We Hack Purple Podcast 18 with Mehidia Afrin Tania

Host Tanya Janca learns what it's like to be a Bug bounty hunter, with Mehidia Afrin Tania.

This episode sponsored by Thread Fix!

Buy Tanya's new book on Application Security: Alice and Bob learn Application Security https://www.amazon.com/Alice-Bob-Learn-Application-Security/dp/1119687357

Don’t forget to check out #WeHackPurple Academy’s NEW courses, #AppSec Foundations taught by Tanya Janca! https://academy.wehackpurple.com/

Join our Cyber Security community: https://community.wehackpurple.com/
A Safe place to learn and share your knowledge with other professionals in the field.

Subscribe to our newsletter! For corporate virtual training contact info@wehackpurple.com

welcome to the we hack purple podcast

where each week

we meet different guests people who work

in information security

and do all sorts of different types of

jobs the we hack purple

academy started this podcast so that all

sorts of newcomers to our industry could

learn what it's like to do various jobs

and the type of qualifications they need

to get them

what types of experiences you want who

you might want to go meet

books you might not want to read for

people who are already

in the information security field this

is just

super curiosity i've always wondered

what it's like to do this or that job

and so i am your host tanya janca and

this week our guest

is mahidia

and so yes you have a tanya and tanya on

the show yeah that's right it's

happening

and we are sponsored by the amazing the

awesome

the supportive thread fix and so without

further ado

because i know what you actually want is

to see

the guest and meet her so without

further ado here we have

tanya hi welcome to the show

hello thank you how are you i am good

i'm uh

i'm pretty excited for the episode

tonight

yeah i'm so excited we have sent

messages on the internet before but

never

got to have a lot of interaction and so

i'm like yes getting to meet yet another

cool person because the podcast

a thing that podcast guests don't tell

everyone is that like

secretly it's awesome being the host

because you get to meet

so many cool people um

so tell so please introduce yourself and

tell us what your job title

is uh myself is

uh but people usually call me tanya

and right now i'm doing msc in cyber

security and project management in

ukraine at bedfordshire university and

also i'm doing a bug bounty hunter or

you can say that i'm doing full time

back bounty hunting

and yeah i love my hunting profession

because

it's so very flexible for me that is

awesome

i am looking forward to hearing your

perspective on this because everyone

was we've had one other person on and

her name is katie

katie paxton fear and i know yeah

so we both think katie's awesome um

spoiler alert we think she's amazing

um and so yeah i i love

i don't know i'm very curious so i'm

gonna ask you lots of questions

and my my first question is like can you

describe

what a bug hunter does like what does

that mean

actually typically each and everyone

knows that you

have so many website that you have to

hack those website yeah it's typically

we can say that you have to hack the

website but

uh back in if you talk about the back

side

backhand side it's like that you have to

learn

a lot a lot after that you can get to

know what is actually backbonding

backgrounding is pretty much

awesome it's like not only web

perspective we can say from networking

from mobile

you can pretty much do anything it's

like normally

those there's so many well-known

companies or also vinyl platform they

give you

the ethical permission to hack the west

side

and after that you can get a pretty much

nice bounty but yeah for this reason you

have to learn so many things

for do you have to actually when you

want to hunt

you when you want to dump their website

when you want to crack

yeah i love it okay that is awesome

so a question i ask a lot

is what is a day in the life

like being a bug hunter like

when people are like what's it like to

be a ceo i'm like i am a slave to email

i just answer email like half of every

day and i hate that part but then the

rest of my day is totally awesome

so what is it like being a bug hunter

are you a slave to email i hope not

uh the thing is that at first i mean i

started my to learning in

2016. in that time if i said

as a beginner in that time my day was

pretty much rough

because in that time i have to learn so

many things it's like i have to go for

web i have to go for network

i have to go for programming because if

you

really want to be a good bug bounty

hunter some people i get to know that

they said that there is no need you need

you don't need to learn about

programming no as a professional bug

bounty hunter i always always say to

people that you have to be good in

programming

because if good in programming language

that is pretty much

awesome and it your line gonna be smooth

so from at the beginning it was rough

for me

but now right now is pretty much like

little bit smoother for me

but when i get to hunt like api

or sometime i get to do something like

rc or

school yeah in that time i have to spend

a lot of time in my day

it's like sometimes it takes 10 hours

but i didn't get anything but

uh yeah sometime it gets so much rough

do you feel like if you plug away at

something for 10 straight hours and you

don't find a bug like what does that

feel like is it frustrating or are you

like i'm gonna get you tomorrow or

uh from my career i get to learn one

thing that you have to be patient

you have to be a lot of patients because

