SecurityStories - 52 Weeks, 52 Stories

Story - 16: Featuring Godson Bastin

Through the SecurityStories series, Today, we are excited to bring forward the story of Godson Bastin, a seasoned CTF player from India. So let’s jump straight into learning more about him and from his experience.

Question: Could you briefly introduce yourself?

Godson: Hey all! I am Godson and go by the username @0xGodson over the internet. Right now doing my bachelor’s in computer application. I mostly work on pentest projects, helping build securebinary.in. I do research in my free time about browsers and javascript. I love working for/with open-source projects. I also love playing CTFs. You can find my blogs at https://blog.0xgodson.com, and you can try my challenges at https://ctf.0xgodson.com and sharpen your exploitation skills 😉

Question: How did you get started in Cyber Security?

Godson: Like everyone, everything started when I got into a random conversation with my friends during my school time about “hacking”. Those days, I didn’t have a laptop or a good internet connection. I googled a lot about hacking and saw some random blogs with code I didn’t understand. So, I started learning programming before everything. I used to start learning programming with the phone. Then I got a laptop after a year, learned networking, Linux, and programming and got some internet community friends, which greatly affected my learning curve. I played HackTheBox, TryHackMe, and portswigger labs with them as a hobby. I loved that period and decided to continue my journey. That’s how I started my career. I recommend getting some friends if you are beginning 😁

Question: What were the initial challenges and blockers you faced?

Godson: I didn’t face any blockers when I started because I spent $0 till now to learn something. Everything is free there. But my university used to be a blocker, and I felt like wasting 8 hrs/per day for nothing. So, I quit and joined correspondence education. I don’t recommend stopping university unless you believe you can spend your time in a more meaningful way 😄

Question: What learning methodology did you follow or still follow?

Godson: I don’t have a specific methodology. But first, I will try googling about that before getting started. Then reading documentation and getting hands-on experience along with documentation always helps me. I used to follow this, and I still follow this 😄

Question: What all certifications do you hold, and what certificates would you recommend to the readers?

Godson: I don’t have any certifications. I don’t recommend doing any certifications (a bit controversial topic). But it’s okay to have certificates. I believe certifications are to prove skills. There are many other ways to demonstrate the skills. Still, it depends on the individual’s learning mindset.

Question: What is your favourite thing to hack on?

Godson: I love spending time on Javascript, DOM, and Browser Client Security, which I find super interesting. Apart from this, I love Source Code Review Because it’s challenging and help me to learn about a specific language deeply.

Question: What does your tool arsenal look like - Could you share some?

Godson: I do not have personal automation tools. But I do have some automation scripts. So I created those scripts to automate the recon process and organize the collected data.

Most of the tools I use are public tools from projectdiscovery’s, tomnomnom’s tools, s0md3v’s tools and so on.

Right now working on an automation tool that finds DOM Based Vulns (no false positives) like DOM XSS, Prototype Pollution, CSTI and so on. Planning to make it open source soon after completing it.

Question: How do you cope with Burn Outs?

Godson:s Taking regular breaks and spending time with family and friends can help to overcome burnout. If I lack the motivation to hack, I spend my time learning something new instead of hacking. I play the piano in my free time, which always helps me to calm down.

Question: What would you advise the newcomers in Cyber Security?

Godson: I recommend newcomers explore every side of cyber security. If they can’t find themselves on the edge of their seat at any point during this process, then I don’t recommend continuing the cycle. Because it would be hard to work on cyber security without passion. I recommend finding out if they are passionate about cyber security or just about money. If they are passionate about computers and tech, then spend more time on your passion and trust the process

Question: How do you keep up with the latest trends in Cyber Security - Could you share your go-to resources?

Godson: Twitter and Writeups. I am following some great researchers on Twitter, which helps me to stay updated. Apart from Twitter, I follow pentester.land to catch the most recent writeups, and I always focus on CTF writeups. Because it never failed to teach something new

Question: What’s your life outside hacking?

Godson: It’s not great, but I plan to improve this year by spending more time with family and friends and planning vacations.

Social Profiles

• Twitter: https://twitter.com/0xGodson_
• Github: https://github.com/0xGodson
• LinkedIn: https://www.linkedin.com/in/godson-bastin-378269225/

Did you find Godson’s story interesting and inspiring? Please share it with your friends and colleagues to spread the word.

We will be coming up with more exciting and inspiring stories Weekly.

Follow Me on Twitter