Hacker Interview #2: Alvin “Steiner254”

Learning cybersecurity comes in many forms: technical practice, lab workshops, and also writeups. Bug bounty hunter Alvin, going by the nickname Steiner254, is doing exactly that — sharing what he has learned in form of writeups that guide other white hats and help the author to put together everything and remember better.
To explain why and how he does it, here’re a few questions and his answers about his hacker routine.

👨🏽‍💻 Your most memorable hacking challenge?

It was DEF CON 29 Red Team CTF. I had a different experience from all other hacking challenges that I had participated in initially but I and the team managed it to the finals. It was the most competitive challenge and one that shall remain in my memory but I learnt a lot.

👏 What do you think is the most important in hacker competitions?

For a participant like me — having gifts like SWAG, token rewards, vouchers for different courses motivate hackers to participate. Adding to this, the availability of different category challenges from easy to hard also motivates beginners in the field.

🪖 Tell about your bug hunting with your university infrastructure — how did it happen, what was the hardest thing in the process, and what is your takeaway from that?

After gaining web security skills and having general look at my University website (portals e.t.c) it appeared too vulnerable. I managed to detect and submit SQL Injection vulnerabilities at different vulnerable parameters of the web application to the University security team. The security team had to respond to the fixation nevertheless it was a weekend. Luckily I was a part-time security engineer of a given company whereby we later signed a pen-test and successfully identified many other different vulnerabilities that were later fixed.

The hardest thing in the process is when I first approached the website and reported the vulnerabilities without authorization, hence my biggest time fear, later on, was to be jailed as many people I had consulted termed it as an illegal activity. The take-away from that was that before testing vulnerabilities in any kind of application, the Ethical Hacker should gain legal access and that’s most important in the process.

✍🏻 You also have published several great technical articles. How do you work on your them?

I perform detailed research all over the internet whereby I interact with different cyber-security write-ups, articles, blogs, and tutorials among many other resources after which I have enough content to publish in my article. I always try my best to summarize the content at hand and give out latest cyber-security tips.

In the publishing of my articles, I always do my very best to make sure they’re friendly to all cyber-security enthusiasts including beginners. To make it successful I try my very best to be informed about the current trends in the cyber-security field at large.

👊🏻 What is your biggest obstacle when writing your articles? How do you fight it?

Not feeling creative enough. Fighting this obstacle I go ahead and interact with many other different resources on the same topic at hand whereby I become more informed and hence confident about what am going to feed the cyber-security industry at large in my article.

☝️ What is one thing that you wish to learn?

Get more into web security and document vulnerabilities that have never been documented before.

🖇 Where do you find educational channels?

• Different tutorials all over the internet such as YouTube amongst many others.
• Write-ups From different security researchers and already disclosed vulnerability reports.
• Attending different cyber-security meetings regularly both physically and virtually.
• Personal research whereby I interact with different vulnerability labs.
• Interacting with different successful cyber-security researchers.
• Reading posts of cyber-security researchers all over the internet.

🧰 What professional or productivity tool you use most often?

In my article writing, sometimes I use premium Grammarly and most often I edit my work manually.

✨ Who is a person that inspires you to be who you are?

~ James Kettle (@albinowax) the director of research at PortSwigger inspires me a lot in web security by how he carries out his research and later on documents the vulnerabilities.