if you don't find anything

it's pretty much normal even though in

this stage

because early in 2012 to 2015 i can say

that

it was pretty much easier easier to find

any bug from any website

but right now for all the people like us

website is getting smarter because we

are making smarter the website

and so right now it's pretty much

become harder so don't get frustrated if

you don't get anything but

yeah there is no loss if you don't find

anything there's nothing lost because

you get to learn so many things in this

24 hours

and it will be pretty much good for you

next step

so don't get frustrated and usually i

don't get frustrated as you said yeah

tomorrow i'll get to you

so maximum to my intention get that yeah

tomorrow i'll find something more

i feel like that's a really good

attitude um

i definitely don't know if i would be as

good at you

as you at that i could be impatient

and i have to say like as a person

that's on the blue team like the

defender i'm like

yes i'm glad it's getting harder to find

bugs i'm glad that our industry's

improving but uh but i'm sorry it makes

your job harder

what what type of personality traits do

you think you need to be a good bug

hunter so first of all you said patience

that seems number one but like

whether types of things like attention

to detail maybe

uh i feel like at first you have to be a

good listener

always keep in your mind that you have

to be

you have you have to listen because at

the beginning

you are like a baby so you have to treat

yourself like i'm a newborn baby

so i have to get to learn so many things

in this world and each and every note

this world is vast

i mean this cyber security is like it's

not like that okay

i get i know the python i know bob sued

i know how to interact with browser with

uh server it's not the main thing

each and everything you have to get

updated so keep in your mind that you

have to be a good listener whenever you

are reading something right up when you

are listening some senior from senior or

when you get to

uh watching some videos from mentors

try to be a good listener because i find

that

when i uh learn when i want to learn

something new

i have to become and i have to be a good

listener when i

follow these things i always get

benefited always always

so yeah you have to be a good person

that sounds

pretty important for yeah i have to say

i wish that everyone was a good listener

because i bet

all of everything would go better if we

all had more patience than listening but

yeah

i think yeah you make a good point

yeah because in this field you don't

have any option

you could say that okay i'm a smarter

but when you get to

like in your field job you start working

actually you have to know without

knowing anything you can't do anything

in this field

so this is the thing that is a very

very good point for those that are

tuning in

you can ask our guest tanya

a question if you want to you can also

click the thumbs up button you should

probably do that just in case

so i have more questions of course

um what types of technical skills do you

think

someone needs to be a bug hunter so you

said they probably

need to know programming would do they

need to know certain programming

languages or

like all of them or what do you think

uh or i can say from

a beginning perspective because maximum

time when people watch

podcast make some time i get i find that

more or less they're beginner

so as a beginner if someone watching me

then i was supposed to say that you

should learn at first python

because python is i can say backbone of

nowadays eating everything so many

tools that i'm using i can say i'm using

bob sure i can say i'm using

nmap or i can say i'm using workshop

there's so many tools that i'm using

but in the these tools you have to know

the basic thing of python because

if you know the basic thing of python

programming it's going to be so much

easier for you to

understand the common line you can

understand the http request

there's lots of easier for you and the

second thing is that

in my career i have found so many

excesses bug so

if you want to focus on this exercise

bug then you have to

know about javascript because in

javascript you have to use so many

payload

so many cheat sheet which g sheet are

created from javascript

so if you don't know the syntax of

javascript you can't

apply any random payload from any blank

space

it's like you are throwing any cheat

sheet in a blank space

and it's like you don't know anything

what you're doing

so if you don't know anything it's not

going to work

so it's like that there's so many

programming languages

sorry you don't need to like that learn

so many programming languages

but the sort of thing you have to really

really know python programming obviously

javascript obviously and obviously you

have to know the basic thing of

networking because i find that people

don't understand

how your tp how your

network ip is connected so people get

confused

where is the ip coming from why is the

ip or

which ip should i uh interact so which

ip should i follow

so if you don't know the basic thing of

networking then it gonna be a little bit

tougher for you so obviously

basic of networking basic of web

and programming python java yes for the

beginning it gonna work for you

no that's a really good list because

sometimes people will tell me like

oh it doesn't matter and it's good to

actually have a specific list that

people can look at

i actually don't know python i or i've

never programmed a thing in it i guess

i've read

a bit of python because i was looking

