Everyone has an origin story - so I’d like to know who you are and what brought you to a career in pentesting?
It started back in my college days when I learned routing and switching. This was around the time I was training for my CCNA. I wondered what could go wrong if I connected many internal college lab computers to similar switches. So, I started searching for tools to probe internal networks and found many free tools like Angry IP Scanner, Nmap, Cain & Abel, and Maltego.
Without knowing the consequences of running scanners, I began to scan the internal college network. And guess what?
I found a bunch of internal IP addresses. To my surprise, some gave direct access to attendance management systems and FTP file servers. These contained answers for tests, lab solutions, and a treasure trove of information.
One fine day, after my discovery, I found that network administrators can easily find script kiddies using a mac address of a device even though we use mac spoofing tools.
This led to a detailed discussion with my college management and network administrators. They gave me a chance to collect and share all the information I could find on our college network as part of a college internship.
After spending nearly a year learning about hacking tools, securing our internal college network, and attending various hacking workshops, I eventually found that I wanted to pursue a career in information security.
After graduation, I got a chance to work on vulnerability management and threat intelligence projects. I remember spending my weekends attending various penetration testing talks and workshops from local security communities like Null & OWASP in Bangalore. Life choices, I believe, helped me vastly improve my skills in penetration testing.
How did you first cross paths with Cobalt? What made you want to join?
I learned about Cobalt after meeting a few security researchers like Pranav Hivarekar, Swaroop Yelmarker, and Nikhil Srivastava at an international security conference. They were voices I trusted in the community.
We had a conversation about their experiences and opinions on working with Cobalt. What they told me had me excited to join in too.
What are the top 3 traits that a pentester should possess to succeed with Cobalt?
Erudition Learning:
I firmly believe that learning is a journey, not a destination. So, one should have curiosity and the determination to apply themselves to new technologies, tools, and processes to succeed in any type of pentest engagement.
Team Player:
I feel being a team player with trust and transparency is a critical aspect of a successful team.
On every project engagement, informed team members are more likely to trust you, stay engaged, and are more motivated to reciprocate. Help your other team members and learn from them as well. There is always something new to learn from everyone, irrespective of their experience and profile. When team members share information, and everyone is on the same page, this - in turn, results in good project delivery from the team.
Soft Skills:
Since the penetration testing is primarily technical, a pentester should also attain specific soft skills to do their job efficiently. This includes traits like interacting with peers/team members and clients regularly throughout the project duration, articulating and explaining our findings to others in a way they can easily understand, and being capable of writing professional pentest reports.
What about pentesting makes it the ideal job for you?
We all know that technology moves at the speed of innovation. Everything is constantly shifting and growing. That is one of the main reasons I am here.
Solving critical business problems has been a keen interest of mine. I'm passionate about learning new technologies & tools in cyber security. In my role as a pentester, I get a chance to work on different applications and technology stacks. This breaks up the monotony of work and helps me cover more ground for possible vulnerabilities.
Everyone has their specialties when it comes to pentesting. What would you say yours are?
My areas of expertise are APIs and Mobile & Cloud/Cloud-Native Security. I love working on these project areas, which I find more challenging and exciting targets for pentesting.
What sort of recon do you do for these engagements?
I explore the application from an end-user perspective and will try to understand the application's business logic. I plan my recon strategy based on the pentest scope; I invest some time in reading about the product/API documentation and understand the technology stack in use for the target. Depending on whether the scope is a production or staging environment, I plan & perform my active & passive recon activities accordingly.
How did you start to develop these skills? Were there any resources that helped you along the way?
I started to develop these skills by following many security researchers on Twitter and constantly keeping an eye on their quality posts/retweets. I watch past security conference talks, especially from Blackhat & Defcon conferences, which are related to my areas of interest. I also love investing my weekends at security communities like Null & OWASP Bangalore, India.
Are there specific tools you like to use? What do you find is the most effective way to use them?
For the initial Recon tasks, I prefer running tools like Amass, Nuclei, waybackurls, Gf Patterns, project discovery tools in an automated fashion with bash scripts, and automated reconnaissance frameworks like reEngine, which helps me in managing all the tasks in a single dashboard. If we talk about a specific tool for WebApplication & API PenTesting, I prefer BurpSuite Professional
BurpSuite Professional: I personally feel that an effective way to use burpsuite tool would be to make use of tweaks like Advanced Target Scope filtering with Regex patterns, using Colour Highlights and Comments options under the HTTP History for potential/interesting application endpoints/requests. To simplify the redundant configurations one can create user and project option level configuration files with tweaks like hotkeys, commonly used proxy IP and upstream proxy IPs, Match and replace vectors, automatic backup time duration options preconfigured, and can be used as configuration files for every new project.
BurpSuite Extenders & BurpBounty Pro Profiles: When it comes to extenders, I like using Paraminer, Turbointruder, J2EEScan, JSON Web Token Attacker, Hackvertor, InQL, ActiveScan++, etc., along with burpbounty pro templates which helps me to utilize Burpsuite Professional tool in an effective way.
What advice would you offer to someone interested in pentesting?
Learn basics of Linux, Programming, Web/API Technologies, and fundamentals of Networking. These basics come in handy while learning/performing penetration testing.
I love the quote, 'Knowing is not enough; we must apply. Willing is not enough; we must do.’
I believe that this applies to pentesting as well. Unlike earlier days, now there are plenty of resources available on the internet for pentesting. Herewith, I have listed a few resources which can help someone new to pentesting:
Books
1) WebApplication Hackers Handbook - 2nd Edition,
2) Hacking API's - Breaking Web Application Programming Interfaces.
3) Real-World Bug Hunting: A Field Guide to Web Hacking
4) BurpSuite Essentials
5) Learning iOS Penetration Testing.
6) Hacker's Playbook 1,2,3.
Conferences & Communities:
Due to the pandemic, most global conferences are hosted online. So, I’d suggest investing some time into watching talks from international security conferences on YouTube/Twitch. Look for Security communities in your locality and be an active participant, volunteer, and improve your networking skills.
For Example:
- Null Security Community (https://null.community/chapters),
- OWASP Chapters (https://owasp.org/chapters/),
- BSides Chapters (http://www.securitybsides.com/w/page/12194156/FrontPage)
Blogs:
- Cobalt - https://cobalt.io/blog
- Detectify - https://labs.detectify.com/
- Intigriti - https://blog.intigriti.com/category/bugbytes/
- YesWeHack - https://blog.yeswehack.com/category/yeswerhackers/
- Portswigger -WebSecurity Academy, Articles & talks - https://portswigger.net/research/
- Gitbooks: HackTricks community project (https://book.hacktricks.xyz).
- Medium Articles - https://infosecwriteups.com/
What do you like to do outside of hacking?
Outside of hacking hours, I love watching movies, listening to music, and spending quality time with my family & friends.
Also, I practice martial arts, work out at the gym regularly, take drives, and try new cuisines.
What are your short-term and long-term personal or career goals for 2022?
My short-term goal is to enhance my skills in Multi-Cloud/Cloud-Native Security & Blockchain Security.
I aspire to become a better version of myself every day. So, my long-term goal is to keep myself up to date by learning new skills & technologies. I want to be up for more challenging projects, roles, and responsibilities at my current job, Cobalt, the bug bounty space, and contributing back to the Security Communities.
Also, I’m making travel a goal of mine. I wanted to branch out the experiences I have throughout the world!
Read about more pentester experiences with an overview of The Cobalt Core's first pentester, Shashank.