Pentester Origin Story: How did you first get involved in pentesting?
Once I graduated and was figuring out what to do in life, I was fortunate enough to speak to many people in different fields and understand more about other work streams. While speaking to one of them, the word “break” caught my attention on the question,” Do you want to build or break?” We started talking about security and how we can make a difference. Then I went home, researched many things, and started my first online course. This helped me find my passion, and it was only later that I understood that hacking is not so simple and this field is a different ball game.
What motivates you when it comes to pentesting?
My primary source of inspiration comes from the fact I am fascinated by this intersection of security and technology, which comes together. It makes me want to learn more, gain more skills, and break some stuff.
What is it like being on the younger side of the industry?
I am extremely fortunate and grateful that I found my passion early in my career. Since there are so many incredible hackers in the community and the field is so vast and constantly evolving, it feels overwhelming at the same time too. I keep reminding myself with a positive attitude to be consistent and keep learning daily. I am happy to be here and having a good time so far 😀
What do you feel makes an excellent pentest engagement?
A successful pentest engagement involves collaboration, active communication, and teamwork. Additionally, it is super beneficial when the client is engaged and highlights the crucial areas you must prioritize during pentesting.
What kind of targets excites you the most? Do you have a favorite vulnerability type?
I like switching things up and enjoy a combination of targets depending on the situation. Sometimes I prefer straightforward, and it's easier to find issues. Other times I like complex, challenging, and new targets that force me to step outside of my comfort zone and need me to learn something new or think outside the box to tackle it. I love working on targets with critical business use-cases and understanding the security controls and measures in place and if I can bypass them. My favorite vulnerability types are SSRF, RCEs, and Business Logic issues with high impact.
Where do you go to learn about different security concepts? Are there specific pages/handles you follow?
Anytime I'm learning a new topic, I start by searching for existing information on google. I look for blog posts, how-to articles, and mind maps if any are available. I list all the pertinent links, bookmark them, and review them one at a time. I create my notes and checklists. I next scan Twitter to see if any new information is available and note them down.
Furthermore, I look for any available open source tools, vulnerable applications, or online labs relevant to that topic. I also like Portswigger’s website a lot to learn about new and different kinds of vulnerabilities. I do a few online labs frequently, such as PentesterLab and HackTheBox. I follow John Hammond, ippsec, The Cyber Mentor, and Bug Bounty Reports Explained channels on YouTube to stay updated.
How do you conduct research and recon for a pentest?
I start by understanding what type of application it is and what its business-specific use-cases are. I review the documentation provided and, if available, the APIs. After that, I look at the login pages, the type of authentication/authorization in use, and the underlying technologies. I prefer to employ mostly manual methods with a few automated techniques. For recon, I use a lightweight Burp Scanner with fuzzer integration, parameter fuzzing, Nuclei, JSFinder, Secret Finder, and Dirserch with customized wordlists.
What are the go-to tools you leverage?
I primarily use Burp Suite Pro with a few extensions. I also use Nmap, ffuf, dirsearch, and sqlmap depending on the use cases.
What advice would you offer to someone interested in getting into pentesting? What do you wish you had known before you started?
The fact that cybersecurity is a very vast field that attempts to research, explore, understand different domains and identify your specific area of interest. Compared to when I first started, all the materials needed to begin in the field are widely available today. Lastly, remember not to doubt yourself; be patient, and you got this!
What do you wish every company/customer knew before starting a pentest?
The customer should know the pentesting process and provide all the necessary documentation. It is incredibly beneficial when the customer specifies the key areas and critical functionalities to focus on. Additionally, it is a plus if the client has been more open, supportive, and non-restrictive throughout the testing period.
What do you like to do outside of hacking?
Aside from hacking, I enjoy traveling, exploring new places, and trying out new restaurants. Every quarter, you will see me backpacking. I love to attend concerts and have many of them planned for the year. I'm also a movie buff.
What are your short-term and long-term goals?
In terms of short-term goals, my friend and I are working on a research topic and hope to present it at various conferences. I also intend to complete a few certifications that I have in mind. For long-term goals, I want to continue learning daily, improve myself, and acquire more skills.