through something before but

i've always like like maybe i need an

excuse to learn it

and yeah

i have to say that when i start learning

python i get to

impress day by day and i was start to

regretting because

at first in my university i have to

learn c then i have to learn c

plus plus then i have to learn java so

in this three programming for that

under grade level it was a little bit

harder for me

and i was in that time i was not also

interested to learn programming i was

like oh my god program is not

type of me i should

take some excuse that you are saying but

after that when i started learning

python i said oh my god this is so easy

i mean see just making us crazy yes

she's hard it's so hard um there's a

question

in the chat so um someone is

uh matusa's asking uh is

mahidia's preference of python and

javascript a regional choice so she's in

bangladesh

and yes she is awake very late

and i appreciate her staying up to be on

the show

um but is is it that people use it more

in bangladesh or is it that's the whole

world

runs on javascript and python

it's not any really regional or

something like that

it's like day buddy when i get to

become a full-time bug boundary i feel

like that is your daily purpose needed

because you know each and every tool

right now you're using

it could be manual it could be automated

tool every tool are based on python

so is it in the near future it gonna be

beneficial for you it's not like that

only in my country people are only

focusing on this particular language no

it's not like something like that

and if you're talking about javascript

i'm talking about javascript particular

because

i get to find so many excesses bug so

xss bug is basically

a form of javascript in javascript we

have to write down so many t-shirt and

this t-shirt is a creator from

javascript that's i'm saying this

oh i i know but that's a really good

question thank you

um so i have a question is so um

so you speak bengali are there lots of

resources that are in bengali and is

there a specific resource that maybe we

could share

ah right now in our website that not

that much because we started only three

months

uh and if you're talking about other

resources

then you can be specific so that i can

say yeah you can get this disease

oh i was hoping you would tell us about

indie

skill db.com oh yeah

in in this skill in this in this case

just only three months is so you can say

also stealer is a newborn baby and we

have a little bit

breakdown because i just moved to my

country to london

so i in that my website basically i have

three more members they are also back

bounty hunters in my country

so we started thinking that we should do

something only for

our country because in our country i see

big massive growth of bug bounty uh

back in 2015-16 there was like

internationally there was like few

people

from my country but right now i'm so

happy to say that there's so many so

many good bug bounty hunters

they're coming and those who are

considered like that okay

we know a little bit of bug bounty and

they are

thinking that we can give them some

information

so we thinking that it's our

responsibility to do something for our

community

that is awesome i'm going to spell it

out for people that are listening

so just to be clear it's all written in

bengali so if you don't know bengali

it will be very confusing but it's indie

n d y skill s k

i l db like database.com

and if you speak at bengoli you could go

and learn a whole bunch of stuff so they

actually have a bunch of articles

already there

there are so many blogs on this planet

with just one post and you already have

four or five posts so i think you're

doing great for three months

thank you so um

so of course i have more questions so

let's say someone

is you know they're like this sounds

cool i wanna

i wanna take some training to try to

become a bounty hunter

can someone like go to university and

take a course to become a bounty hunter

uh honestly if i say from my experience

still not i didn't see any academical

university

no there is no uh and still not a

not still in near future it will always

consider like a freelancer

so if you want to be a freelancer in bug

bounty field

i feel like you should be a self-learner

because there are lots of lots of

resources right now in internet

if you are determined that okay i want

to be full-time but bounty hunter

you don't have to go for any academical

purpose or you don't need to go

any teacher it's like there's lots of

resources

because for me i get to learn naham say

there's a

we know everyone homesick jo zobert from

hackaron co-founder

and i also get to know katie and i also

get to know cyber mentor

this is all so much famous uh uh

youtuber

i i really follow them and i also get to

know so many things from them

and especially especially i always have

recommend the newcomer that please

follow the twitter

because when i start to follow twitter

it's like boom

i get to know so many things at a time

every time each and every day they are

posting so many technical advance so

many zero days report

so many new report i mean it's like

sometimes like your bucket is so much

full you get confused from which that

you should that

is awesome that's good to know there's

lots of free resources

um yeah there is an excellent question

in the chat from muhammad

so what do you think about

the future of artificial intelligence

and machine learning do you think it's

going to take the cyber security experts

place

are we in danger of losing our jobs

uh it's like a little bit diplomatic

