With the recent launch of the Bugcrowd Ambassador program, we will share stories from our global hacker community. This week we’re putting the Spotlight on Phillip Wylie, a Bugcrowd Ambassador in Texas, USA.
Follow Phillip on Twitter @PhillipWylie
Phillip has a great passion for teaching and mentoring others, leading him to his latest effort: The Pwn School Project. Through Pwn School, Phillip is providing free pen testing education to his community in Dallas, Texas. If you’re in the Dallas area, check out one of his upcoming meetups.
How long have you been in the industry and how did you get started in security?
- “I got into security after 6.5 years of working as a sysadmin. I moved into network security in 2004 and then application security in 2005. In 2012 I started my pen testing career and spent my first 5 years in consulting. I got into bug bounties as a way to further improve my hacking skills through some of the unique techniques used by bug bounty hunters.”
What advice would you give to someone who is starting out as a beginner?
- “Learn the underlying technologies of systems, networks, applications and hardware first. Then move on to hacking. It’s easier to break it if you know how to build it. If you get command line access to a Linux server and you don’t know the operating system you are not going to get very far. A lot of people want to start out hacking, but you are going to have a difficult time if you don’t understand the underlying technology.“
Tell us about your favorite pentesting tools & why you use them.
- “Burp Suite, SQLmap, nmap and Nikto. Burp Suite is a have to have tool for web app pen testing and I like using the CO2 plugin which makes working between Burp and SQLmap more seamless. Nmap is great for discovering open ports and identifying services running on target systems, as well as the NSE scripts that enhance nmap’s functionality. Nikto is an often overlooked tool for fingerprinting web servers and frameworks, and vulnerabilities. I’ve found default creds on systems that Nessus missed.“
Do you have a hacking tip for others that you can share?
- “You need to learn how to manually perform hacking techniques and not be dependent on tools to automate attacks and vulnerability testing. It will help you better understand and use the tools effectively.“
How have bug bounties impacted your life?
- “Bug bounties have impacted my life by teaching me skills that I didn’t know of doing traditional pen testing. Bug bounty hunters have some really unique techniques that are helpful in pen tests.“
What do you do you like to do in your free time, outside of bug bounties?
- “I like to spend time with my family and friends in my free time as well as watch movies. Although it is technically work, I teach ethical hacking at a community college. I like to attend security and hacker meetings as well as I run my own meetup called The Pwn School Project. I really enjoy being involved in the security and hacking community.“
Thank you so much to Phillip for his time and for his great contributions to the bug bounty community!
Interested in becoming an ambassador? Apply to become a Bugcrowd Ambassador today!