Security researcher, bug hunter, owner of the KCSEC channel.
https://t.me/kosecchannel
Q&A with the ambassador
How did you get started with bug hunting?
I became interested in bug hunting 2 years ago, when I had just entered 11th grade and learned about information security. I came across the Standoff365 platform and started reading what other researchers were submitting. Just a week later, I submitted my first paid bug.
What are the most memorable vulnerabilities you've discovered?
I have a few vulnerabilities that I remember most vividly. The first is a misconfiguration of mail solutions, which allowed me to submit several reports. The second is a vulnerability with the highest recorded criticality: in one parameter, there were four critical types of bugs at once.
How much time do you dedicate to bug hunting each month?
On average, I do bug hunting about 2 days a week, and during private events I try to dive deeper into resources and spend more time.
What tools do you usually use for bug hunting?
Burp Suite, Chrome browser, and Notepad.
Any advice for those new to bug hunting?
To develop within a great community, read open reports from other users, attend meetups/events, and constantly improve.
What to read about bug hunting
Study the PortSwigger Academy.
Read the Standoff 365 and Standoff Bug Bounty Tips channels.
Read Habr for useful articles.
Review open reports on platforms.
Read something about web fundamentals.
What to watch about bug hunting
Podcasts on the Standoff 365 channel.
Recordings of talks from PHD.
Report breakdowns during webinars.
Regularly read the Standoff 365 chat.
Not exactly thematic, but I once watched the TV series Mr. Robot.
