current position:Home page > assistant >

[paytm real cash game]Indian girl gets over Rs 22 lakh bounty from Microsoft for finding bug in Azure cloud system

2021-09-08

  Aditi Singh, a 20-year-old ethical hacker from Delhi, has won a reward of $30,000 (approximately Rs 22 lakh) for spotting a bug in Microsoft’s Azure cloud system. Aditi, who found a similar bug in Facebook just two months back and won a bounty of $7500 (approximately over Rs 5.5 lakh), says that both companies had a remote code execution (RCE) bug, which is relatively new and is currently not being paid much attention to. Through such bugs, hackers can get access to internal systems and the information they hold. Aditi notes that it is not easy spotting bugs and that ethical hackers have to stay on top of their game about new bugs, so they can report about them and still be eligible for their payouts. She, however, also emphasises on gaining knowledge and learning about ethical hacking first, rather than focussing on just making money.

  “Microsoft has only fixed the bug which I spotted two months back. They have not fixed all of them,” says Aditi, who was the first one to spot the RCE bug and said that the tech giant took two months to respond as they were checking if anybody had downloaded its insecure version. Aditi suggests that before even starting to find a bug, people should ask the support team of that company ask if they are hosting a bounty program, and if that company confirms about such a program, bounty hunters should go ahead.

  Bug bounty hunters are mostly certified cybersecurity professionals or security researchers who crawl the web and scan the systems for bugs or flaws through which hackers can sneak in and alert the companies. If they are successful, they are rewarded with cash.

  Talking about the RCE bug spotted in Facebook and Microsoft, Aditi explains that the developers wrote the code directly when they should have the first download a Node Package Manager — which is a subsidiary of GitHub where anybody can access the codes from these companies as they are open-sourced. “Developers should write codes only after they have the NPM,” she says.

  Aditi has been into ethical hacking for the past two years. She first hacked into her neighbour’s WiFi password (which she considers a personal feat), and there has been no looking back ever since. “I took an interest in ethical hacking when I was preparing for NEET, my medical entrance in Kota,” Aditi says. “I didn’t get through in medical school but have found bugs in over 40 companies including Facebook, Tiktok, Microsoft, Mozilla, Paytm, Ethereum, HP, among others.” She has also received appreciation letters from Harvard University, Columbia University, Stanford University, University of California and has also been highlighted in the Google hall of fame.

  “I was certain I wanted to get into ethical hacking after I reported an OTP bypass bug in TikTok’s Forgot Password section and won a bounty of $1100,” says Aditi, who is self-taught and notes that anyone who can access Google and Twitter can become an ethical hacker.

  “There are multiple resources and Google, Twitter and Hacker One that have write-ups with explanations about ethical hacking,” Aditi says. She further adds that she was hired for a job after hacking into the company’s application. “They did not ask for my qualification but only saw my skills, and I was hired.” Aditi notes that if people want to get into advanced learning of hacking, then they should know a programming language — either Python or JavaScript. She also suggests OSCP, which is a certificate course aimed at helping bussing ethical hackers. Ask her where she spends her “bounty”, and she says most of it goes into buying hacking tools or spending on certificate courses about hacking.

  Live TVALSO READ: | Apple MacBook Pro M1X launch may happen this year, here is what to expectALSO READ: | Realme C11 2021 with 8-megapixel camera now available for Rs 6,999ALSO READ: | Mi 11 Lite first sale in India today and here is what you need to know before buying