answer for me

for if i talk about from a cyber

security aspect

no it's not gonna take like that much

that we think like dramatically

movie we say i feel like that usually

people when asked this type of question

they're so much fascinated with

a movie that movie they are watching

that yeah one day they're gonna take

each and everything and we're gonna be

lost oh my god robot gonna take

everything

no in real life it will take so much

time

it's not gonna work i have to say i find

artificial intelligence and machine

learning still seems pretty confused

for instance so this summer i wanted to

buy rain barrels so to collect

all the water that falls when it rains

so that then i can keep it for when it's

dry and then i can water

my garden and so i i looked up some and

then i picked the one i wanted

for three months they kept trying to

sell me rain barrels like i have four

rain barrels

why do you keep trying to sell it to me

like they're so dumb

and so i'll buy a dress and then they'll

try to sell me the same dress yes i know

i look great in that thank you

i already own it i should wear it today

you're right but i'm just like what are

they doing

like i think there's a lot still missing

with the artificial intelligence and

machine learning

yeah i feel like it's not like lots of

missing is i feel like

the most of the artificial intelligence

that work based on data

so your data must be matched

with this person or with this context

you are working

so uh sometimes i get that when i feel i

also i watch some robotic videos that

there's a robotic kitchen

in that kitchen if you just write down

sorry press the menu then the kitchen

robot hand will make it and everything

for you

so it's obviously based on your data

that in that person uh like that the

person what he like or should she like

and what she wants to eat

based on this space that they created

that her

handy grow board so i feel like is

basically based on your data you have to

collect a good pretty amount of data

yeah and it's it's hard to get high

quality data

and then training the model is very very

expensive and then there's just so many

anomalies

yeah when i've been watching like videos

about

like speakers talking about like hacking

machine learning

it's usually

yeah yeah they're

i just have i just have so many thoughts

but i have more i have more questions so

let's say

thank you for the question muhammad

thumbs up that's a great question

so what so like let's say someone they

want to become

a bounty hunter and they're following

some of the videos

online what types of work experience do

they need

to get their first bug bounty

contract or job do they need to have job

experience

how does that work uh it's not like that

typically you need some job that we seek

normally

from any side or any company it's like

you need the skill

rather than i can say the uh

quality i can say that you need the

skill because

as previously i said that if you have

the skill of programming if you have the

skill of web and networking

then it will be easier to find you the

bug

but for me it likes to

more than seven months i was like uh

hoping oh my god i wish i could buy

find a bug before my birthday because

when i start to work yeah

i was targeting my birthday okay before

my brother i should get a bounty

but it was the yeah in that time i was

sad but i was not disappointed because

in that time i didn't get any work

you didn't get one by your birthday i

don't know before in my

birthday i didn't get anything and

but after my birthday's two months i get

my first birthday and it was 250

a dollar and i was so that's happy

no it's not like that you need some

extra quality it's like you need

you have to build up your own skill

okay i like it we are approximately

halfway through the podcast so i am

going to thank our amazing sponsor

so this is we have purple podcast but we

are sponsored by threadfix powered

by denim group and they are the most

stupendous

vulnerability management system this

side of the

galaxy and there are a lot of

vulnerability management systems this

side of the galaxy so that is an

incredible claim and i have to say

i really like their product so thank you

threadfix for sponsoring us we really

appreciate it but i have more questions

for you tanya

so so let's say someone's watching this

and they're like okay

so i can follow some stuff online

what type of learning path do you think

someone could take to try to get into

your field like is there a specific

place that you feel that they should

start or specific

like priority maybe of order of things

to focus on so that they can

find bugs sooner

yeah obviously there is pretty much

thing that you have to follow

like when you start to learn we always

get to know the word of o w asp

so we always know that owsp that's the

top 10 bug

so uh when you start to learning back

boundary it's not like that within one

or two months you'll get to know each

and every bugs no it's not like that

and even though if you like okay you

know the first of all you know the

broken authentication

you know the exercise or you know the rc

you know the only basic thing

don't try to find out each and

everything at a time

it's like if you start to reading broken

authentication

so for me i followed that at first i

start to learn

excesses so for me at the pretty much

more than six or seven months i just

concentrate on

this exercise because i feel like when

you get

some skill or when your hand becomes

smooth with

particular bug you will find some

confidence from yourself

