Monday, 16 May 2016

On 05:51 by admin   1 comment
Today i would like to introduce you all Mr. Satyam Rastogi a well known security researcher from India !

So, lets start interview with him and find out more !

1. Hello, Satyam Rastogi introduce yourself to our readers.

Hello, I am Satyam Rastogi, a Uttrakhand Regional Body- Head for Cloud Security Alliance, I’m C|EH, E|CSA, C|HFI, MCTS, CCSK, CCNA R&S, CCNA SECURITY, A+, N+ and lots more.

2. How you started the journey as a security researcher ?

I belong to very peaceful and small city “ Rudrapur city” which in the heaven “ UTTRAKHAND” State. Well my love in information security goes a long way back.

I decided to turn my activities into legal form , I started  to surf and dig more and more into deep of information security domain, after some time I entered into colleges studies & During my college studies, I started working with many organizations  for network security and information security projects. Well as planned I came into corporate world with a job but not at a fresher level ,I start vulnerability assessments for many companies, and got acknowledged by many of multinational companies like : ADOBE , ESET , BLACKBERRY , NOKIA , SONY , FROXYCART , GIFTCART, SKYTV, ANCILE Solutions Inc. , OnePageCRM , Abacus , Sunrise Calendar ,  & many more .

3. When did you start hacking and tell us about your experience ?

Well I start hacking when I was just 16,that time I was crazy about the things which we used to do now a days like the way we hack any website & most loving thing was the matrix :P,  I love do hacks, I used to create viruses, bots and much more that time I really enjoyed a lot :D after entering into web application hacking I hacked many reputed & trending  websites & databases, uhhh I know that’s not legal :P

I hacked my university network and jammed it for a month that time I putted my name on the servers & switch because they were not even able to recorganize that who’s again n again doing this , ooops after investigation they came to know that I’m that guy who’s hacking there network again n again, they asked for my help n I helped them too. i worked with many officials for cybercrime
investigations & also given my best to spread the awareness about information Security.

4. How did you start learning hacking and who taught you ?

As I told you before I start doing hacks in my teen age, the most important part who taught me hacking well I learned hacking from Shri “GOOGLE” BABA .

5. Which website/system did you first break into  ? what's the vulnerability ?

I don’t remember exactly, but the big hack during my teenage, I hacked into a website of some online flight ticket booking website & got multiple credit cards information from there and lot of information was there , there was the vulnerability of BLIND SQL ,but they were using the firewall “WAF” which was not allowing me to enter into there database using sqli, I bypassed the firewall manually from some of the methods . after some time I reported to them and got a big thanks appreciation from their  side.

6. What advise will you give to beginners coming into this field ?

I just wanna say “ CHOOSE YOUR PASSION AS YOUR PROFESSION ”  & beware that “ LIFE IS JUST A RACE “ you have to run faster as faster you can.

7. Is programming language really important, why? and which language to learn.

Well, I’ll say “yes”, because a programmer can be hacker buy a hacker cannot be a programmer , you there are some common language that you should know “  JAVA , PHP ,PYTHON , .NET “  I’ill suggest you to start from “PHP” , then JAVA , then .NET , Then PYTHON.

8. What methodology do you use when participating in a bug bounty ?

I always follow OWASP methodology “OWASP top 10” & also recommend everyone to follow the same . Web Hacking is the art of simplicity combined with a powerful mindset .

9. How do you keep your skills fresh ?

I just go though latest vulnerabilities report to keep myself update, I always participate in information security conference like DEFCON LUCKNOW , CSA DEHRADUN , THE HACKERS DAY , CODE RED CONFERENCE & many more , it help us to get aware about the information security researches.

10. What do you think of the future of bug bounties programs ?

Well as per my experience I’m into bug bounty since 3-4 years and I would really say that after 5 years there will no one to bounty from bugs ,  because now a days every MNC has launched bug bounty programs instead of hiring a VAPT experts because if they’ll gonna hire VAPT experts they have to pay atleast 10,000$ per month to each VAPT expert , and here from bug bounty programs  they are getting the same work done in just 10,000$  for whole year

11. What are the references/best resources to get started ?

USE GOOGLE, the biggest HACKING Resource :D

Contact :-

1 comment: