AMA with Armaan Pathan
-
Any tips for Synack hunts and good finds in old programs there?
- Dig as much as you can. Checking for each every endpoints/parameters for every possible attacks and most importantly never give up if you dont get bugs for 2-3 days.
-
What tools you used and what stuff you automate during bug hunting? How much time normally u spend on recon and vulnerability hunting? When and why you decide to leave target? Do you follow any checklist during hunting?
- I do not use any tools for automation,i mostly hunt on synack so I leave the target when it gets deactivated.
-
What is the methodology of this Bug: https://twitter.com/armaancrockroax/status/1375528412975087618?
- Used redirection technique, which extracted metadata.
-
Deeper vs Wider? What do you focus more on? Technical vs Logical bugs? Preferences? How do you look for Server side bugs if there’s no obvious parameters or functionality?
- I focus on both logical and technical. To be very honest, you wont get low hanging issues, just keep on eye on each and every module for the updates.
-
Tips/advice to get into entry level Pentesting Job?
- Basic understanding of OWASP top 10 and also refer to this: https://owasp.org/www-project-web-security-testing-guide/assets/archive/OWASP_Web_Application_Penetration_Checklist_v1_1.pdf.
-
Is Bug Bounty Experience or CVE published is necessary for getting a job?
- No. Not at all, i know many peeps who has no bug bounty background but they have awesome jobs and they have done awesome researches.
-
What is your hunting methodology? Which is your niche bug (which type of bug you hunt most and focus on)? Any notes you can share?
- Ummm mostly IDOR/Privilege Escalations but yeah i look for every possible attack vectors. But for IDORs/PE, make a note of endpoints, try to guess/brute force parameters.
-
Q1) What resources did/do you follow to learn application penetration testing?
-
Q2) Are you specialised in certain bug(s) or hunt for all bugs in your target?
-
Q3) Which types of program do you hunt on?
-
I use pentesterlab to learn/update my skillset.
-
I usually look for the big scope which has multiple user roles and modules.
-
-
How to get job in Infosec?
- Learn about information security and once you feel that you have enough knowledge of basic stuff, start applying into companies.
-
Q1) Top 5 tools that your using?
-
Q2) Top 5 your Favourite Bugs?
-
Bugs:- Umm as such no specific, but yeah I love idors/privilege escalations as these two are easy to find.
-
For tools, I use burp suite (intruder,collaborator,repeater) and ffuf.
-
-
Requirements for joining synack red team?
- Ummm not sure about now that what are the requirements as i have joined in 2015, but yeah you might require both app/host testing/exploitation skills.
-
What does your daily schedule looks like & how many hours you do bug hunting?
- Ummm! Not daily. I have a full time job. So basically I do bug bounties on Friday Saturday only.