Over $25 million in bounties paid to ethical hackers all over the world. According to our recent 2018 Hacker Report, over $3 million of that has been paid to hackers in India, where 23% of HackerOne hackers reside. With that much money exchanged, sometimes even just a few bounties can be life changing.
Such was the case for Shubham Gupta, an up-and-coming hacker on HackerOne. He ranks in the 96th percentile when it comes to signal and has helped secure brands like Ubiquiti Networks, Twitter, Slack and others. Shubham is enthusiastic, eager to learn and challenging himself daily. We caught up with him to learn more about his story, what drives him and why he hacks for good.
When did you start hacking?
I started hacking when I was sixteen years old.
How did you get interested in hacking?
Watching movie Hackers (1995) made me interested in hacking. Later on, there was a news segment on TV about hacking, which made me even more interested in hacking as a profession. I have a lot of respect for all ethical hackers. My conscience would never be clear if I did something unethical, so I stick to ethical hacking and earn money that way.
Was your family supportive?
Not at all. No one in my family knew anything about computers, let alone hacking. When I started earning money through hacking, many of my relatives and neighbours started questioning if I was earning through unethical means and warned my mom about it. My uncle (Godfather) was supportive and understanding of what I was doing. He has given me constant encouragement has helped me rise to the level I’m at today.
What have you done with the money you’ve earned through bug bounties?
Oh many things! I bought a flat in New Delhi, a lot of household gadgets and my routine day-to-day utilities all from the money through hacking. Hacking has definitely changed my life for good. I come from a poor family. We didn’t have much...at times not even food. My father left me and my mom when I was just seven years old. My mom didn’t make much money, so it was difficult to make ends meet. When I got into hacking and started earning money, it changed my life drastically. Hacking even helped me get a job at Broctagon Fintech Group as Security Analyst without a formal degree, which is very difficult in my area.
What do you do when you’re not hacking?
Hacking is passion for me. When I am not hacking, I’m usually going to the gym, reading, traveling or watching movies. But I’m never actually not hacking. Even during those hours my mind is always thinking about hacking.
How do you choose the programs you work on?
I choose programs based on the rewards (bounties) and response time. I especially like it when companies reward hackers when their bugs are validated (before resolution). It helps me stay motivated. I wish more companies did that.
What kinds of bugs do you like to hunt for?
IDOR, XSS, CSRF, Logical Flaws, etc.
What has been your favorite hacking moment so far?
There have been a lot of ups and downs. I found a private program which rewarded me $22,000 where I found my favourite blind XSS which lead me to an Admin account.
Who do you look up to in the hacker community?
I always look for hacker friends to interact with. I attend almost every hacking conference in India to socialise and learn new things. @prakharprasad (I’ve been following him since I started participating in bug bounty programs), @smiegles @fransrosen @infosec_au @93c08539 are the hackers I follow closest.
What advice would you give other hackers just starting out?
Always remember, change is the rule of life. Ups and downs are bound to happen, but try to always be focused. Have patience and passion. Reading bug-hunters' blogs, socializing on Twitter, Facebook, Slack etc. are ways to meet new people and learn from your peers. That can be really helpful.
Do you have any 2018 hacking goals?
Yes, I want to keep learning more about hacking and move up the HackerOne leaderboard. I hope to attend conferences like DEFCON and BLACK HAT. A goal of mine is to travel to the USA :)
What is the best piece of swag you’ve ever received?
My HackerOne Sweatshirt! I love it.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.