My hacking story: Its a Journey, not a destination

Manas Harsh
7 min readJan 3, 2023

--

Source:- Google
  • Background
  • Schooling
  • College
  • BCA and Hacking fever
  • Jobs & struggle
  • Hacking Events and Synack
  • Hacker friends
  • Upcoming plans

If you are reading this blog, you know me. I write contents, contents on hacking, appsec etc. Apart from it, I have a Free mentorship program as well which is going on. Stick with this blog and you will get something out of it.

  1. Background:-

I am from a small village in Munger district, Bihar. My family background was “below poverty line” though we are Brahmans. I had no big, fancy dreams like many of you guys because I had not seen many things till I went to college. I will explain later in this blog. My home was kind of “Indira Awaas” where we were not even covered with proper windows and gates. When it used to rain, we used to get rain-drops on our bed. But I was happy since I had to do nothing with these things as long as I was a kid.

2. Schooling:-

I went to the government school in Bihar till 10th. It was a Hindi medium school and teachers were of no use to be honest(I respect them though). we didn’t have bench and desk in our school till 8th standard. I’m sure a lot of people from my age can relate to this where we used to sit on grass and study. I had never seen a computer till 10th.

3. College:-

In Bihar, 11th and 12th are considered college(Juniour’s college in many places). It was Hindi medium too. Though I was a PCM student, I never liked theories. I got 56% marks in 12th. I never went to college for 2 days in a row in these 2 years. Unfortunately even after a lot of tries from my parents, I never took studies seriously. Again, no computers/hacking till now.

4. BCA:-

I took admission in BCA in one small college in Patna. My parents wanted me to try in government Jobs but somehow I escaped the path xD. About B.Tech, it was not like I didnt want to do it, I wanted it badly, but we didn’t have money to pay for it. BCA was one of the best thing happened to me and those three years(2015–2018). I was an average student TILL I HEARD ABOUT HACKING IN 2017, IN MY 2ND YEAR OF BCA. it started like this:-

Hacking fever:- I was watching a movie called “swordfish” and a guy, the hero of the movie was a hacker in this one. I liked the movie, of course he was using it for bad things. Then I searched many movies based on hacking. I came across blackhat, wargames, etc. Mr. Robot tk aate aate toh ye junoon bn chuka tha. I started searching terms such as hacking, cyber security etc, and came to know many things. This was the year I hacked first WIFI from my mobile device from an app (forgot the name). I came across many things in last year and used many open-sourced tool for DOS, info gathering etc. I also learned a bit of linux in this phase. This was a cool time period.

5. Jobs & struggle:-

In the hacking obsession, I forgot campus hiring is getting started and I studied nothing, literally nothing. Only two companies came:- Wipro and TCS, and as expected I didn’t get selected in either of them. I mean who will hire a guy with ZERO programming knowledge and no communication skills. Let me mention I used to stammer a lot and that restricted me to get in as well. I used to stammer that much sometimes I couldn’t speak my own name properly, many times. People used to tease me for this and that worked as a motivation I guess :d.

Struggle:- So, I came to bangalore with no job, only with hopes. Since all of my friends got selected/ got busy in other things, I was the only one with nothing in my hand. I started giving interviews, got rejected 30+ times in customer support jobs. First job I got was in Microland, and they used to pay me 9k INR/month which is $120 these days. It was in 2018–19. I worked for a couple of months there and frustrated me left the job, got rejected in another 5–10 interviews, got one job in concentrix for INR 16k. I had to work in multiple shifts which included one 5PM-1:45 AM shift where I had to walk at night for 3kms daily since there was no bus that time and I couldn't afford cabs. I was doing this all for my CEH cert which was very valuable to me that time. I did it somehow and left this customer support job in Dec 2019.

After CEH, I started searching jobs in security domain but no one was offering such job to a fresher(it is still an issue in India). Somehow after so much struggle, I got a INR 9k/month job in Mumbai. I didn’t care about money because I just wanted to get into security. In between, I escaped my lunch and dinner many times because of no money. I never asked money from parents after leaving my hometown since my papa used to earn only 12k and we were 5 members so It felt bad.

Hacking Events and Synack:-

Then, as we all know, shiny morning comes after dark night, best things started happening in my life. I went to OWASP SEASIDES first time in 2020. I was doing some portswigger labs and other things as well and I had created one account on bugcrowd for fun. In seasides, I met this guy called Udit Bhadauria, he was way ahead than me since he had some good time in bugcrowd and some guys were sharing their bug bounty life there. He was the one, and another guy called Shailesh, who introduced me to bug bounties. We discussed many things and first time I met many hackers at same time. This was just before Covid, 2020 march.

First bug and bugcrowd:- After coming from seasides, I started proper bug bounties. It didn’t take me long to find the first valid bug as I reported an IDOR to OYO and they paid me around 350 USD(25k INR was the exact amount). IDOR is my fav bug since then.

I watched a lot of, lot of videos, streams of Nahamsec, Jason Haddix, Sean (zseano) my fav etc, and learned a ton of things in first lockdown. I submitted many bugs in VDP programs in bugcrowd, a few paid bugs and entered into top 400 in Bugcrowd. I also followed Nikhil bhai(Nikhil (niks)) who has been amazing. He was the only guy who replied me in starting, that too on FB lol.

Some people didn’t like it, they played games with me, and put me in some controversies. I didn’t care much as I started bug bounties on Google VDP.

The another best thing in my life happened when I got into Synack and rest is history. Synack was like dream coming true as I submitted a lot of bugs and got a lot of money from it. Moreover, I got to know a lot of amazing guys, and learned a lot from them.(Still doing it). I have written many blogs on some of my findings there. I recently completed my 100k from it as well.

I started my podcast as well which was still going on till last year. I stopped it due to some reasons, maybe I will start it soon once I get settled properly.

I joined Netskope as a security analyst and I think this is an amazing company. Great team, great minds and great Infra!

Hacker friends:-

When I was working in my customer support job, Shailesh was the first guy who introduced me with bug bounties and all. That was the time when we used to discuss about STOK, and in Bsides Ahmedabad, he did a Video call with Stok and let me talk with him.

In seasides, I came across Udit and Harsh Bothra, who is still my very good friend. Actually Harsh was the guy who helped me getting in Synack since He was in Synack already. He also helped me in learning many things about Appsec.

Then, RajVeer, Jerry, Himanshu and many other guys are very good and brilliant minds.

There were many other guys from my previous Organisations who were good and I learned/still learning many things from them.

Some of the guys from Synack are my good friends and we collab sometimes.

So, why did I write this? Did I do it to show how poor I was and now I am rich? Or I have achieved many things from bounties and showing off?

No, these are not the reasons. I wanted to show you that IF I CAN DO IT, YOU CAN DO IT TOO. There should be no excuses if you are willing to work hard and really mad at achieving something from this life. You just need ONE strong reason to accomplish your goals.

Upcoming plans:-

  • Since I have started mentorship, I will keep helping people out there who needs it. I know I won’t be able to help you all, but whatever I know, I want to share with people because when I started, there was literally no one to guide me.
  • Many blogs, write-ups are coming this year as well. Wait for them:)
  • I will try to attend as many events as I can and meet different people. Sometimes people are not the same as they seem in social media.
  • I will start my podcast again, and invite amazing infosec guys to talk.

I just wanted to share this. I hope you get something from it. DM me on twitter if you have any questions, concerns etc.

Cheers!

Twitter:- @manasH4rsh

--

--

Manas Harsh

Security Enginner | Synack Red Teamer | Writer | Learner, achiever & Contributor