We interviewed teenage hacker Ritik Sahni in September last year. Back then Ritik was a 14-year-old budding ethical hacker. He was following this passion for cybersecurity by teaching himself ethical hacking principles. Before long, he was an active bug bounty hunter. Six months on we catch up with Ritik [Twitter: @RitikSahni22 ] again to see what he's been up to.
Ritik's sudo apt-get update:
I'm now 15 years old and still pursuing bug bounty hunting as passionately as I was six months ago! I am now a CTF Player from the team SECARMY, where I go by the alias 'http.deep'. I've been into CTFs since August 2019 and I still have to learn a lot. But it's all made easier thanks to the team members who help me!
I like to keep myself busy and keep learning. I like learning about web security issues and exploitation. And I also like learning from other prominent ethical hackers. Hackers Nahamsec and Jason Haddix have been a huge inspiration to me. I follow them both closely and try to learn from them. I've watched many of their recon streams and improved my bug bounty recon skills as a result.
In terms of my bug bounty career, It's still in its infancy but I'm very proud of my achievements so far. I've helped secure companies like Dell, Amazon, Caviar, Geeksforgeeks, and Hola Networks. My mentor, @faceless_coder, has been with me since the very beginning of my bug bounty career and has been instrumental in helping me get to where I am today. The content creator Bitten Tech (Ansh Bhawnani) also helps and motivates me a lot when it comes to my hacking education.
Nowadays, I'm also working to develop some of my own tools which are both private and open-sourced. The tools I create are focused on saving time. Even if only a few seconds are saved, it can still make a big impact.
It was from watching recon streams that I decided to make a tool that extracts the Autonomous System Numbers (ASNs) of companies just by a hostname (If the company has acquired an ASN from internet registry.)
I developed ASN-Eagle. Recon on huge companies can be made a little easier by this tool as many big companies like Tesla and Dell have their own ASNs and my tool can trace them down using some API requests. I recently added my favorite feature to the tool. This feature can track down the IP Ranges belonging to the company just after it fetches ASN number - and it can do this in a matter of seconds!
ASN-Eagle is completely open-source and I look to contributions to it which can make the tool even better!
What's in Store for the Future?
I'm planning to work on more recon tools and frameworks in the future and I hope these tools can help the infosec community.
I also plan to increase my CTF and bug bounty skills in the future and dedicate my time to the work.
Thanks for following my journey!