okay now i know exactly this this end

point

so i can get to know exactly in this

point

if i uh upload any payload i'll get the

response

so in that contest you will get some

confidence

don't go for a rush each and every bugs

at a time if you get to learn then just

at first for the beginning

only considering only one buck and try

to get polish on that box

then it will be easier for you that's

really good advice honestly when i was a

web app pen tester i thought i had to

know everything at the start

and so i was always disappointed myself

and yeah it's a really good point if

you're just like

are really the best at one type of bug

if you're a bug hunter then you can just

go around be like found some found some

found some

smart okay i like this so

in your um in your opinion does being a

bug hunter pay

well so some jobs in infosec pay lots

some don't

don't pay as much do you feel that bug

hunting

is a high-paying job

at this moment obviously i should say

it's a pretty

high because if i want to do any nine to

five in four six job

it could depend on my luck also on my

skill

also there's a official environment

so it depends so many uh options

but in my back body hunter and uh

profession is

like if you have a good skill

and if you're working more than two or

three years

it gonna be take you like a position in

that position if you

just open any website or if you start to

hacking any private site

you exactly get to i mean you exactly

know where

you are working and what type of bug you

could find

so you it's already your mind is already

set

so it's very easier for me i know that

how much money i can get

so sometimes it's also depend on me okay

if i get

if i find this book okay now i'm

planning that in this

four week i'll find this this is bug and

i know in this website

it's pretty much easier for me so in

that contest i can say

it's pretty much higher than others uh

pay at the 9-5 job

would you say that also because it

depends on which country you live in

so for instance i live in canada and the

american dollar

is worth more than the canadian dollar

and so when i do contracts for american

companies they pay me on american

dollars and i'm like

would you say that that also applies too

so like if

in bangladesh for instance i don't know

how much

their money is worth in the translation

but like

in my country american dollars are worth

so i always if i can want to be paid in

american dollars instead of canadian

dollars

is it like that for you so you said you

listen

yeah exactly the same situation in my

country because

i can say yeah my experience

uh well now right now i'm doing msc in

and maximum tuition fees come from my

bounty

i'm being honest with you so maximum two

shoes that come from my mounties so only

for

this i can able to do this so when in my

country when i get like five hundred

dollar one thousand dollar

in my country's currency is much bigger

so yeah

it's pretty cool okay so that's awesome

yes um

do you feel like there's lots of

opportunities in the

like in the bug bounty field like

there's lots of jobs like if

if someone wants to try to do it are

there opportunities

yeah obviously because right now this

field i mean i feel like each and every

generation they have

a specific field which is become

a eye-catching field for every

generation so

i feel like in this our generation

infosec cyber security bug boundary is

almost most eye-catching field

it's not like there's someone thinking

that okay now you're doing freelancing

it's not so well-known job or what

should we gonna say you are freelance

and no no it's not

exactly it's not like that from bug

bounty i get to know

pretty much so many things about infosec

so when

i start to do something like nine to

five job

it will be the same qualification they

needed so i can put my qualification in

my cv

already which i'm doing so yeah it's

this is so much optional you can work

like if you want to be a want to work in

red team if you want to work in blue

team

or if you want to in trade intelligence

there's lots of

options you can work yeah and do you

feel

like the experience of being like

an experienced multi-year bug hunter

then

could potentially make you a really

amazing red team or a really amazing

security

like long-term security researcher or

perhaps like a really good penetration

tester

yeah obviously because uh before coming

in here

i was working as a red team researcher

in my country there's a company it's

called beetle cyber security

and this is the one of the most renewed

company in my country

so in that company i was working as a

red team researcher

so they only they just only took me

because i have a back boundary

experience only for this reason they

gave me that job and i

worked in that office more than two i

mean sorry more than one years

nice few so like i i don't know

that much about bangladesh but from the

outside it looks like the tech

industry is like exploding there like

that there's more and more tech

yeah okay so that's what it looks like

from the outside so that's what it looks

like from the inside too okay that's

good

i can say that you're in hacker run in

background even in scenic in cobalt

that is so much senior people from my

country

nice awesome okay so

now a super hard question what do you

like best

about bug hunting like what's your

favorite part

[Music]

uh i want to be a little bit funny that

when i get bounty it

makes me happy

whenever someone get bumped he is so

happy it makes them so happy

when i found my first vulnerability i

did a happy dance yes

[Laughter]

