The Hacker we’re featuring today is a remarkably charitable White Hat Hacker and a distinguished Bug Bounty Hunter from Pakistan. He was recognized numerous times by Facebook, Microsoft, Google, Mozilla, LinkedIn, and other well-known websites. He was also the former number one hacker on HackerOne’s Hall of Fame and currently holds the most number of acknowledgement of any researcher worldwide which grosses up to approximately 250+ acknowledgements.
Meet Shahmeer Amir, Founder and CEO of the Charity Hackers Association (CHA) which specifically formed to raise money from the Information Security Community for emerging causes around the world. He is also known as an author of two research papers, Modern Wireless Attacks and Attacking the Web with Logics (Currently in publication).
- How did you start in Penetration Testing?
By academic profession I am not a Hacker, I am actually an Engineer and holds a Bachelor’s Degree in Electronics Engineering. But Hacking have always fascinated me as an art. About two and half years back, I attended a seminar on Hacking and Exploitation in my University where the speaker’s talk motivated me to enter the field. It was only later I came to know that those were mere deceptive words, but it was at that time I decided to learn Penetration Testing.
2. What motivates you to participate in Bug Bounty Programs?
I believe that we are present on this earth for a purpose, and I also believe that my purpose of existence is to help others. As most of the people of the community know, I have the usual habit of donating my bounties to reputed NGOs, as well as serving people who ask me for help. It is that idea of becoming a bridge to help other out that motivates me to participate in Bug Bounty Programs, and gradually keep my knowledge upto date. It is also the very reason I started Charity Hackers Association (CHA).
3. What was the biggest or coolest Security Vulnerability you’ve found in your bug bounty journey?
My specialty is Business Logic Flaws, and it is also something I enjoy finding because to break an application with the developer’s logic itself is challenging. One of my most cherished findings was the recent Command Injection Vulnerability I discovered in Apache, it was noted and mentioned in reputed platforms and study journals of universities around the world.
4. What is your favorite hacking tool for searching security vulnerabilities?
My brain!
As I am fond of business logic flaws, I don’t believe any tool out there would match the potential as to one’s brain. Although I think we all would agree that BurpSuite is the best tool to be used in Web application testing. But still, its modules are what I mostly use to observe requests in responses.
5. Do you have any advice for White Hat Hackers considering getting into bug bounty programs?
Yes! I do. When one develops the crave for wealth, life loses meaning. The idea that to give what is most precious to you, is the most noble of all. Hackers earn bounties and develop the sense of greed to have more. I think if my bounty can help someone get a home, get education or even a night’s bread, then it would be of more use than fulfilling any of my needs. I urge all bug bounty hunters to donate an integral part from what they earn, and for this very reason, I am taking Charity Hackers Association (CHA) up a notch to help hackers get their donations in the right direction.
As the interview end, Shahmeer proved that hackers are not bad people just as how the society usually sees them. He also proved that hackers can be charitable while dealing with their own struggles in life. Kudos to you, Shahmeer. Keep up with this guy on Twitter, and stay tuned for his next activities!
