It has been almost a month since we published our last interview, which was an interview With Pakistan’s Youngest Hacker “Muhammad Shahzad”. And we’re constantly trying to bring such hackers and talented programmer to spotlight and this is another such interview, and this interview is a little bit personal one. Yaap may be this is the first time I’m interviewing one of my friends, Ashutosh Kumar. He is my friend and classmate, when I studied in Vikas Vidyaniketan, Vizag. A naughty, smart-ass guy who was always busy pulling legs of his friends, but things changed in just a few years, both finished our intermediate and joined different colleges and I, along with my team was searching for hackers and innovative people from all over the globe. Suddenly, one day I came to know about him, on Facebook that he’s been a member of Automattic’s Hall of Fame, the company and the platform we’re on and later on he continued working on different projects and a researcher in CENTER FOR CYBER FORENSICS & INFORMATION SECURITY, a cyber forensics organization always researching about threats on the world wide web and computers.
So, let’s move into the interview before you get bored of all these.
1. Can you please tell a little about yourself to iGadgetsworld?
Ans- Hi all. I am Ashutosh Kumar aka “ashutoshacker”. My name is my inspiration. I have to prove my name successfully and I am trying too. Basically, I am pursuing B.Tech-Comp Science from Amity University Lucknow Uttar Pradesh. I do research for CCFIS (Center for Cyber Forensic and Information Security) as Security Researcher at Amity University Noida. I love to research especially in web-applications & Advanced Persistent Threat. I spend around 8 to 10 hours every day for my research. As a good responsible citizen, I have helped several cybercrime victims of my college.
2. When did you start developing an interest in this field?
Ans- 3 Years back I met with a person who is a great security professional Chief Architect & co-founder at CCFIS. And I was shocked after watching his works. Many things which were not possible by us was his work which he was able to do it in minutes. That made me enter into this field and truly saying I love this field. Also, I met one of the famous security researcher Of India Mr. Prakhar Prasad from which I inspired for finding security Vulnerabilities in Systems. He told me many things whenever I was wrong in anything He told us about the right things. His posts, blog articles inspired me to find vulnerabilities. We learned many things from his posts only.
3. What was your first hack and what kind of security vulnerability did you find out?
Ans- I prefer not to say but it was a revenge. It was Blind SQL Injection by which I was able to bypass the login screen of the ERP panel which the staffs were using in that college. I was able to see their usernames, passwords, and modifying data was also possible. But as that victim organization was somehow related to me in past and hence I responsibly submitted the issue to them. And I was shocked to see the result, the organization neither fixed the vulnerability or responded my multiple emails.
Let me show you the screenshot. This was screenshot taken by me at that moment only.
4. What was the reaction of your friends and other people when they came to know about your skill?
Ans- When they knew about my skill.Many people inspired me to do more. They told me to find out vulnerabilities in those websites who are listed for finding security vulnerability.
Many people told me to leave this whole field as it was full of risks and all. But I think they were wrong because No work is dangerous for anyone unless and until we know how to do it.
The moment we will know how pieces of stuff work properly that moment it will be useful for us.
5. Till now, have you received any bounty? Or have just got an appreciation for your work?
Ans- For a security researcher, a safer cyberspace is more precious than any bounty or hall of fame. Bounty amount is honorary monetary benefit offered by companies to respect our devotion towards internet community. As a hacker from the heart, I do love to maintain some privacy and hence I would not like to speak more on this topic.
6. Did you hack into any of your friends PC or website, just for fun?
LOL. I have tried sometimes But In my case, I use to tell them that today I am going to do this to your system. But yes not targeted anyone’s PC without permission.
7. What are you studying now, and what are your main interests in this field?
Ans- I am currently pursuing B.tech in Computer Science and have a lot of interest in my subjects. My area of Interest is Networking, Developing, Programming, Malware Analysis and Vulnerability Assessment.
8. Can you please name the companies who appreciated your work?
Ans- Sure The companies who appreciated were Acer, Motorola, Delhi Police, Airtel, Mirrorcreator, and companies which I am in Hall of Fame, which are Google, Automattic, Nokia and a few others.
HERE ARE A FEW SCREENSHOTS:
9. Can you please mention a few types of vulnerabilities that you have found out? And explain a little bit?
Ans- Sure bro my best finding till now was in Acer which was an error based SQL injection which leads me to download all the usernames and passwords of employees working in Acer.
Generally, In checking or testing in websites I first check for its open ports and networking parts like Ip scanning and then I come to Application Vulnerability part Like Cross Site Scripting, Cross Site Request Forgery, Broken Authentication, SQL Injection and many more. Generally, I Follow Owasp Top 10 vulnerabilities for finding.
10. Did any company offer you a job?
Ans- No not till now but I think I will get a good job very soon as this is my last year and I have full confidence in me and my skills.
11. What is your dream company that you want to work with?
Ans- Many are there. If I will start writing. I don’t know How much I can write about my dream companies.( Naam Nahin lenge agr nahi hua to muje chidaynge sab 😛 papi dunia)
12. Are you going to start your own team or work an an individual
Ans- For this, I want to work with my Team because nothing is impossible in teamwork. I love to work with My team.
13. What are your future goals? A job based on your qualifications or the HACKER LIFE?
Ans- No. A job Based on my qualifications. I want to go to Govt IT services. and Hacking and Security is my passion. I respect this field and will continue doing my researches and learning stuff.
14. What are your hobbies, apart from hacking?
Ans- Apart from Hacking I love singing Sufi Songs and learning latest technology stuff are my biggest hobbies.
15. Any words for the iGadgetsworld team? Wanna share anything interesting with us? Just do it.
Ans- Just I will say to all that learn everything from Google and YouTube. There are no better teachers than them and please avoid running behind the posters which tell you to learn ethical hacking in just 2 months. They will just take your money and you will be blank after that also. Because Anyone cant teaches you hacking unless and until you practice it hard. Yes, there are chances of failure and rejections but they are the only first step to success. Good Luck.!! If anyone has any doubts, or need any kind of help they may contact me anytime. I will try to respond as soon as possible. Here are my contact details: