An Interview with an Ethical Hacker and Bug Bounty Hunter

An Interview with an Ethical Hacker and Bug Bounty Hunter

Henry Dalziel | General Hacking Posts | August 5, 2016


What will you learn in this post?
We’ve interviewed a bunch of ethical hackers and penetration testers over the last few weeks such as Georgia Weidman and Yehia Mamdouh and we’ve also asked a bunch of questions to expert hacking tool developers such as Daniel Cid (co-founder of Sucuri) OSSEC HIDS, THC Hydra, cURL, and NetworkMiner – and this time we are really honored to have an amazing cyber professional: Filippos Mastrogiannis. In this post you’ll lean some tips from an incredibly talented Bug Bountry Hunters! Filippos has been acknowledged by 25+ companies including Google, Facebook, Twitter, Yahoo!, PayPal and Microsoft for reporting security vulnerabilities. Seriously, the honors and awards that Filippos has achieved are very impressive – here are just a few of them: Discovered & Reported Vulnerability at Deutsche Telekom, Bugcrowd, Automattic (WordPress.com), AT&T, Facebook, Sony, PayPal, GitLab, Pinterest, Twitter, Sucuri, Yahoo! and Google – and many many others! So, who better to learn from if you’re interested in becoming a Penetration Tester (Bug Hunter) than this talented cyber pro!


Henry, Concise
As a highly experienced bug bounty hunter, and having been acknowledged by 25+ companies for reporting security vulnerabilities, what is your favorite hacking tool to use, and why?

Filippos, Pentester and Bug Bounty Hunter
I am using the Burp Suite a lot. It is my favorite tool. I have also created my own python scripts in order to help me with the bug bounty hunting. I am versatile and I am trying to use whatever its needed and what’s best to achieve my goals. I am constantly trying out new things and at the same time I am using my imagination to come up with my own methods.

Henry, Concise
What are your favorite resources to use when learning about the latest vulnerabilities? In other words, where do you get your knowledge from?

Filippos, Pentester and Bug Bounty Hunter
I learn the latest vulnerabilities from exploit-db.com and from the full disclosure mailing list.

Henry, Concise
What advice can you give to our younger audience interested in learning about bug bounties?

Filippos, Pentester and Bug Bounty Hunter
The advice I always give is to be patient and don’t give up. Every company even Google has serious vulnerabilities that are not known to the public. Always have a plan in mind and try to keep it and achieve your goals. Try to attend as many workshops as possible. Be informed about the latest achievements in the field. Meet people with the same passion to discuss with. That’s a great way to keep you motivated.

In summary
Thank you to Filippos for sharing some advice, thoughts and tips on how to be a better bug bounty hunter!

Leave a comment or reply below...thanks!