Q&A with the ambassador
How did you get into bug hunting?
I came to bug hunting through a love of infosec. What could be better than legally breaking into various large companies that differ in their technological and business stacks, and getting paid for it. At first there were CTF competitions, school olympiads — simple web tasks and forensics — after several successful competitions I wanted to try real applications.
What is the most memorable vulnerability you've discovered?
The most memorable — the logic in company N, which allowed blocking any account via several endpoints in different services, connected into one network.
How much time on average do you spend bug hunting per month?
I try to devote 10 hours per week, but often I cannot allocate that much time.
What tools do you usually use for bug hunting?
Basic set: Burp Suite, dirsearch, Nmap, a modernized sqlmap, endpoints, I am trying to introduce AI agents into BB.