Interview With Rodolfo Assis (BruteLogic) - Security Researcher From Brazil

You have probably heard of Hackerone, A platform that allows you to report a vulnerability/flaw to the Company if listed on the platform and rewards you, BruteLogic is one of those hackers making those products secure, He's quite popular among the Industry, So I Interview in other to share how he started into bug bounty and share his personal views with us.

Also ReadInterviews With Ethical Hackers And Security Researchers From Different Countries

Hi Rodolfo, Tell us a bit about yourself

I'm a self-taught computer hacker from Brazil known as "Brute" for quite some time in Twitter hacking community.

How did you get started into hacking and bug bounty?

I did start on hacking when working at a power company at their IT department here in my country. I really never started in bug bounty, just reported some bugs few times in those programs and helped some people with their reports.

Can you tell about your area of focus and why you choose that area?

My current area of research is XSS and client side web vulnerabilities. I did choose that area because I was in need to really understand it and saw an opportunity to not just learn but also to contribute to the development on that field.

Can you tell us about your company?

The Brute Logic company is coming to create tools and content for infosec community in a professional way. Because I do research on that field, with time I felt the necessity of turning this knowledge into something that could bring an edge to someone. For bug hunters, that is extremely welcome! So there comes KNOXSS, a project of mine which became too big for a single person to handle and the ultimate reason to build the company.

What motivates you in starting an infosec company?

It's an old dream, to have my own security company because it's what I love to do. But what really made me start it now was KNOXSS, my XSS online tool and the need to make it bigger and better.

What were the challenges in your journey on starting infosec as a career and how did you overcome them?

Basically the main challenge was to find a job on infosec! But thanks to Twitter (which gave me visibility) and the support of hacking community (which always appreciated my work there) it all worked well.

What, In your view will be most in-demand things from your area and should be focus on?

I work in the offensive side of the things. So for me it will be bypass, for sure. With WAFs becoming common in security ecosystems along with better browser security measures like CSP, bypasses will be more and more valuable to achieve the intended outcome, as a true attacker to cause harm or as a bug hunter to prove impact.

What, In Your view can you say about the infosec industry in general?

I think it's more about money and less about security. More about ego and fame and less about knowledge and improvement. More about white men and less about gender and ethnic equality. Summarizing, pretty much like any other industry!

How can one become an expert in your field of focus?

First, by having passion and dedicating himself to it. Second, by studying what already exists in the field, one starts to create his own understanding of the picture. Then after mastering the basics and being able to share to others, he/she can start to bring his/her own unique views to the field.

Can you tell us about Bug bounties Program and your personal views?

There are some wrong things with bug bounty programs mainly regarding transparency in my PoV, but the good things are far more important now for this industry and people there so I think it will grow a lot in the upcoming years and things will get solved eventually.

Apart from your regular Job, What other things are you doing?

I keep posting in social media, helping people online with their ethical hacking needs and running side projects like my blog and my cheat sheet.

What's your advice for the skids who are joining information Security?

Don't learn to hack, #hack2learn.

No comments

Powered by Blogger.