulting, developer advocacy, technical writing, and security engineering since. 17 | 18 | I studies CS in college, and got interested in security through my university courses, and started bug bounties as a way to learn more about infosec. 19 | 20 | Hacking on bug bounty programs helped me learn a lot about web hacking and web application security in general. I started my technical blog, where I wrote about whatever I was learning at the moment. From there I started some freelance penetration testing and technical writing jobs, and eventually landed my current job as a security engineer at Instacart. 21 | 22 | 23 | ### **Question:** What were the initial challenges and blockers you faced? 24 | 25 | **Vickie:** It’s pretty difficult to get feedback about your work when you are first starting out in bug bounties or cybersecurity. When I first started to hunt on bug bounty programs, I was not sure if I was focusing on the right bugs, if I was assessing business impact properly, etc. Feedback from security engineers managing bug bounty programs was really helpful in helping me refocus my learning. But unfortunately, not every bug bounty program provides good feedback for informational or N/A findings. 26 | 27 | 28 | ### **Question:** What learning methodology did you follow or still follow? 29 | **Vickie:** Designing a syllabus for myself has helped me learn many skills in tech. Whenever I set out to learn something new, I first define exactly what it is I want to learn, and lay out the intermediate steps that will take me there. Then, I search for resources that will help me accomplish each step in my plan and study those one at a time. For example, if I was a new bug bounty hunter looking to find my first bug, I can first list of the things I need to know to accomplish that: 30 | 31 | - How to find web vulnerabilities 32 | - Most common vulnerability types 33 | - How to find IDORs 34 | - How to find XSS 35 | - How to determine a bug’s impact 36 | - How to report vulnerabilities clearly 37 | 38 | Once I have my tailored roadmap, I will study these topics one at a time via online blog posts, books, and tutorials. 39 | 40 | 41 | 42 | ### **Question:** What all certifications do you hold, and what certificates would you recommend to the readers? 43 | 44 | **Vickie:** I currently don't hold any certifications. 45 | 46 | 47 | ### **Question:** What is your favourite thing to hack on? 48 | 49 | **Vickie:** I prefer social media sites with complex user interactions. 50 | 51 | 52 | 53 | ### **Question:** What does your tool arsenal look like - Could you share some? 54 | 55 | **Vickie:** I no longer spend a lot of time hunting for bug bounties but I used to rely heavily on Burp, and a recon script built around Sublist3r and TruffleHog. I talk more about building a toolkit in my book. In general, I am a fan of learning to do something manually, identify what can be automated in your workflow, then building custom tools to automate that process. 56 | 57 | 58 | 59 | ### **Question:** How do you cope with Burn Outs? 60 | 61 | **Vickie:** It’s important to separate your self-worth from your output at work. Bug bounties can be unpredictable: valid reports don’t happen every day, and your earnings can vary from month to month. 62 | Keep in mind that this happens to everyone, have realistic expectations of what you want to achieve at this stage, and give yourself time to learn something properly. 63 | 64 | 65 | 66 | ### **Question:** What would you advise the newcomers in Cyber Security? 67 | 68 | **Vickie:** When approaching someone to be your mentor, think about what you want to get out of the relationship. Are you looking for someone to help you understand a particularly complex bug? Trying to build a faster recon toolset? Think about whether this is something you can accomplish by yourself with some research. Oftentimes, the process of struggling and figuring it out helps you learn deeper than you otherwise would have. Similarly, before asking someone for their strategy for learning programming, bug bounty hunting, or automation: reflect on your current processes, and think whether you can improve them to work better for yourself. Learning a new skill is a personal path. What works for someone else might not work for you. 69 | 70 | 71 | 72 | ### **Question:** How do you keep up with the latest trends in Cyber Security - Could you share your go-to resources? 73 | 74 | **Vickie:** I mostly use Twitter to keep myself in the loop. I follow security or software people I have met online or whose blogs I have read. (Check out the amazing folks on my following list!) Security publications like the Daily Swig and tldrsec are pretty amazing too. 75 | 76 | 77 | ### **Question:** What's your life outside hacking? 78 | 79 | **Vickie:** There are a lot of life changes going on in my life right now so unfortunately, I haven’t had much time to pursue hobbies outside of security. But karate and playing with my dog are the main ways I spend my free time. 80 | 81 | 82 | ### Social Profiles 83 | - Twitter: https://twitter.com/vickieli7 84 | - Security blog: https://vickieli.dev 85 | 86 | 87 | > Did you find Vickie's story interesting and inspiring? Please share it with your friends and colleagues to spread the word. 88 | 89 | > We will be coming up with more exciting and inspiring stories Weekly. 