SecurityStories - 52 Weeks, 52 Stories
Story - 2: Featuring Sumit Grover (@sumgr0)
Learn more about Sumit in 🧵
Question: Could you briefly introduce yourself?
Sumit: Hi! I'm Sumit Grover & I'm passionate about computer security + forensics. For the past 7 months, I've been a full-time bug bounty hunter. 2 years ago, I discovered "bug bounty" while watching a security-related video.
After that, I registered on all available platforms while unsure how to begin. With some experience in vulnerability assessment and penetration testing, I slowly started reading Medium articles and other blogs on bug bounty.
That's when I came across Luke's (@hakluke) automation for Subdomain Takeovers. I then started using these techniques and refining them almost every day. After some time, I found my first subdomain takeover and began the actual journey in bug bounty.
Question: How did you get started in Cyber Security?
Sumit: The Cyber Security journey began with a Discovery Channel's show on Hackers featuring a story from Ernst and Young a long time back. This show inspired me to get into cyber security and be an ethical hacker.
Question: What were the initial challenges and blockers you faced?
Sumit: Back in the day, finding and reporting vulnerabilities you'd come across on the internet to the responsible teams was a big challenge.
For example, I still remember a price change vulnerability I came across on the Indiatimes Shopping website while making an actual purchase. Still, it took me many rounds of emails to finally get their attention and have the fix in place.
Question: What is the learning methodology that you followed or that you still follow?
Sumit: As a learning process, there will be better mediums, so I go through medium posts, blogs, youtube videos, and Twitter feed to learn about the specific topics of interest. I also connect with people to discuss my challenges and share my experiences with them.
Question: What all certifications do you hold, and what all certificates would you recommend to the readers?
Sumit: I've successfully only completed CEH and attempted the CHFI certifications for now.
Depending on the role people are targeting to achieve, knowledge is more important than actual certifications. Having credentials may only get you into the job role, but one can only be successful with the basic know-how of the tasks.
Question: What is your favourite thing to hack on?
Sumit: My favourite bug has been Subdomain Takeover, and it continues to excite me to hunt for them after three years.
Question: What does your tool arsenal look like - Could you share some?
Sumit: I use recon tools & methodologies to collect as much data as possible and do this every day. The recon toolset I use is already known to the public, like Amass, Findomain, Subfinder, Sublist3r.
Question: How do you cope up with Burn Outs?
Sumit: Honestly, I'm yet to experience my burnout. I've ensured to spend time with the family, learn new tricks, optimize my automation workflow. I keep taking break sessions while still having those dedicated hunting time.
Question: What would you advise the newcomers in Cyber Security?
Sumit: It is essential to know about everything in Cyber Security, but it is most important to be a specialist in at least one technology/process.
Learn about everything happening in the industry while you master one skill that you enjoy. This is important from my experience.
Question: How do you keep up with the latest trends in Cyber Security - Could you share your go-to resources?
Sumit: I'm active on Twitter & get all the latest news & connections from there. I've subscribed to blog posts and medium users sharing the topics of my interest.
Question: What's your life outside hacking?
Sumit: I'm very social & spend quality time with family & friends. I enjoy travelling and am a big-time foodie. At the same time, I also enjoy occasional cooking for the family.
Social Profiles
- Twitter: twitter.com/sumgr0
Did you find Sumit's story interesting and inspiring? Please share it with your friends and colleagues to spread the word.
We will be coming up with more exciting and inspiring stories Weekly.
Follow Me on Twitter @harshbothra_