Brandon’s “hacking origin story”

Brandon grew up in central Illinois, surrounded by cornfields, cornfields, and more cornfields. While this meant that there wasn’t much to do, it did mean that he had a lot of time growing up to dedicate to programming and security. 

When he was roughly 14 years old, he wanted to understand how his game consoles and other electronics worked at the lowest levels. Disassembling video games, PC applications, and other software or firmware led him to software development, and eventually to a full time focus on cybersecurity. “If I hadn’t been so interested in how everything worked as a child, I likely wouldn’t have developed the early knowledge required to do all of the unique things I can today,” Brandon says. When he was around 16 years old, he wrote a video game software that was sold at stores like Walmart. Impressive! 

Brandon is very family-oriented and loves to spend time with his wife, two children, and two golden retrievers. Brandon got married in “The Valley of Fire,” which he jokes “sounds like the last place you should get married.” When describing his love story, he says, “I married my best friend—a woman who grew up in the same exact bedroom that I did. My mother bought her first home from my wife’s mother when I was about 15 years old and my wife was around 14. I moved into the room of the woman I’d one day marry before we had ever met. Just short of 10 years later, we began dating and were expecting our first child. It’s crazy how small the world is!”

While raising his family, he’s focused on software development for a steadier income, which has taken away some of his time from performing R&D in security, but he still finds the time to do what he loves. 

In his spare time, Brandon likes checking out new music. “I used to enjoy mostly rock and metal genres. Today, I’ve opened my tastes a bit more and have acquired a great deal of new genres, bands, and songs I never thought I’d enjoy!  It’s wonderful to respect the Top 100 but also enjoy a new EP from an underground metal band.” Rock on, Brandon!

Hacking specialties, tools, tips, and lessons learned

Check out our interview with Brandon below for more about Brandon’s specialities and methodologies, advice to get started, and hacking tips. 

What do you specialize in?

“I like to claim I specialize in embedded development and IoT/Hardware. However, to take on these technologies you have to have a solid understanding of various other areas (mobile, cloud, etc.).“

What methodologies do you use?

“I don’t have a specific methodology I incorporate. I tend to focus on many different pieces of hardware at once. If I get stuck with a particular problem or hurdle, I switch to a separate device altogether. It has both pros and cons; it makes it easy to let a project sit for too long or cause me to take much longer than I had hoped when I go to switch back and remember everything involved in where I left off.”

How long have you been hunting?

“I started in 2020, about when Covid started. In general, finding security bugs was always a big puzzle to me. If it’s built by humans, there’s always mistakes.”

How much time do you spend hacking each week?

“Part time. I have a 9-5 where I’m a Principal Security Architect and a third where I’m CSO. I spend most of my late evenings focused on bounties.”

What has been your biggest challenge while hacking? 

“The largest challenge has been learning to shut my brain off when tackling a new system. I’ll often leave my bed, go to my office, and try something that comes to mind. It’s always a good feeling to solve a difficult problem.”

Do you have any favorite tools or resources? 

“In the hardware world, there are so many tools that are not only necessities but derivatives of one another (like Serial/UART adapters). If I had to pick one, it would be my Saleae Logic Analyzer.”

Do you have any advice for new hackers?

“Study software development if you’ve never programmed. It will help a great deal if you need to better understand how or why a specific functionality may work.”

What’s an important lesson that you wish you learned early on in your hacking career? 

“I should have focused more on my structure and methods used when authoring reports. The report is just as important as the vulnerability. If the customer can’t follow, then it’s just as bad as not finding the issue in the first place.”

By the way, we have something that can help with that HERE

You’ve done so much in the hacking space already! What’s next for you?

“I hope to continue building my own security company that has a hardware focus.“

Hacking is strenuous work. How do you avoid burnout? 

“Stick to a specific number of hours a day or week and don’t think about the projects outside those times. I take time for myself where I can zone out or simply go for a walk. Cybersecurity can certainly take a toll on you and your immediate family if you aren’t careful.”

What are some goals you have for this year?

“I hope to take my daughter on a trip that I promised her if she got straight As through primary school. She pulled it off and bounties provide the extra income for us to do so.”

What is your ideal career?

“None! Retirement!”

Hacking impact

In the three years that Brandon has been hacking, he’s already earned life-changing rewards. The bug bounties he has received paid for nearly his entire wedding and a new car (all from a single program)! “I’ll always be thankful for the rewards given for helping companies secure their products,” Brandon said. 

We love working with Brandon here at Bugcrowd, and we’re happy to hear that the feeling is mutual! When asked why he hunts with Bugcrowd, Brandon says, “I’ve gotten to know so many people (both hackers and Bugcrowd employees). They’ve all treated me with respect. Getting to work with others that are certainly more skilled is humbling and provides the chance to learn a great deal about certain areas I have potentially overlooked or could optimize.” 

Thank you so much, Brandon! We’ve really enjoyed getting to know you on and off the hardware. Follow us on X, Instagram and Discord for updates on hacker content and events!

The post Hacker spotlight: Brandon Reynolds appeared first on Bugcrowd.

What is the Hacker Cup?

The Hacker Cup is a chance for hackers to build a team of 3-5 players and compete for a chance to win a grand prize of $10K and exclusive swag. Teams work together to hack participating organizations and earn points based on submission criticality level.  

Hacker Cup 2023 Results

Congratulations to the winning team, Team 12345, consisting of hackers ZwinK, r0ver, and Nim5079! And shoutout to all the hackers who qualified for the tournament, especially our top eight teams who made it to round two and beyond. 

Hacker Cup Week 2: Check out the latest standings for a glimpse into the exceptional skills driving the competition forward!

Top 8 teams:
𝟏: {“teamName”:12345}
𝟐: Jujutsu Hackers
𝟑: Flysec
𝟒: TESS’s Squad
𝟓: Tamil Pasanga
𝟔: Str4Hat Pirates
𝟕: The Boys
𝟖: ByteHunters pic.twitter.com/sN68lVCQ6k

— bugcrowd (@Bugcrowd) November 21, 2023

The hackers weren’t the only winners from the event. This year, over 70 different bug bounty programs opted in to participate, with 15 customers offering bonuses to their bounty payments. The majority of customers had at least one valid (non-duplicated) vulnerability identified during the testing period. 

Thank you to all customers who participated in this year’s Hacker Cup across all public and private programs. 

And of course we can’t forget the best part…swag! Most hackers know that Bugcrowd is the GOAT when it comes to swag. Check out some of the swag hackers won in the Hacker Cup! 

Future Hacker Events

In 2024, we are hoping to double the efforts and come back with more opportunities for hackers to engage in competitive environments, while making customer’s safer with their results. 

If you’re interested in participating in more events like the Hacker Cup, qualifications will be released later in the year. You can refer to the previous participation criteria to prepare for 2024 as a start. 

The post Hacker Cup 2023 Recap—Big Payouts, Hacker Collaboration, and Awesome Swag appeared first on Bugcrowd.

But don’t take our word for it. Read on to learn more about Cinzinga, his approach and what he gets up to in his free time! 

Go on; tell us about yourself. Do you enjoy sports or any sort of physical activity?

“I think it is important to spend time away from the computer screen each day. I try to take a break in the middle of the day to take a walk as well as exercise an hour each day after work.”

Where did you grow up?

“I grew up in the North East, US in New Hampshire.”

We must know. What’s a fun fact about yourself!?

“One of my hobbies outside of cyber security is home brewing. For the last 3-4 years I have been brewing and canning my own beer. It’s a great hobby and my friends love it (no one turns down free beer).”

Free, home-brewed beer a good time with pals

Ok. Let’s talk hacking! How did you get into the Cybersecurity space?

“My journey into cybersecurity started in mid-2019. Originally, I was actually going to school for chemical engineering; however, ultimately that path was not the best fit and I needed a change. In mid-2019 I began self-studying for some popular cyber security certifications, such as CompTIA’s Security+. After completing that certification, I learned about Offensive Security’s OSCP certification. At the time, the idea of a practical, hands-on certification enthralled me, so I began studying for that course and was able to complete it by the end of 2019. Moving into 2020 is when I first learned about bug bounty hunting. The idea that I could test my skills against real companies to learn various attacks was very appealing. It was in March of 2020 that I made my account on Bugcrowd.”

What do you specialize in?

“I enjoy bug bounty programs that focus on a single main application rather than a wide scope. I find taking the time to deeply understand the application leads to more interesting and impactful issues.”

We respect your meticulous approach

What and/or who first sparked your interest in hacking?

“No specific person has gotten me into cyber security. However, I have met many great people I would consider mentors and have found the community very welcoming and supportive.”

How long have you been hunting?

“At this point I have been bug bounty hunting for approximately 3.5 years.”

You started hacking and brewing your own beer at about the same time

How have bug bounties impacted your life?

“Bug bounty hunting has had a tremendous impact on my life. It has given me the opportunity to hone my cyber security skillset against hardened targets. Bug bounty has also directly impacted my career, as companies recognize my time as a bug bounty hunter and consider that experience equivalent to work experience, allowing me to start working as a mid-level pentester right out of college.

Additionally, through bug bounty I have met many amazing hackers at live hacking events and conferences such as DEF CON. It is a great community to be a part of and I have met many great mentors doing this work. I am extremely thankful for the rewards earned through my time as a bug bounty hunter.”

Are you a part-time or full-time hacker? How much time do you spend hacking each week?

“I currently work full-time as a pentester for the company White Oak Security. However, I try to spend a few hours each morning working on interesting bug bounty programs. The time spent varies depending on the number of programs I am currently working on.”

Do you have any advice for new hackers or people transitioning into bug bounty?

“The importance of writing a good report cannot be understated. First, having detailed steps to reproduce your findings will aid in the triage process. Next, outlining the impact clearly will prevent disagreements on severity. Finally, having remediation steps is beneficial for the client. 

If a report has all these things and you are still disappointed with the outcome, Bugcrowd’s “Request a Response” feature has helped me get mediation quickly.”

We’ll take this opportunity to do a shameless plus : Request a Response

Why do you hunt with Bugcrowd?