90 | 91 | Follow Me on [Twitter](https://www.twitter.com/harshbothra_) -------------------------------------------------------------------------------- /SecurityStories/ahmet-gurel.md: -------------------------------------------------------------------------------- 1 | # SecurityStories - 52 Weeks, 52 Stories 2 | 3 | ## Story - 1: Featuring **Ahmet Gurel** 4 | 5 | ![Ahmet Gurel](../media/ahmet-gurel.jpg) 6 | 7 | Through SecurityStories series, Today, we are excited to bring forward the story of Ahmet Gurel who is a highly skilled ethical hacker from Turkey. Let's jump straight into learning more about him and from his experience. 8 | 9 | ### **Question:** Could you briefly introduce yourself? 10 | 11 | **Ahmet:** I'm a Senior Security Expert who performs pentest and source code analysis for Web, Mobile, Desktop, and Cloud applications. Also, I have knowledge and know-how about network protocol analysis, network & application security issues, exploiting, and vulnerability research. I have 7+ years of offensive security work experience, and I am currently working as a Senior Penetration Tester in a Bank. Apart from that, I have been actively involved in Bug bounty and Pentest as a Service projects for 3+ years. 12 | 13 | - https://app.cobalt.io/agurel 14 | - https://bugcrowd.com/ahmet 15 | - https://acropolis.synack.com/inductees/AhmetG/ 16 | 17 | 18 | ### **Question:** How did you get started in Cyber Security? 19 | 20 | **Ahmet:** Like many people at a young age, my acquaintance with the computer was through games. I have a story that starts with wondering how the online games I play are made, and then continues with detecting the security vulnerabilities of these games. I think that was the beginning of my career. 21 | 22 | In the following years, I have been dealing with software and cyber security without realizing it. This interest continued when I studied computer engineering at university and became acquainted with ethical hacking there. 23 | 24 | 25 | ### **Question:** What were the initial challenges and blockers you faced? 26 | 27 | **Ahmet:** Since I started at a young age, there were not many resources in my mother tongue about these fields at that time. I did not know English as I was a young age. I think that was the biggest challenge for me. That's why I think I love to share what I've learned. And I produce resources with Turkish content. I have a cyber security book I wrote in this field and a video course on mobile application security. It is among the things that excite me that young people are starting out in this field. 28 | 29 | 30 | ### **Question:** What is the learning methodology that you followed or that you still follow? 31 | **Ahmet:** I'm a little too detailed when learning something new. First, I examine the documentation, if any, about that technology/subject. Then, if there are sub-topics that will be required for that subject, I research/learn them. Finally, I review the articles and projects written on the subject. (Google, Medium, GitHub, etc.) 32 | 33 | ### **Question:** What all certifications do you hold, and what all certificates you would recommend to the readers? 34 | 35 | **Ahmet:** I have CompTIA Security+, eWPTXv2, eMAPT, CRTP, CEHv10, and ISO/IEC 27001 Lead Auditor certificates. 36 | 37 | Actually, the proposal of the certification is somewhat open-ended. I think it has to do with the person's learning model. If you like a hands-on learning model with practice, Offensive Security and eLearnSecurity certificates may be for you, but if you are someone who likes to learn from documentation and written sources and solve questions in this way, SANS and EC-Council certificates may be for you. I can really recommend eWPTXv2 documents, lab, and exam for people who want to improve themselves in the field of web application security. 38 | 39 | ### **Question:** What is your favourite thing to hack on? 40 | 41 | **Ahmet:** My favorite areas of hacking are generally web and mobile apps. I really like to change things in applications, to do things without authorization. :D 42 | 43 | 44 | ### **Question:** What does your tool arsenal look like - Could you share some? 45 | 46 | **Ahmet:** I'm not someone who uses a lot of tools. I use manual analysis and known basic methods and tools. But recon is really an important part of my testing. 47 | 48 | Tool Kit List: gobuster, ffuf, subfinder, gau, httpx, nuclei, nmap, Burp Suite Pro and plugins <3. 49 | 50 | ### **Question:** How do you cope up with Burn Outs? 51 | 52 | **Ahmet:** I am trying to make my working moment enjoyable in an intense working tempo. Working to the accompaniment of my favorite music, picking up my guitar when I take a break in my study, are some of them. But my biggest supporter has always been my wife. 53 | 54 | ### **Question:** What would you advise the newcomers in Cyber Security? 55 | 56 | **Ahmet:** I can always recommend newbies to explore their favorite field and study hard, giving themselves time for basic and advanced technical knowledge in this field. But recently, many questions and e-mails come to me in the Bug Bounty field and only money-oriented questions. I think when you love this job and give your long hours and years, money is just one of the results. I think that the probability of being successful in a field and subject that you do not like just for money will be low. 57 | 58 | ### **Question:** How do you keep up with the latest trends in Cyber Security - Could you share your go-to resources? 59 | 60 | **Ahmet:** In fact, I follow new security research and vulnerabilities. Apart from that, I follow my friends who are active on bug bounty/pentest platforms. I follow the bugs and methods that they think are interesting from their blog or Twitter posts. 