uh when i get my first bounty i scream i

i was screaming like a lot oh my god

do you still feel really happy every

time you get a bounty you're like yes

obviously because it always it likes

that it's my target

i want to fill up my target i always

feel like that is my target i want to

achieve this target

so i always feel like that and in my

say feel i can say that when you

start working you have to be a positive

attitude that you have to accomplish

this target

so it will always makes you happy never

take like that oh my god it's a burden

for me

i can do this no no never think like

that if you when you start thinking like

that it's become burdened for you

yours in that there you will literally

stop

loving your job don't do that always be

a positive

oh my gosh i i wish that you could give

that advice to everyone

when you think of like the duty of your

job as a burden

you're gonna start hating your job

that's such a that is very wise

yeah okay so

i asked what you like the best what is

the thing that you like the least

about your job

it's like that uh there's so many nights

i spend

finding nothing sometimes you're trusted

i have to be honest that sometimes you

get frustrated

sometimes i feel like that uh it's

nothing that day was

like i didn't get anything but at the

same time i said to myself that

uh even though i didn't find anything

but

the amount of time i spent in this

website in this contest i get to know so

many technical steps which i

didn't know previously it's like in my

office there was

uh there was a hector box program

because in my

bangladesh office you used to do cdf and

hack the box

because uh my boss think that it will

polish your skill

yeah i also believe that if you do as

much as

you do ctf and hack the box it will

literally increase your skill

so i still remember that my boss gave me

a problem from hector box

and it took me three days to find and to

upload a show

in that so i was

literally frustrated oh my god i am not

getting that i can't upload the show

but at the same time i also feeling the

anger

no i have to put the show i have to

inject that shield

so yeah after three days i get to do

that

nice that must feel just like so

satisfying you're like that's right i'm

the boss of you computer

i i feel that when i finally get the

thing working i'm like that's right

yeah obviously

so what what makes you feel the most

pride

about your job so like i

like i am a teacher right so like i

teach people how to make secure software

so when

someone really gets it or they tell me

oh i

use this thing i learned from you and

this awesome thing happened at work i'm

yes and so that makes me feel really

proud

what makes you feel proud like with bug

hunting

uh in my side it was pretty much a

little bit similar because

in my country now i become little bit

organized

senior because it's been more than three

years so

sometimes i get not sometimes sorry

maximum time i get so many messages so

many texas they want to know this they

don't

know that so still now i'm trying my

best to help them

and i still remember that there's a new

guy

he wants to know about http injection

and he don't know anything about http

so i get i provide him

the information and the links and the

practice that he can do

and still now i can remember that he got

a buck from hacker one and

it was maybe a 400 or something boundary

and i feel very happy for him

that finally he get to know this thing

and the second thing is that in my

country when i start

this bug boundary i was the only girl so

from my office they gave me so much

honor when i started working because

in my office there was 18 member

and i was the only girl in that red team

amazing that's awesome yeah

you may not be a role model for other

women

oh no not like that but i want to work

for my heart that

it must be i mean i want to be always

honest in my work

that's awesome so

okay so what advice would you give

someone

that wants to become about hunter

like male female or from bangladesh or

from somewhere else what

what advice do you think could help them

ah but the thing is recently i also got

some message

from my university there's a guy he also

wants to

learn back bounding i always always

prefer and i always say to the newcomer

that at least at first try to know what

actually bug boundary because still now

i get i'm getting the message that

people are confused

what is actually bug bounty people

always get too fascinated with so much

high bounties people think that oh my

god in this field you will get so much

higher bounties

and maybe it's so easier now don't go

with that bounties

