Aditi Singh, a 20-year-old Delhi-based ethical hacker, was awarded $30,000 (Rs 22 lakh roughly) for detecting a bug in the Microsoft Azure cloud system. Just two months ago, Aditi uncovered an issue in Facebook and got a $7500 (around Rs 5.5 lakh) bounty.
She further claims that both these firms have a relatively new remote RCE problem, but that is something new and is not paid much attention comparatively. With such weaknesses, hackers can access and maintain information on their internal systems.
Aditi points out that it isn't simple to locate vulnerabilities and that ethical hackers need to keep up with new bugs in their game, report them, and still be eligible for pay-outs. She does not only emphasize getting money but also stresses gaining knowledge and learning about ethical hacking first.
“Microsoft has only fixed the bug which I spotted two months back. They have not fixed all of them,” claimed Aditi, the first one to notice the flaw on the RCE. She added that the tech giant had taken almost two months to answer as they checked whether anybody had downloaded its faulty version or not. Aditi believes that individuals must ask the company's support team to host a bonus scheme before they even begin to uncover a bug. And, if the company confirms such a scheme, bounty hunters must yield results.
Bug bounty hunters are mainly trained and certified cybersecurity professionals or security researchers who scan the web for bugs or loopholes via which hackers can sneak in and notify the company. Individuals are awarded cash when they succeed.
Aditi explained that developers wrote the code immediately when a Node Package Manager was first downloaded –which is an affiliate of GitHub, where anyone can view the codes of these enterprises as they are open sources.
For the last two years, Aditi has been ethically hacking. She first broke into the Wi-Fi password of her neighbor (which she sees as a personal triumph) and she hasn't looked back since.
In addition, she has earned letters of appreciation from Harvard University, Columbia University, Stanford University, and the Google Hall of Fame.
“I took an interest in ethical hacking when I was preparing for NEET, my medical entrance in Kota,” Aditi says. “I didn’t get through in medical school but have found bugs in over 40 companies including Facebook, TikTok, Microsoft, Mozilla, Paytm, Ethereum, HP, among others."
She immediately knew after reporting an OTP bypass bug in the TikTok Forgot password section, she intended to go to ethical hacking and also received a bounty of 1100 dollars.
“There are multiple resources and Google, Twitter, and Hacker One that have write-ups with explanations about ethical hacking,” Aditi says.
Aditi emphasizes that if individuals want to learn more about hacking, they need to know Python or JavaScript, a computer language. She also proposes OSCP, a credential program designed to help ethical hackers in bussing. She also says that most of her bounty goes into buying certified hacking courses and tools.