61 | 62 | - https://thehackernews.com/ 63 | - https://www.reddit.com/r/netsec/ 64 | - https://www.reddit.com/r/Pentesting/ 65 | - https://twitter.com/hashtag/BugBountyTips 66 | 67 | 68 | ### **Question:** What's your life outside hacking? 69 | 70 | **Ahmet:** Apart from hacking, I am someone who likes to spend time with my family and friends. I like an active life such as camping, trekking, fishing, and going to concerts. Apart from these, I love to discover new dishes and cuisines. I think it helps me clear my head and work more focused. 71 | 72 | ### Social Profiles 73 | - Blog: https://gurelahmet.com/ 74 | - GitHub: https://github.com/ahmetgurel 75 | - Twitter: https://twitter.com/ahmettgurell 76 | - LinkedIn: https://www.linkedin.com/in/ahmetgurell 77 | - Exploit-DB: https://www.exploit-db.com/?author=8736 78 | 79 | 80 | > Did you find Ahmet's story interesting and inspiring? Make sure to share it with your friends and collegeus to spread the word. 81 | 82 | > We will be coming with more such interesting and inspiring stories Weekly. 83 | 84 | Follow Me on [Twitter](https://www.twitter.com/harshbothra_) -------------------------------------------------------------------------------- /SecurityStories/robbe-van-roey.md: -------------------------------------------------------------------------------- 1 | # SecurityStories - 52 Weeks, 52 Stories 2 | 3 | ## Story - 6: Featuring **Robbe Van Roey** 4 | 5 | ![Robbe Van Roey](../media/robbe-van-roey.jpg) 6 | 7 | Through the SecurityStories series, Today, we are excited to bring forward the story of Robbe Van Roey, a highly skilled hacker and security professional from Belgium. He is widely known as PinkDraconian. He creates unique content, and you must have seen him extensively in Intigriti's content series. 8 | 9 | Let's jump straight into learning more about him and his experience. 10 | 11 | ### **Question:** Could you briefly introduce yourself? 12 | 13 | **Robbe Van Roey:** Hi! I'm PinkDraconian. I'm an ethical hacker. I love to hack, break into things and have that ecstatic feeling come over me when I get in somewhere! 14 | 15 | I'm also the Hacker Manager at Intigriti. Our bug bounty platform is one of the best bug bounty platforms there is. I always aim to ensure that the hackers have a great time on our bug bounty platform. 16 | 17 | I'm also a hacker content creator. I create all kinds of content you see on Intigriti Twitter and the videos you see on YouTube. I also have my own channel: PinkDraconian. 18 | 19 | 20 | ### **Question:** How did you get started in Cyber Security? 21 | 22 | **Robbe Van Roey:** 5 years ago, I knew nothing about information security. I was doing my bachelors in AI & Robotics. But then I had one class: Cybersecurity Essentials. I LOVED THIS CLASS. 23 | 24 | Once I had completed the class, I immediately went to Hack The Box because I wanted to become a hacker. This was hard. I still remember my first box. It took me 2 weeks of constantly trying and learning to finish the box. But that feeling of getting root was AMAZING! 25 | 26 | So I kept on playing Hack The Box. My second box took a week, my third took a couple of days, my third one took a day, and before I knew it, I got to the top 100 on Hack The Box and spent every Saturday night pwning the newest box. 27 | 28 | These were some great times. I also started playing a lot of CTFs. I won the Cybersecurity Challenge in Belgium, competed in the European Cybersecurity Challenge twice and even competed in the International Cybersecurity Challenge. 29 | 30 | I started hunting real-world targets. I did my first penetration test, and I still remember the doubt about the CISO. He really thought I wasn't going to be able to do anything. But yet, 3 hours later, I was their Active Directory system's domain admin, which felt so good. 31 | 32 | 33 | ### **Question:** What were the initial challenges and blockers you faced? 34 | 35 | **Robbe Van Roey:** Starting out, it's all fun and games, and you're just doing what you love constantly. Just pwning boxes. It's so much fun. 36 | 37 | But after a couple of years, money can feel stale when money gets involved. So I had significant challenges with keeping motivated at some points. 38 | 39 | But the vital thing to note is that you should always be humble. You're never an expert at anything and you always have tons to learn. Refrain from assuming you know something really well because you don't. The only time when you can not be humble is when talking to recruiters 😅 40 | 41 | 42 | ### **Question:** What is the learning methodology you followed or still follow? 43 | 44 | **Robbe Van Roey:** Curiosity is my main driving factor: How does this work. Curiosity can give you the motivation you need to keep progressing. 45 | 46 | Besides that, I take a lot of notes. I have documentation on every command I ever run. I can copy and paste straight out of my notes, and every single flag and parameter is explained there. This is very important since it's impossible to remember how to use every tool. Having great docs allows you to quickly pick something up again after not using it for years. 47 | 48 | 49 | 50 | ### **Question:** What all certifications do you hold, and what certificates would you recommend to the readers? 51 | 52 | **Robbe Van Roey:** I'm not a massive fan of certifications. I think their main goal is to please recruiters, but there are cheaper ways of doing this. 53 | 54 | Start a YouTube channel, create a blog, get a CVE, share your research, go on a podcast, get to the top on HTB, and join a top CTF team. There are many free ways of gaining experience and showing off your skills! 