This week, we are spotlighting our finest researcher “Bibek Neupane,” also known as “@nb1b3k” for his recent outstanding achievement on our Bugv platform, as well as congratulating him on his top 3 positions on the leaderboard.
By placing him in the spotlight, we were able to ask him a variety of questions about his journey, his challenges, his techniques, his inspiration, and how it has influenced their social and professional lives, among other things.
We are hoping that his story will encourage our fellow hackers and those who are considering joining this community.
Below mentioned are his answers for the questions that were asked to him:
1) How did you come to know about hacking?
I was in class 7 when my friend Anish taught me to root an android phone. I followed tutorials to modify game coins, did MITM, and cracked WPS enabled Wi-Fi 😀 but I developed a good interest when I was in class 9. I had a phone, followed tutorials on YouTube and Google using mobile data, and learned some basic web attacks.
And during my college, my friend Bishal guided me a lot to get into this field, it becomes easy when you have a friend interested in the same field, which really makes the learning process easy. And that is how I got to know about hacking and how it all started.
2) What motivates you to hack and how long have you been into hacking?
It’s more fun while I’m hacking. Previously I was just learning and learning and didn’t really report vulnerabilities. It was just 4 months back, March 17, 2021, when I reported my first ever bug in Bugv, which was obviously a duplicate. And the first bounty I got from Bugv, was June 06, 2021, which really motivated me a lot. Thanks to Bugv.
3) How do you choose a program?
I choose those programs which I can easily understand the working mechanism of. If a program has an easy working mechanism and has more user interaction, I choose that.
If you are a beginner like me, make sure you watch this video: https://www.youtube.com/watch?v=A0LTyH4tOmQ and the complete series if possible.
4) Who is your inspiration?
Katie [ @InsiderPhD ], She’s the one I always look up to. I learned a lot from her.
5) What advice would you give to hackers?
If you don’t get valid bugs even after trying for hours, take a good break and make sure you drink plenty of water as well. There was a time I left searching in the program thinking all bugs were already reported, and the very next day I reapproached and got a valid low-hanging bug.
6) What is your favorite bug type and why?
IDORs, It’s very easy to spot one of them and also has a good impact most of the time. Sometimes it even leads to Account Takeover, and it’s present in an API or webapp most of the time. Firefox Containers help a lot finding them.
7) What are a few of your favorite hacking/security tools?
Well, all I use is Burp + Firefox, subfind3r for subdomain enumeration. Here I want to mention a tool “Openbullet”,
It’s an open-source tool with many features, used more by crackers but still. You can enumerate API endpoints, fuzz directories and files and have selenium features also. The best thing about this tool is it supports multi-threading with proxies, which is very useful when our IP gets banned by the server. You can create your custom Configs [ file to FUZZ, enumerate and automate] to use this tool according to your needs. One can create web scrapers also with 0 knowledge of coding, just by adding blocks. This tool did help me find a bug for real.
8) What do you enjoy doing when you aren’t hacking?
I’d probably be watching random YouTube videos or listening to songs when I’m not hacking, I barely watch movies and series though.
9) What advice would you give to someone who is starting out as a beginner in bug bounties?
I found it very hard to get the first bounty, so don’t lose hope, keep trying. Maybe after many duplicates, you’ll eventually get one for sure.
For learning, I suggest two Youtube Channels, InsiderPHD
[ https://www.youtube.com/channel/UCPiN9NPjIer8Do9gUFxKv7A ]
and Hacking Simplified
[ https://www.youtube.com/channel/UCARsgS1stRbRgh99E63Q3ng ]
10) What is a quick hacking tip or technique that you recommend?
IDs == IDORs 😉
11) How have bug bounties impacted your life?
It’s just been 4months since I’ve been hacking but the main impact that I see right now is It made me completely stop playing video games and I focus more on learning new things and trying them out.
12) How much time do you spend hunting bugs?
If college start, I barely get time to turn on my PC but during this lockdown, I’m in front of my laptop the whole day, either learning or trying it out for an average of 8-9 hours of my day.
13) Do you have any favorite tools or resources to learn? What do you do to keep up with all the new trends?
About my tools, I already mentioned them above. And I regularly check Twitter for new info and a telegram channel [ @hackingsimplified42] by Aseem Shrey. Thank You!
Thank you Bibek for your inspiring and informative answers.