In our next story of “Meet the Researchers, behind the Platform of SafeHats”, meet Lavanya, our security researcher who believes in preparing and learning in order to achieve perfection!
A tete-a-tete with Lavanya on how he came into the world of security researchers to fulfill his personal goals of helping the people in need.
1. When did you first get interested in Computers and Hacking?
It was class 4 when I first started exploring the world of computers. very deeply & closely. When I was around 13, one of my friends and me while working on a school project in a cyber-café started exploring Youtube videos and that is where I first came across a video to blink all lights in keyboard through some script which later on I realized was batch scripting. This increased my curiosity and I started seeing and learning by watching these kinds of videos.
2. What was your idea of hacking when you first started it?
Initially, I Started hacking for fun and learnings and eventually I grew really fond of it. When I was in class 10 and 11, I always wanted to learn more about it but as my dad expired and financial problems came up, I couldn’t. I didn’t have a laptop, didn’t have an active internet connection and didn’t have any guidance or mentorship. So after completing my higher secondary, I started an accounting job to earn some money and get a second-hand laptop to start researching ethical hacking.
3. Did you learn the art of hacking from a mentor or are you self-taught?
I believe along with a constant mentor, self- learning is equally important for ethical hacking. Hacking is a form of art and it comes by practice. Google & YouTube are my biggest mentors. Google still plays a vital role while playing CTF or Bug Hunting. Ishan Sir, Deepak Sir, Rakshit Sir, were those who taught me how I can leverage my skills in the right direction keeping my interest in the place. I also idolize my friend cum brother Pushkal who is always with me in any situation.
4. Why Bug Bounty and hacking fascinates you?
In the beginning, I did hacking only for knowledge and fun but after reading lots of blogs, write-ups on ethical hacking and upcoming of the financial crisis, I started doing Bug Bounty. Generally, for Hackers, this is the best way to earn legitimate money by working from home. But for me, it is like a challenge. I always do it for my passion & always do it to learn something new. I always believe — If I don’t get a bounty, I get the knowledge and experience.
5. Who are your inspirations?
My mother and my brother always inspire me to work hard. Edward Snowden inspires me a lot. Anand Prakash Sir was the one, who inspired me and got me into bug bounty. I feel all those people who thought that me being from commerce background, would be a hindrance to my interests in ethical hacking are to be truthful, my biggest inspiration.
6. What is your personal goal?
My personal goals are to live happily, work harder and always be ready to help.
7. What’s the one bug you’re most proud of yourself for finding?
I Found one Privacy Bug in Facebook and I love that the most because it took me around 1 month to properly explain this bug. It is still in triaged state and thus I can’t divulge more details about it but using this bug one could see some personal things of one’s FB friends.
8. What kind of security vulnerabilities do you love to hunt?
I love to find Authentication bugs, RCE (Remote Code Execution), Authorization bugs & last but not the least XSS (Cross-Site Scripting).
9. What is the biggest bounty you have received?
My highest bounty is $500 from Facebook. But one bounty of 70 Euros is very close to my heart as this was my first bounty.
10. What advice would you give to budding security researchers?
My advice would be — stay motivated and update yourself with new attacks and defenses, follow Bug Hunters on twitter and read their blog posts or bug hunting writeups, do some CTF and always try to think practically. This is the best way to enhance skills. Rather than luck, hard work pays.
There is one quote which has always influenced me a lot, “If I had eight hours to chop down a tree, I’d spend six hours sharpening my axe.”
Want to know how such bug bounty platforms are transforming the roles of CISO’s in organizations? Read, how the role of traditional CISO changes when they engage with coordinated vulnerability management platforms.