55 | 56 | 57 | ### **Question:** What is your favourite thing to hack on? 58 | 59 | **Robbe Van Roey:** I love a lot of things: 60 | - In bug bounty: Web applications 61 | - In penetration tests: Active Directory 62 | - To show friends and family: Mobile games (Nothing like showing off that you have infinite gems in Subway Surfers to your nephews!) 63 | 64 | ### **Question:** What does your tool arsenal look like - Could you share some? 65 | 66 | **Robbe Van Roey:** 67 | I use the same tools everyone does. Tools are great to help you, but you must know how to fully utilise those tools. Most of the tools I use come installed on Kali. 68 | Don't just run tools with the default settings. It will suck when you get your 100th dupe :) 69 | 70 | My most used tool is BurpSuite. Super cool tool! 71 | 72 | 73 | ### **Question:** How do you cope with Burn Outs? 74 | 75 | **Robbe Van Roey:** Luckily, I haven't experienced a real burnout in these 5 years. Let's hope that stays the same. 76 | 77 | ### **Question:** What would you advise the newcomers in Cyber Security? 78 | 79 | **Robbe Van Roey:** Don't look for mentors or for guidance. Just follow your interest. See what you like and start digging. You will carve your own path and become an expert in something instead of just being someone doing the same as everyone else. 80 | 81 | Ethical hacking is a challenging field. It's really, really hard. But with the right motivation, you can make it! 82 | 83 | ### **Question:** How do you keep up with the latest trends in Cyber Security - Could you share your go-to resources? 84 | 85 | **Robbe Van Roey:** One stop: Intigriti's Bug Bytes! https://newsletter.intigriti.com/ 86 | 87 | ### **Question:** What's your life outside hacking? 88 | 89 | **Robbe Van Roey:** I have a beautiful girlfriend, and all the time I have outside of hacking, I like to spend with her. I love going on hikes with her and geocaching! 90 | 91 | 92 | ### Social Profiles 93 | 94 | - ▶️ YouTube: https://www.youtube.com/c/PinkDraconian 95 | - 🐦 Twitter: https://twitter.com/PinkDraconian 96 | - 🎵 TikTok: https://www.tiktok.com/@pinkdraconian 97 | - ℹ️ LinkedIn: https://www.linkedin.com/in/robbe-van-roey-365666195/ 98 | - 🎁 Patreon: https://www.patreon.com/PinkDraconian 99 | - 📞 Discord: PinkDraconian#9907 100 | - 📷 Instagram: https://www.instagram.com/robbevanroey/ 101 | 102 | 103 | > Did you find Robbe Van Roey's story interesting and inspiring? Please share it with your friends and colleagues to spread the word. 104 | 105 | > We will be coming up with more exciting and inspiring stories Weekly. 106 | 107 | Follow Me on [Twitter](https://www.twitter.com/harshbothra_) -------------------------------------------------------------------------------- /SecurityStories/nilesh-sapariya.md: -------------------------------------------------------------------------------- 1 | # SecurityStories - 52 Weeks, 52 Stories 2 | 3 | ## Story - 3: Featuring **Nilesh Sapariya** 4 | 5 | ![Nilesh Sapariya](../media/nilesh-sapariya.jpg) 6 | 7 | Through the SecurityStories series, Today, we are excited to bring forward the story of Nilesh Sapariya, a highly skilled penetration tester from India who currently resides in UAE. So let's jump straight into learning more about him and from his experience. 8 | 9 | ### **Question:** Could you briefly introduce yourself? 10 | 11 | **Nilesh:** I am Nilesh Sapariya, and I have worked in cybersecurity for the past ten years. My primary area of expertise is application security. However, I am always eager to learn new things. Despite having a decade of experience in my field, I still consider myself a beginner. The cyber security domain is vast and ever-evolving, making it exciting and challenging to stay ahead of the curve. 12 | 13 | I am an active member of the cybersecurity community (Null), engaging in bug bounty, CTF, and other security-based activities. In addition, I am part of the Cobalt Core and Synack Red Team, helping to identify and mitigate security vulnerabilities. Doing good and helping each other are essential to our success. 14 | 15 | 16 | ### **Question:** How did you get started in Cyber Security? 17 | 18 | **Nilesh:** When I was in 2nd year of engineering, our college got an invitation from a nearby college with multiple events organized. One of the events was "Ethical Hacking," which fascinated me a lot, and without a second thought, I decided to participate. In this event, the speaker presented two laptops and demonstrated how he gained access to the other laptop from his machine via some graphic representation. I am still unable to figure out how he did that, but this particular demonstration was the turning point of my life, and I decided to dive deep into it. After completing my engineering, the journey was rock bottom. It's not easy for everyone to get a job with a low academic score in engineering. 19 | 20 | I was one of them. I applied for jobs, attended many walk-in interviews, and got my first job in the networking field as a network engineer. I knew this was not my path, and my mind was still on ethical hacking. I used to work from 9 am to 6 pm (we did not have Saturday and Sunday off). I utilized my post-working hours to study ethical hacking and started researching it. I still remember reading the theory and trying to visualize how virtual machines work to set up Kali Linux, and then I started practising. Finally, after learning for all these years, my hard work paid off. 21 | 22 | I reported a vulnerability in Microsoft and got into their Hall of Fame list. That's it. Then the journey of becoming an ethical hacker started. After that, I never looked back. I got many halls of fame in top-notch organizations. During this period, I got invitations from various top engineering colleges in Mumbai (India) to conduct workshops on Ethical Hacking. I decided to share this knowledge without any monetary reward to help beginners. I have undertaken many talks at various colleges, which can be found here. So, with this knowledge, skills, and many HOF, I got my first job in Cyber Security in 2013. 