“Starting out, Bugcrowd’s VRT made it very easy for me to understand what counted as a valid bug bounty submission. Moreover, the Bugcrowd staff has always been great about helping researchers. Early in my career, a number of people from the Researcher Success team encouraged me to work on the Bugcrowd platform. Everyone from Bugcrowd is always a pleasure to interact with and it is those interactions that have kept me hunting on Bugcrowd. Hacking is strenuous work.”

Hacking is strenuous! We’re so thankful for all the work you put in

How do you avoid burnout?

“Sleep is important! I personally try to avoid late night hacking sessions in favor of a good sleep routine. This way I am fresh and ready to go in the morning. 

Additionally, it is important to socialize and step away from the computer to live a balanced life.”

We couldn’t agree more. Quality sleep and good conversations are so important.

What are some goals you have for this year?

“While 2023 is almost over, I am looking forward to next year and hope to remain active on Bugcrowd, participate in more live hacking events, and continue to be a part of the hacker community as well as meet more people at next year’s DEF CON.”

What’s your ideal career?

“I am already in my ideal career! :)”

And we love that for you Thank you so much Cinzinga! And thank you so much to all hackers putting in that hard work. Keep an eye on Bugcrowd via our Twitter and Instagram, and don’t forget to join us on Discord. Sign up for a researcher account today to start your hacking journey!

The post Hacker Spotlight: Cinzinga appeared first on Bugcrowd.

Not only is he an accomplished hacker, but he’s also super chill, easy going and prioritizes his health and fitness. Keep reading to learn more about Dipen!

Tell us about yourself What does your life look like outside of hacking (family/hobbies)?

“I love to go for a workout, long runs, and visit new places to keep myself occupied. This helps me to stay focused and avoid burnout between bug bounty and work.”

Exercise is important for the mind and the body

What kind of music do you enjoy?

“I listen to almost any music; however, it depends on my mood as I’m not very much into music.”

 Do you enjoy sports or any sort of physical activity?

“Yes, I love playing cricket, squash and going for long runs is always my go-to physical activity.”

You must have some healthy lungs!

Where did you grow up?

“I grew up in India”

Let’s talk hacking! How did you get into the Cybersecurity space?

“I always had curiosity about computers, although my initial background was far away from computers. However, I had an interest in cybersecurity during my undergrad days. My main motivation was to break things, and I started exploring to convert my passion into a professional career, after little bit of research I was introduced to Penetration testing, bug bounties and that’s how eventually I got into cybersecurity.”

Breaking things is just plain therapeutic  

What and/or who first sparked your interest in hacking?

“My curiosity to know how one can hack into computer systems sparked my interest. I had very limited knowledge of computers when this thought struck me. That’s when I started exploring hacking and eventually got my hands on some Remote Access Trojans (RATs) for testing purposes.”

We love that you started with so little knowledge and now you’re very successful. As they say, “started from the bottom now we’re here.” 

How long have you been hunting?

“I have been doing bug bounty for more than 5 years now.”

How have bug bounties impacted your life?

“For most of the part, I would say positively. It’s always a great experience to learn new things as you interact with new targets, however there are days or weeks when you don’t find anything, that is when the actual burnout starts.”

Yikes. Burnout is no joke. Can’t wait to hear how you manage that

Are you a part-time or full-time hacker? How much time do you spend hacking each week?

“I would say a full-time hacker, I spend around 20+ hours in total per week.”

What has been your biggest challenge while hacking? How did you overcome it?

“Staying ahead of the curve, I am still trying to figure out how to overcome it Always staying curious and focused definitely helps though.”

Curiosity definitely sounds like a theme with you and all hackers. 

Do you have any favorite tools or resources? What are they?

“Burp will always be my go to tool while testing web apps. I love reading tweets and blogs related to various research that is being actively performed.”

Do you have any advice for new hackers or people transitioning into bug bounty?

“Keep learning and trying, this will help you succeed.”

Just keep swimming #IYKYK

Why do you hunt with Bugcrowd?

“I find it very easy to interact with most of the triagers, friendly staff, well organized researcher portal and most importantly, a wide variety of unique products to test and work on.”

Thank you! We love interacting with you and all hackers. You all are the best

Hacking is strenuous work. How do you avoid burnout?

“To avoid burnout, I take breaks every now and then. Getting disconnected always helps.”

As people who spend so much time in the digital world, disconnecting from it for a bit has got to feel good. 

How do you take care of yourself and your mental health?

“Spend quality time with family.”

Where do you see your journey going from here?

“I’m still learning new things everyday, so I’ll keep doing what I’m doing and see where I land eventually :)”

We think you’ll land somewhere super awesome

What are some goals you have for this year?

“Nothing as specific, grab one opportunity at a time.”

What is your ideal career?

“I’m still figuring that out It may take a while before I decide where I end up.”

Anything else you want to include!

“Hoping for some good time with Bugcrowd”

And good times you all shall have To learn more about your fellow hackers, don’t hesitate to follow on Twitter, Instagram, and LinkedIn and don’t forget our Discord! Are you ready to join the hunt? Sign up for a researcher account today and start your hacking journey!

The post Hacker Spotlight ft. Dipen appeared first on Bugcrowd.