This week, we are highlighting “Baibhav Jha,” also known as “ @spongebhav,” one of our best researchers, for his recent outstanding performance on our Bugv platform.
We were able to ask him a range of questions about his journey, challenges, tactics, motivation, and how it has affected their social and professional life, by putting him under the spotlight.
We hope that his experience will inspire our fellow hackers and others who are thinking about joining our group.
The following are his responses to the questions that were asked to him:
1) How did you come to know about hacking?
I was always fascinated with computers. I came to know about phishing from around class 5th which gave me a slight idea about hacking. Bug Bounty is something that I discovered in class 10th when I found a vulnerability in Instagram and wanted to get it resolved. I didn’t know about bug bounty at that time but suddenly one day I saw a post where someone got rewarded for his Facebook bug. From comments, I came to know about how we can report the vulnerability. I then reported it and was rewarded for that 3 months later. That was my entry point in bug bounties.
2) What motivates you to hack and how long have you been into hacking?
I have been hacking for around 2 years now. The main motivating factor is the feeling I get after getting a vulnerability. The Adrenaline Rush is the main factor of motivation. Secondly, money and the feeling of being self-sufficient is also a motivating factor.
3) How do you choose a program?
Mostly, I chose a wide scoped program with a good response time. Also, mostly I like hunting on the main application.
4) Who is your inspiration?
Naming an inspiration would not be fair. There are so many people I admire. I got into bug bounties after finding my first bug, it was an amazing feeling. I wanted to feel the same thing again. So chasing that feeling is what inspires me to hack.
5) What advice would you give to hackers?
If I had to give one piece of advice, it would be to not depend only on tools made by others while you’re hacking. Getting deep insides and understanding the fundamentals of how things work will greatly help in the long term.
6) What is your favourite bug type and why?
I don’t have anything that I can classify as my favourite. However, mostly I try to break the application logic and then also try OWASP top 10 vulns.
7) What are a few of your favourite hacking/security tools?
One of my favourite tools would be Nuclei and Burp Suite.
Why Nuclei because it makes automation very easy and also coding Nuclei templates are very easy.
Why Burp Suite because it makes the hunting process so much easier.
8) What do you enjoy doing when you aren’t hacking?
I enjoy watching movies. I also like music, currently, I am also learning Guitar. Also, I have to focus on my studies as I am still a student and I don’t hack full time.
9) What advice would you give to someone who is starting as a beginner in bug bounties?
I would like to advise them to start learning the fundamentals of security instead of just copy-pasting other people’s findings and trying other targets or just running tools.
10) What is a quick hacking tip or technique that you recommend?
A quick tip would be “Learning > Money”. Money will follow over time if you get skilled enough.
11) How have bug bounties impacted your life?
Bug Bounties has impacted my life in many positive ways. One of the best things would be making me self-sufficient.
12) How much time do you spend hunting bugs?
Depending upon if I have other things to do. I spend around 1-5 hours a day, some days even 0 hours hunting.
13) Do you have any favorite tools or resources to learn? What do you do to keep up with all the new trends?
I follow HackerOne’s Hacktivity and pentester land to keep me updated with the community. Also, Twitter Bug Bounty Community is a great way I keep myself updated while also getting entertained.
Thank you Baibav for your inspiring and informative answers.