23 | 24 | 25 | ### **Question:** What were the initial challenges and blockers you faced? 26 | 27 | **Nilesh:** Initially, I faced many challenges and blockers when starting my cyber security career. I needed to figure out where to start or what to read and which path to follow. I had to go through a lot of trial and error before finding my footing. I did a lot of research and dedicated a lot of time to understanding the basics of cyber security, learning the different tools and techniques, and developing my skillset. 28 | 29 | I had to take a lot of risks and also face a lot of failures before I eventually found success. However, I overcame the initial challenges and blockers through dedication, hard work, and perseverance and became a successful cybersecurity specialist. All thanks to the people who supported me during this journey, including my mentors, and obviously, god's grace is a must. 30 | 31 | 32 | 33 | ### **Question:** What is the learning methodology you followed or still follow? 34 | **Nilesh:** The learning methodology I have followed for cyber security combines self-learning and hands-on experience via the PortSwigger lab. I have been researching and reading about the different concepts and tools used in cybersecurity and also attending online courses and workshops. Additionally, I have been participating in online CTFs (Capture the Flag) to develop my skills. 35 | 36 | 37 | ### **Question:** What all certifications do you hold, and what certificates would you recommend to the readers? 38 | 39 | **Nilesh:** I currently hold several certifications in cybersecurity, including 40 | 41 | - Offensive Security Certified Professional (OSCP) 42 | - Offensive Security Wireless Professional (OSWP) 43 | - Certified Red Team Professional (CRTP) 44 | - Certified Ethical Hacker (CEH) v8 45 | - Certified Blockchain Expert 46 | - AWS Certified Cloud Practitioner 47 | - Microsoft Certified: Azure Fundamentals (AZ-900) 48 | - Microsoft Certified: Azure Security Engineer Associate (AZ-500) 49 | 50 | Readers should select a certification in the area of cyber security that is most suitable for their goals. For instance, the Offensive Security Certified Professional (OSCP) certification is popular for those specialising in offensive security. In contrast, the Certified Red Team Professional (CRTP) certification suits those interested in red teaming. 51 | 52 | 53 | ### **Question:** What is your favourite thing to hack on? 54 | 55 | **Nilesh:** I like exploring all targets: web applications, APIs, mobile, networks, etc. But if I want to pick the best target, it will always be "web application". 56 | 57 | ### **Question:** What does your tool arsenal look like - Could you share some? 58 | 59 | **Nilesh:** My go-to tools for the recon process are: 60 | - dirserach 61 | - dirb 62 | - Nikto 63 | - ffuf 64 | - Nuclei 65 | - Sublist3r etc. (There are many, but usually these are go-to tools) 66 | 67 | For Web Application Testing, my go-to tools are: 68 | - Burp Suite Professional and its some excellent extensions such as (AutoRepeater, JS Link Finder, Error Message Check etc. ) 69 | 70 | For Network Penetration Testing usually, my go-to tools are: 71 | - Kali Linux 72 | - Nessus Professional 73 | 74 | Many tools might not be mentioned here, but the above is just a high-level view of the essential tools in my day-to-day engagements. 75 | 76 | 77 | ### **Question:** How do you cope with Burn Outs? 78 | 79 | **Nilesh:** Burnout in cyber security and bug bounty can be a challenge, but there are some steps which I usually follow: 80 | 81 | 1. Take Breaks: Take regular breaks throughout the day to give your mind and body a rest. Even if it's just 10 minutes, take a step away from your work and relax. 82 | 83 | 2. Set realistic goals: Setting realistic goals and not trying to do too much can help you avoid Burnout. Break your tasks into manageable parts and focus on one task at a time. Remember to reward yourself when you reach a goal. 84 | 85 | 3. Exercise Regularly: Exercise is a great way to reduce stress and increase energy levels. Take Time to go for a walk, bike ride, or even do some stretching or yoga. 86 | 87 | 4. Eat Healthily: Eating a healthy diet is essential for overall health and can help your mind and body stay energized. 88 | 89 | 5. Find a Mentor: Find someone in the cyber security and bug bounty community who you can look up to and learn from. Having a mentor can keep you motivated and inspired. 90 | 91 | 6. Take Time off: It's essential to take some time off every once in a while. Take a day off or a weekend away to relax and recharge your batteries. 92 | 93 | 94 | ### **Question:** What would you advise the newcomers in Cyber Security? 95 | 96 | **Nilesh:** I advise newcomers to Cyber Security to start by familiarizing themselves with computer security and the typical online threats. This includes researching and understanding the most common techniques used to exploit vulnerable systems and educating themselves on the different types of vulnerability and how to protect against them. 97 | 98 | I want to highlight a few essential points that newcomers can follow for success: 99 | 100 | 1. Learn the fundamentals and Educate yourself: Learning about the different aspects of cyber security is the first step to getting started. Take the Time to read up on the different areas of cyber security, including data security, network security, application security, and more. 101 | 102 | 2. Take advantage of the free resources available over the internet. Many resources provide cybersecurity training and tutorials, so take advantage of them. 103 | 104 | 3. Get Certified: Getting certified in one or more areas of cyber security is a great way to demonstrate your expertise and stand out in the field. Consider getting certified in CEH, CISSP, or other popular cyber security certifications. 105 | 106 | 4. Start Networking: Networking with other cybersecurity professionals is a great way to learn more about the field and stay up to date on the latest trends and technologies. For example, join a local cyber security meetup or attend an industry conference to make contacts. 107 | 108 | 5. Join a Cyber Security Community: Cybersecurity communities are a great way to learn from your peers and get advice from experts. Look for local groups or join an online community like Nullmeet. 109 | 110 | 6. Keep up with the latest news. Cyber security is constantly evolving, so stay up to date on the latest news and developments in the industry. Again, the best place is Twitter. 111 | 112 | 7. Understand the legal and ethical implications of cyber security. Cybersecurity is not just about technology; it is also about understanding the legal and ethical implications of the technology. 113 | 114 | 6. Develop a cyber security strategy for yourself. Test your skills and knowledge with cyber security challenges and competitions. Portswigger lab is good to start with if you look forward to application security. Likewise, as per your area of interest, find a site which provides free tutorials. 115 | 116 | 7. Consider working for a cybersecurity firm or taking an internship. 117 | 118 | ### **Question:** How do you keep up with the latest trends in Cyber Security - Could you share your go-to resources? 119 | 120 | **Nilesh:** To stay up-to-date on the latest trends in cyber security, I follow security researchers on Twitter. This allows me to stay informed of the most current trends and developments in the field. In addition to that, I use the PortSwigger Web Security Academy to practice different types of attacks. 121 | 122 | ### **Question:** What's your life outside hacking? 123 | 124 | **Nilesh:** Apart from hacking, I am passionate about writing inspiring blogs - https://nileshsapariya.blogspot.com/search/label/Lessons%20Learnt, as well as travelling to new places. 125 | 126 | In my spare time, I share my love of cooking through my food blogging YouTube channel, posting videos of my culinary creations and occasionally vlogging. - https://www.youtube.com/c/IndianFoodiesExpress - 127 | Subscribe to my channel, and I'll give you a virtual hug! ;) Just kidding, but seriously, it would make me so happy if you subscribed! 128 | 129 | ### Social Profiles 130 | - LinkedIn: https://www.linkedin.com/in/nileshsapariya/ 131 | - Twitter: https://twitter.com/nilesh_loganx 132 | - Blog: https://nileshsapariya.blogspot.com/ 133 | 134 | 135 | 136 | > Did you find Nilesh's story interesting and inspiring? Please share it with your friends and colleagues to spread the word. 137 | 138 | > We will be coming up with more exciting and inspiring stories Weekly. 139 | 140 | Follow Me on [Twitter](https://www.twitter.com/harshbothra_) -------------------------------------------------------------------------------- /SecurityStories/mrityunjoy-biswas.md: -------------------------------------------------------------------------------- 1 | # SecurityStories - 52 Weeks, 52 Stories 2 | 3 | ## Story - 7: Featuring **Mrityunjoy Biswas** 4 | 5 | ![Mrityunjoy Biswas](../media/mrityunjoy-biswas.jpg) 6 | 7 | Through the SecurityStories series, Today, we are excited to bring forward the story of Mrityunjoy Biswas, a highly skilled hacker and security professional from Bangladesh. He is one of the finest pentester in Cobalt core and has a great experience in application security. 8 | 9 | Let's jump straight into learning more about him and his experience. 10 | 11 | ### **Question:** Could you briefly introduce yourself? 12 | 13 | **Mrityunjoy Biswas:** My name is Mrityunjoy Biswas, an experienced expert with a keen interest in cyber security. I have a background in bug bounty hunting and pentesting. I used to be an active bug bounty hunter at HackerOne and Synack. Currently, I'm pursuing my bachelor's degree in computer science. Also working as a Team Lead and Core Pentester at Cobalt, where I lead pentest engagements. I am very passionate about security and have a proven track record of finding and remediating vulnerabilities. 14 | 15 | 16 | ### **Question:** How did you get started in Cyber Security? 17 | 18 | **Mrityunjoy Biswas:** Back in my school days, I became interested in cybersecurity. I was intrigued by the stories of people who could earn rewards, or "swags," for reporting security vulnerabilities to companies. In addition, I wanted to learn more about bug bounties and Ethical Hacking. Determined to learn as much as possible about these topics, I began teaching myself all I could about the field. I spent countless hours studying and practising, immersing myself in cybersecurity, and developing my skills and knowledge. It was a challenging but rewarding journey. 