Hacker Story - Ashish
Growing up as a kid in the early 2000s, I had a connection with computers. I remember going to school and spending my time on the computers at the lab. I also remember my dad getting me my first laptop, which I only used to play games with my brother.
When it all started
Back then, my dad used to buy the newspaper, and I enjoyed reading it every day. One day, on the front page, was news about a hack on our town’s municipality website, so I quickly googled the website to look into it. When I opened it, I was intrigued to see how someone can hack a website and spread their agenda with defacement. I decided that since I had a laptop, it was time for me to put it to use for something other than just gaming.
A whole new world opened for me
I started to spend my time researching how to hack the games I play, how to crack my favorite software and whatnot. Although in my parent’s eyes I was just wasting my time, I was confident I would make something out of it. And slowly, it started to happen.
As days passed, I spent more and more time googling about hacking and reading about how you can hack WIFI and Bluetooth with kali Linux (backtrack then). The more I researched, the more I found.
One time I grabbed a copy of backtrack, even though I had no idea what I was doing as I had no clue and had never even used Linux before. So I read tutorials, explored documentation, watched videos, and eventually was able to learn Linux and get myself familiarized with its commands.
Then, it happened
One day scrolling through Facebook, I saw someone posted their achievement about bounty and swags that they got from some company they hacked legally (“Ethically). I was like - If I can make a few bucks, then I can change my parents' minds about this being a waste of time. So I started a deep search into vulnerabilities, vulnerability scanners, etc.
At first, I had no clue what I was doing. But it all started to make sense as I spent more and more time sticking to my laptop and my Symbian phone. I found information about platforms like Bugcrowd and HackerOne, where you can submit bugs and get money for them.
So I registered and looked into the scope and blindly ran them in automated scanners i.e., Acunetix. I copied and pasted the findings and surprisingly some of them even got accepted. And then I was like - wow! Besides that lucky discovery, I was able to learn a lot in the process as I got to look into those vulnerabilities and try to understand them. And then… It happened.
I got my first $100 bounty from Malwarebytes. My parents were so happy when I told them. They assured me that I would take care of myself and make a good life. I think they were right because computers are, were, and will be my thing, and I wanted to pursue my passion.
Then I needed a break
I started spending all of my time hacking random companies with bug bounty programs and compiledf hundreds of reports for hundreds of companies. Of course, that was impacting my studies at school, but hacking companies was thrilling to me. Finally, I understood I needed a balance, so I corrected myself and passed through school with fine grades.
Once I graduated, I started hacking full-time again, but this time I was losing interest as some companies did not respond to my reports, or my reports got closed and not accepted, or got marked as duplicates a lot.
Lesson learned: I needed a mental break. So, I took one.
By the time I came back, a lot more people had gotten into the bug bounty game and things got even harder. So, I decided to level up my game and spent hours learning to code so I could run automation for the recon process. It improved the way I do recon and was a total game-changer.
Involvement and collaboration with Hackers
I got in touch with a guy on Discord (Wabaf3t), he DM-’d me and we discussed some things regarding the vulnerability he found and wanted to leverage. We started getting along and working closely together. One day, he introduced me to Sick codes and that´s when we started doing magic, we did some great hacks together with another famous Hacking Group.
At this stage, I got more and more into Vulnerability Research, analyzing, and understanding the vulnerabilities exploited in wild, and then proxy shell vulnerability came into the limelight so Wabaf3t and I spent time trying to replicate that 0day. And eventually, we did it, before it was even publicly known.
Turning Point
I was in touch with some awesome Chinese security researchers and got a lot of intel from them about this vulnerability that I shared on Twitter. I think that caught some attention and that is how I landed a job.
And here I am now, trying to save the world.
My Takeaways
- Do not put too much pressure on yourself, as mental peace is really necessary.
- Have a Hacker mindset. If you cannot think like a hacker, you cannot hack like one.
- Prove yourself when it's time.
- Believe in yourself.
- Learn a Programming Language that would give you a lot of advantages and make your life easy
- Have patience and keep yourself focused.
- With great power comes great responsibility.
Ending Note
A lot of things happened in my life and taught me that you need to have confidence in what you are good at, have self-esteem, and be proud of yourself for what you have achieved.
Learn how AI and Machine Learning are changing Pentesting.