Cobalt PtaaS + DAST combines manual pentests and automated scanning for comprehensive applications security.
Cobalt PtaaS + DAST combines manual pentests and automated scanning for comprehensive applications security.

Pentester Spotlight: Herane Malhotra

This month's Pentester Spotlight features Herane Malhotra, a Core Pentester since 2021 and Lead.

This month’s Pentester Spotlight features another member of the Malhotra family. Last month we featured Goonjeta; now let us introduce you to her brother Herane

Herane’s journey into pentesting started in 11th grade when he could change all the Admin passwords for all the PCs in his school computer lab, and then he was off in his hacking career.  During his first year of college, he encountered bug bounties and found a high vulnerability in Microsoft’s application. 

“My expertise lies in identifying logic flaws which can lead to Account Takeovers,” he said. “Reading research reports from other researchers has always helped me increase my knowledge, and I always think - what would I have done had I encountered this bug? This thinking process has helped me bypass the fixes for many bugs.”

Account Takeovers are also his favorite kind of attacks. He likes that there is always a possibility of taking over an account by chaining authentication-related bugs with business logic flaws. 


Time at Cobalt

Herane turns to Twitter, Youtube, and Medium to stay up to date with the industry, and that’s how he found Cobalt. He joined the Core in June of 2021. 

“I love that we researchers get to interact with the client directly, understand their assets, and perform the pentest accordingly,” he said. “Being a lead also allows me to guide and interact with the new pentesters.”

When working with customers, Herane wants them to know that they will have a pentest unlike any they’ve had before. 

“They’ll get regular updates on the tests performed and bugs identified,” he said. “This will help them increase the security posture of their applications and other assets.”

As a Lead in the Core, Herane has proven himself a natural leader and teammate. To those interested in joining the Core, he has this to say:

“Get ready for some amazing experiences and sharing knowledge with everyone,” he said. “Cobalt core is a very friendly community of cyber security experts. Feel free to contact the TPMs, content team, and other pentesters; they all are super friendly and helpful.”

Being in the Core is extra special for Herane because he gets to work with his sister, Goonjeta. She joined a couple of months after Herane in November of 2021.

“She is exceptionally talented, and working with her is great,” he said. “A lot of times when we are hacking together, we come up with amazing ideas, which has often led to some unique and interesting bugs with high bounties. She is a great hacker, and I enjoy collaborating with her.”


Personal Life

Herane also has a popular Youtube channel with over 100k subscribers, where he shares his journey in cybersecurity along with other related topics. He currently lives in India, where he appreciates how many cybersecurity researchers live there. 

“I believe that I can learn new things very quickly, he said. “Not just related to cybersecurity, it can be related to music, sports, YouTube, and cooking. I am also very adventurous and love exploring new places and meeting new people.”

Cobalt Core Pentester InfoGraphic

Back to Blog
About Shelby Matthews
Shelby Matthews is a Community Content Associate at Cobalt. She works to empower the Cobalt Core of professional pentesters, by providing them with a platform to produce content and showcase their expertise. She graduated from the University of Missouri with a degree in Journalism and uses it to bring the Cobalt Core's stories to life. More By Shelby Matthews