19 | 20 | During that time, I discovered my first vulnerability, stored cross-site scripting (XSS) vulnerability in Yahoo's mailbox. I decided to report it on their bug bounty program at HackerOne. The company responded quickly and began to triage my finding within hours. A week later, I received a notification that I had been rewarded with a $10,000 bounty for my discovery. It was the first bounty of my cyber security career, and I was shocked. I couldn't believe I had received such a generous reward for my first bug submission. It was an exciting moment that further fueled my passion for cybersecurity and bug bounty hunting. 21 | 22 | I became determined to master the latest tools and techniques in the field. I threw myself into learning about security automation and participated in various bug bounty programs to put my skills to the test. My dedication paid off as I earned recognition in top organizations and was awarded "hall of fame" by over 300+ companies, including major tech giants like Google, Yahoo, Mozilla, Twitter, Gitlab, Snapchat, Microsoft, Intel, Valve, HackerOne, and Synack. It was gratifying to be recognized for my contributions, and I continued to push myself to excel in the field. 23 | 24 | 25 | 26 | ### **Question:** What were the initial challenges and blockers you faced? 27 | 28 | **Mrityunjoy Biswas:** As a security professional, I faced several challenges early on in my career. One of the biggest obstacles was staying up to date with the constantly evolving landscape of cybersecurity. With new threats and vulnerabilities emerging regularly, I needed to continuously learn and adapt to stay ahead of the curve. 29 | 30 | Working with sensitive information also presented its own set of challenges. As a security professional, I had access to sensitive data and systems, and I was responsible for handling this information with the utmost care and adhering to strict confidentiality protocols. 31 | 32 | In addition to these challenges, I had to work within time and budget constraints and maintain objectivity while conducting assessments and implementing security measures. This could be challenging, especially when the results reveal vulnerabilities or weaknesses in the organization's systems. Finally, I had to be prepared to handle negative feedback and handle it professionally. 33 | 34 | 35 | 36 | ### **Question:** What is the learning methodology you followed or still follow? 37 | 38 | **Mrityunjoy Biswas:** As a security professional, I followed several approaches to learning and staying up to date in the field. One of my most valuable methods was attending conferences and workshops, which offered in-depth training and the opportunity to network with other professionals. 39 | 40 | I also made it a habit to stay connected to the latest trends and news in cybersecurity by reading industry publications, writeups, and security articles. These resources provided flexible, self-paced learning opportunities and covered various topics. 41 | 42 | In addition to formal learning opportunities, I practised my hands-on skills through exercises and simulations. This helped me stay proficient in my craft and allowed me to apply my knowledge in a practical setting. 43 | 44 | Finally, networking with other professionals was a valuable resource for learning and collaboration. Also, by building relationships with my peers, I could share knowledge and insights and stay current on the latest developments in the field. 45 | 46 | 47 | 48 | ### **Question:** What all certifications do you hold, and what certificates would you recommend to the readers? 49 | 50 | **Mrityunjoy Biswas:** I hold eWPT (Web Application Penetration Tester) and eCPPT V2 (Certified Professional Penetration Tester) security certification through e-learning security. 51 | 52 | I would recommend the readers look into acquiring the following certifications: 53 | 54 | 1. Certified Information Systems Security Professional (CISSP) - This certification is one of the most sought-after security certifications in the industry. It is designed to help validate an individual's knowledge of information security standards and practices. 55 | 56 | 2. Offensive Security Certified Professional (OSCP) - This certification helps validate an individual's ability to identify and exploit vulnerabilities. 57 | 58 | 3. Offensive Security Web Expert (OSWE) - This certification helps a practical understanding of white box web application assessment and security. 59 | 60 | 4. CompTIA Security+ - This certification covers networking, operational security, access control, and organizational security. 61 | 62 | 5. CREST - CREST Certifications are recognized worldwide by the professional services industry and buyers as the best indication of knowledge, skills and competence. 63 | 64 | 65 | ### **Question:** What is your favourite thing to hack on? 66 | 67 | **Mrityunjoy Biswas:** My favourite thing to hack on is web and mobile applications. With web & mobile applications, I can explore and exploit their vulnerabilities to uncover security flaws and improve their security features. I enjoy the challenge of finding weaknesses and developing strategies to protect them from future exploitation. Some of my favourite attacks are Remote Code Execution, SSRF, XXE, SQL Injection, and Broken Access Control vulnerabilities. 