Wednesday, 24 January 2018

On 08:22 by admin in    1 comment
The Hacker we're including today is a strikingly magnanimous White Hat Hacker and a recognized Bug Bounty Hunter. He was perceived various times by Google, Microsoft, Sony, Avast  and other understood sites.

It is a huge privilege to be granted an interview with "Mr. Sanjay Singh Jhala".

So, now without wasting the time, lets start interview with him and find out more !

Please introduce yourself?



Mr. Jhala : Hi, this is Sanjay Singh Jhala, working as a Security Analyst at Pristine InfoSolutions. My major area of expertise is in Web App Security and Bug Bounty Hunting. I've got a wide portfolio of companies where I identified security flaws and helped them securing their systems. Companies include giants like Google, Microsoft, Sony, Avast and many more. I received several acknowledgements and rewards as a token of gratitude. I'm fond of breaking into web-apps, love to hack and hack for life, but ethically. I'm a Lead Member in National Information Security Council (NISC) and also a speaker At SegFault Community. 

How did you get into Information security field? 




Mr Jhala : When I was in class XII ,I was pretty fascinated with android and used to experiment stuff like Porting to a new ROM, Modifying Android, flashing new Kernels, etc. I come from humble beginnings, so I had certain pocket-money issues and couldn't recharge my data packs or take a wi-fi connection to research and learn. I also didn't own a computer or a notebook, so I used to go Cyber Cafes. One day I saw a video on YouTube about Shell Uploading, I wondered what it meant and started searching all over the internet about Hacking Websites and Hacking Android. One thing led to another and I was a pro before even I could realize it. 

When did you start Bug hunting?




Mr. Jhala : I came to know about Bug Hunting when I was in high school, I got curious about it and started reading blogs and learning about the whole concept. Well, that time things were not so smooth as I expected. There were certain issues, even after spending several hours on the system, it got me nowhere. I started practicing more and gave it my best shot. As I got deeper in it, things started to become more clearer and easier for my understanding. As a result I started receiving rewards and acknowledgements sent by the companies I helped fix issues. One of my valuable achievements is the 'Google Hall Of Fame' till now I have received it Seven Times. 


What is your first finding , how did you feel at that time? 


Mr. Jhala : I remember My first finding was XSS on aerohive.com. That was a pretty awesome feeling, as they say 'hardwork Pays Off'.  

What vulnerabilities have you discovered so far in your career as a Bug Hunter? 


Mr. Jhala : I've discovered many vulnerabilities in my Bug Hunting career. Some of my key findings are -
I was Able to Takeover Any VirusTotal Account.
Bypassing Admin Panel Of Bug Bounty Website.
Chaining Self-XSS to Account Takeover 

What circles do you move in? White hats, black hats or both?


Mr. Jhala : Well, I love Offensive Hacking, I do black hat sometimes. But, in the end you need to choose the best of both the worlds especially when it concerns my whole life. So, I rather be a White Hat. I love to help the Community and trying my best to spread awareness related to Cyber Security. Besides, rendering Seminars and Workshops to spread knowledge and awareness gives me an overwhelming feeling. 

What is your advice to newbie?


Mr. Jhala : Firstly, I would like to convey a hearty welcome to Information Security. My suggestion is to focus on learning rather than earning in the begining. I saw many newbies compare themselves with others and compete, this doesn't pay off all the times, sometimes they trip and fall. Everyone is unique in their own way, please don't hamper your identity by following footsteps or copying someone. I strongly suggest you to read as much as possible, read blogs, write-ups, pdf, etc. like Hackers Hand book, Mastering Modern Web Penetration Testing, Focus on Hacktivity. And last but not the least, do whatever you do, but with Confidence.

1 comment: