Egyptian bug bounty hunter, Ahmed Sherif a.k.a @Batee5a, is the first hacker to be named InnoGames’
Most Valuable Hacker. To honor Ahmed’s contributions, the German game developer created an avatar likened to himself in one of the upcoming releases of a game he helps secure - Forge of Empires.
There’s been a lot of excitement about Ahmed’s role in the upcoming release of the game. As such, we recently sat down with him to learn more about his success in ethical hacking and what tips he might have for new hackers.
Hacker Q&A: Batee5a
Can you tell us a little about yourself?
I trained as a mechanical engineer but shifted my career and I am currently working as an information security analyst at ZINAD IT. I’m also an extreme gamer. I have a huge passion for hacking so hacking within games is my sweet spot.
What age did you start hacking?
I started hacking when I was 24 and have been hacking for 2 years now
What does an average day look like for you?
Eat, Sleep, Hack!
What motivates you?
I both love to hack and really care about working towards making the internet a more secure place.
What attracts you to InnoGames program?
I've been playing InnoGames’ games for a really long time, so having the opportunity to help secure my favorite games is just awesome!
What type of bugs do you like/go after?
IDORs (Insecure Direct Object References) and Broken Authentication are my favorite bugs to look for.
Insecure Direct Object References allow attackers to bypass authorisation and access resources directly by modifying the value of a parameter used to directly point to an object.
Broken Authentication can allow an attacker to either capture or bypass the authentication methods that are used by a web application.
What bug are you most proud of?
I found a bug in InnoGames’ program that enabled me to chain three different vulnerabilities in order to achieve a full account takeover.
What do your family and friends think of your avatar?
They love it!
What advice would you give to companies about working with hackers?
Communication and fast response times attract me even more than high bounties. I like to know my work is being taken seriously and the company is taking action from my efforts to secure their users.
What advice would you give to aspiring ethical hackers?
Learn something new every day and never give up, even when you end up with 100 duplicates, the 101st might just be a critical!