68 | 69 | 70 | ### **Question:** What does your tool arsenal look like - Could you share some? 71 | 72 | **Mrityunjoy Biswas:** 73 | To kick off my recon phase, I utilize Subdomain Enumeration Tools, Nuclei, Waybackurls, Gf by tomnomnom, Project Discovery tools, and BurpSuite. In addition, I also use a variety of custom scripts and other tools depending on the task at hand. 74 | 75 | Some of my tool arsenals include the following: 76 | 77 | 1. Nmap: An invaluable network mapping tool that allows me to scan for open ports, OS and service detection, and more. 78 | 79 | 2. Nessus: An industry-standard vulnerability scanner that can detect potential risks and security vulnerabilities. 80 | 81 | 3. Burp Suite: An integrated platform for performing security testing of web applications. 82 | 83 | 4. Metasploit: A robust framework for exploiting networks and systems. 84 | 85 | 5. SQLMap: A tool for automated exploitation of SQL injection vulnerabilities. 86 | 87 | 6. Dirserach / FFUF: It allows users to perform a complex web content discovery, with many vectors for the wordlist, high accuracy, impressive performance, advanced connection/request settings, modern brute-force techniques, and excellent output. 88 | 89 | 7. MobSF - Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. 90 | 91 | 92 | 93 | ### **Question:** How do you cope with Burn Outs? 94 | 95 | **Mrityunjoy Biswas:** Burnout can be a real challenge regarding Hacking. I like implementing a few strategies into my work routine to prevent burnout while hacking. This can include taking regular breaks to stretch and relax, setting clear boundaries between work and leisure time, and prioritizing self-care activities like exercise and getting enough sleep. 96 | 97 | I also like to make sure I'm taking time to do something I enjoy outside of work, whether going for a walk, playing sports, or watching movies. Additionally, it is helpful to vary my tasks and projects, seek out professional development opportunities, and learn to keep things fresh and exciting. Finally, I communicate with my team and colleagues about my workload and any challenges. 98 | 99 | 100 | ### **Question:** What would you advise the newcomers in Cyber Security? 101 | 102 | **Mrityunjoy Biswas:** As a security professional, I would advise newcomers in Cyber Security to always be curious and never stop learning. Technology is constantly changing and evolving, so to stay ahead of the curve, newcomers must stay up-to-date on the latest trends and techniques in the industry. This could include learning programming languages, networking protocols, and operating systems. It's also essential to stay current on the latest trends and developments in the field, as the landscape is constantly evolving. 103 | 104 | Also, I advise newcomers to get involved in the community by attending conferences and events, joining online forums, and connecting with other professionals in the field. In addition, I recommend gaining hands-on experience through internships, hackathons, continuously participating in CTFs, and other practical opportunities to apply what you've learned. Finally, I encourage newcomers to build a network of professionals in the industry, as having a support system and mentors can be invaluable for learning and career development. All of these tips will help newcomers excel in Cyber Security. 105 | 106 | 107 | ### **Question:** How do you keep up with the latest trends in Cyber Security - Could you share your go-to resources? 108 | 109 | **Mrityunjoy Biswas:** I like to keep up with the latest trends and developments in the cybersecurity field by regularly reading industry publications and blogs, attending conferences and events, and participating in online communities and blogs. 110 | 111 | Some of my go-to resources for staying informed include: 112 | 113 | 1. Black Hat and DEFCON - These are two of the most well-known annual conferences in the cybersecurity field. They offer a wealth of information on the latest trends and techniques in the industry. 114 | 115 | 2. Reddit's cybersecurity netsec - This netsec is an excellent resource for staying up to date on the latest news and trends in the field, asking questions, and engaging in discussions with other professionals. 116 | 117 | 3. Security blogs: Reading security blogs is a great way to stay on top of the latest trends in cyber security. Some examples include: 118 | 119 | - The Hacker News 120 | - Security Boulevard 121 | - infosecwriteups 122 | 123 | 4. Twitter: Twitter is a great place to follow security experts and stay up to date with the latest news in cyber security. 124 | 125 | ### **Question:** What's your life like outside Hacking? 126 | 127 | **Mrityunjoy Biswas:** As a security professional, I have various interests and hobbies outside of work. As I said before, outside Hacking, Currently, I'm pursuing my bachelor's degree in computer science. Some activities that I enjoy include, Staying physically active - I like to go for runs, bike rides, and hikes, and I also enjoy participating in sports. At weekends, I loved playing football with my friends. I love exploring new places and experiencing different cultures. I take at least one international trip each year. Also, Spending time with friends and family. I value my relationships with the people close to me and try to make time for social activities and gatherings. 128 | 129 | 130 | 131 | ### Social Profiles 132 | - LinkedIn: https://www.linkedin.com/in/mrityunjoy-biswas/ 133 | - Twitter: https://twitter.com/mitunjoy11 134 | 135 | 136 | 137 | > Did you find Mrityunjoy Biswas's story interesting and inspiring? Please share it with your friends and colleagues to spread the word. 138 | 139 | > We will be coming up with more exciting and inspiring stories Weekly. 140 | 141 | Follow Me on [Twitter](https://www.twitter.com/harshbothra_) --------------------------------------------------------------------------------