Loading post ...
Hackers Spotlight
Last Update: 31 May 2023 . 12:37 PM
in
Hackers Spotlight
.
General
Interviewed By: Kassem Bazzoun & Saugat Pokharel
In today's "Hacker Spotlight," we shine a light on Youssef Sammouda, an exceptional cybersecurity expert from Tunisia. At the age of 23, Youssef has already achieved remarkable success in his field.
His journey began at the tender age of 12 when he first discovered his passion for computers. This ignited a self-motivated drive to learn coding and, at 14, dive into the intricate world of hacking. Youssef's early interest was particularly focused on the exploration of web vulnerabilities, understanding their detection, exploitation, and mitigation.
By the age of 17, Youssef had immersed himself in the challenging yet rewarding world of Bug Bounties. He continues to significantly contribute to the cybersecurity community, skillfully identifying and resolving vulnerabilities. His academic path was short-lived, with only three months spent in university before he decided to follow a more non-traditional route. Youssef's tale is a testament to the fact that conventional education isn't the only pathway to success.
In 2019, Youssef achieved a significant milestone, securing the top spot in Meta's bug bounty hall of fame, an honor he has held consistently since then. He is particularly renowned for discovering critical Account Takeover vulnerabilities, protecting countless users from potential cyber threats.
As we navigate further into Youssef's unique journey, let's dive into the Q&A session.
Read along as we reveal insights from this accomplished top researcher in Meta's Bug Bounty program. Let's begin.
What inspired you to become a security researcher, and how did you get started in the field?
I always liked computers and programming. One day I had one of my web applications nearly hacked and that inspired me to find out how they did it and how I will learn to do it too.
What led you to choose the Meta bug bounty program, and do you also participate in other bug bounty programs?
Meta bug bounty program was the perfect choice for me since it was user friendly, it had a big scope, they paid huge bounties compared to others at the time and the time to get paid after a report was short.
Could you walk us through your experience of receiving your first bounty from Facebook's bug bounty program? How did you feel when you first realized you had found a valid vulnerability, and what did you do with the bounty reward? Additionally, are there any interesting details or anecdotes from that experience that you'd like to share?
My first bounty from Facebook was when I was 17, two bugs that were found in fb.com subdomain. The two bounties were 500 dollars. However personally I believe the first report that I acknowledge is the one reported for a bug in facebook.com ( technically the third one ). This bug allowed me to generate access tokens for users as if they were pages and gave me a lot of permissions like accessing private user information. I got 10000 dollars for this one and that is what motivated me to continue hunting.
You've been the top-ranked researcher on Facebook's bug bounty program since 2019. Could you share some insights into how you achieved this feat, and whether it was a deliberate goal you set out to achieve?
I was able to achieve this with help from God and self discipline and hard work. I initially focused on finding the maximum number of bugs as possible but that was hard and didn't pay me as I wanted . After that I decided to follow another strategy which was harder, which was to only report critical bugs and invest more time in doing research.
ATO bugs are difficult to find and require a lot of persistence and dedication to uncover. How do you stay motivated and focused on this type of research, and have you ever felt frustrated or discouraged when searching for these types of vulnerabilities?
I stay motivated by the bounties i get, the shorter the time between getting a bug reported and being paid, the more i would get motivated to find more. The frustration and discouragement happens when i don't get paid as fast as expected and fairly, those are the main reasons that would make me switch to other programs.
Given your expertise in finding Account Takeover vulnerabilities, we're curious to know what you think would be the most effective way to motivate other researchers to pursue this type of research. What steps do you think bug bounty program managers could take to attract and retain researchers who are passionate about this area?
Have some documentation of some features, give access to some areas that are only available to some clients ( eg Suppliers ). Researchers should learn more about browsers, Javascript, Debugging , reverse engineering in Mobile..
In your opinion, what are some of the biggest challenges facing the bug bounty today, especially Meta bug bounty?
Keeping up with the reports sent while being in a certain budget and minimizing the number of employees due to economic problems.Have a decent report to bounty time.
Could you share your perspective on what you consider to be the three main benefits of the Meta bug bounty program?
Bounty amounts
Big scope
Beginner friendly
Additionally, are there any areas where you think the program could be improved or where there is potential for disappointment?
Time to bounty
Response time in reports
More transparency regarding dupes and also internal dupes.
Can bug bounty be a full-time job, and do you think AI will eventually replace bug bounty programs?
Yes it can, AI is not a problem for complex bugs that require deep research however AI would be able to find the common ones.
As a final thought, do you have any words/advice for the community, and any message for the Meta security team
Read old Facebook Write-ups, 2015 till today.
Meta Team:I know it's not easy. Keep the good work.
=====================
=====================
Yøunes Med: How to approach a target and where to focus more
There are many angles to approach a target, start with JavaScript files and collect from them Endpoints then test them manually against different potential vulnerabilities. Focus on new features.
Osama Eldosoky: How to find PostMessage bugs?
Learn JavaScript and read browser Specs
Ukay Savu ( 8 Questions)
1) How did you get interested in bug bounty hunting? Can you tell us about your initial experience?
Finding my first bug in Facebook motivated me to find more, money is the best motivation of course.
2. How do you keep up with the latest techniques and technologies related to bug bounty hunting?
Read white papers, attend conferences and engage with the community.
3. What advice would you give to someone who is just starting out in bug bounty hunting?
Forget about bug bounty first, focus on learning how to code, learn about vulnerabilities and way to find exploit and fix them, play a lot of CTFs
4. How do you balance your time between bug bounty hunting and other responsibilities?
I don't have a balance unfortunately.
5. Can you tell us about a time when you faced a particularly difficult challenge while bug hunting and how you overcame it?
I don't remember exactly but you can overcome any challenge with time and focus.
6. Do you have any opinions or concerns about the current state of bug bounties and vulnerability disclosure programs (specially meta) ?
They have to focus on the time to bounty.
7. What do you think is the most important skill for a successful bug bounty hunter?
Understanding how a technology or a feature works. This is a developer and a hacker.
8. What are your future goals in bug bounty hunting? Do you have any plans to expand your knowledge or explore new areas?
I'm expanding to other programs and starting with web3 hacking.
Ariyan Khan (2 Questions)
1) Which learning materials do you utilize for bug bounty?
Whitepapers, researches, Write-ups, articles, CTFs solutions, specs, published browser bugs tickets.
2) Briefly tell us about your methodology including vulnerabilities and toolings
Read javascript files, analyze them, find endpoints and attack the server side , find sinks and sources and attack the client side, tools are burp, chrome and dev tools inside chrome ( maybe also mitmproxy and fuff
=============================
We extend our heartfelt gratitude to Youssef Sammouda for accepting our invitation and sharing his invaluable insights with us. His dedication and achievements serve as an inspiration for budding enthusiasts and veterans in the cybersecurity field alike.
We would also like to extend our appreciation to the Researchers in Meta Bug Bounty community for their contribution in forming the questions for this interview.
Thank you all for reading this enlightening journey, and we look forward to bringing you more inspiring stories from the front lines of Meta bug bounty security researchers.
Follow Youssef Journeys!