at first try to understand what is

actually bug bounty and

and then don't ever think that bug

bounty is only for hacking

facebook or insta or gmail because i get

so many message

i get so many messages about this don't

think like that

and obviously try to be a good listener

and at first at first try to learn

something based on programming

because if you have the good and basic

strong

of programming it will be so much easier

for you

and after that obviously if you want to

be a web security expert then go for web

if you want to be networking then go for

network

yeah do you do you have people write you

and say

hey could you hack this person for me

could could you like hack into my

ex boyfriend or ex-girlfriend's account

because like i was like

[Laughter]

like you know the guy he takes me that

uh in my university he was pretty much

like something

that he said that i want to crack the

gmail

and instagram id from people and also in

my countries i got so many texas

that uh please could you please hack my

girlfriend id could you please hack my

boyfriend

and i always said that please don't talk

with this stupid question with me

and a little maximum i get so much

angrier because

there people only think that bug bounty

or hacking is something only based on

facebook insta

no this is not yeah also we're

law abiding citizens and don't insult us

by asking us to commit crimes for you

it's not cool it's it's like rude right

like could you imagine if you're like

hey you're really limber will you break

into this person's house for me no

who asks that but it's like oh could you

hack into this person's accounts like no

and i also said the same uh one thing to

that people i said

do you think that facebook instra or

gmail

cyber security india they're so much

full that you can make them full

no man they are spending a lot of

million dollars

so how could you think that only i can

do something and they're already gonna

be hacked no

not like that yes okay so we have

another question in the chat but i also

want to ask everyone in the chat if

you're enjoying this conversation if you

could click the thumbs up button for me

and if you are listening to this

if you could give us a podcast review on

podcast reviews or pot there i think

there's something called podcast love

there's itunes there's all these

different places where you could review

that helps us know we're doing a good

job and if you send us a direct message

on twitter

we hack purple and send us your mailing

address we will mail you stickers yes

that's correct i am offering bribes for

reviews i don't pretend i'm doing

something else

so let's look at the question from

muhammad okay

so he says i have one more question

cyber security experts

usually rely on built in operating

system tools or sometimes you have to

develop

one for a specific situation

do you want me to read that again oh you

got it

no i get it yeah pretty much like that

because

there's so many automated tools but in

that automated tool you will get a rough

estimated result

but if you really want to do some

practical hacking

then you have to do it manually like i

do because

i never rely on the automated tool

sometimes

i want to see the rough estimated

like uh in my office i sometimes we use

nessus in nessus we get

some rough estimated result okay in this

website you will have some

might be rc some might be xql or

you can get some http problems

but they give you a rough rough

estimated but they don't give you the

specific problem

that you'll get to find out from

manually because in manual when i do

some brute force or sometimes when i do

like want to do upload any show i have

to do it manually i didn't rely on any

automated tool it even it does it

not gonna work like that that we because

in manually

there's so many tricks that which is

created by own

myself only i know how to trick them

only i can apply them yeah so which i

get to learn

from my experience which you can get

from automated tool

so if you're thinking like that okay i

will upload some automated tool and i'll

hack this website no it's not gonna work

like that

that is such a good way to put it too

because automated tools will always miss

lots of things yeah i mean it will just

give you a

normal result yeah rough result that

okay blah blah you'll get the 10 bucks

you'll get the 10 problems

but you will get to you'll never be a

pacific like i i need to know the

specific problem

which will give me actually the bounty

yes

yes so much yes there

um so i have two

We Hack Purple Podcast

We Hack Purple Podcast 18 with Mehidia Afrin Tania

Listen to this podcast on