SecurityStories - 52 Weeks, 52 Stories

Story - 22: Featuring Pranit Garud

Through the SecurityStories series, Today, we are excited to bring forward the story of Pranit Garud, who is an information security expert from India.

Question: Could you briefly introduce yourself?

Pranit: I am Pranit Garud, also known as RootSploit. I have over 5 years of experience in various aspects of cybersecurity, including Red Teaming, Application Security, Smart Contract Auditing, Attack Surface Management, and OSINT. I am currently dedicating my time as a full-time Bug Bounty/Penetration Tester and Security Researcher.

Question: How did you get started in Cyber Security?

Pranit: During my college years, I developed an interest in hacking and began experimenting with Wi-Fi and phishing pranks with friends. As my curiosity grew, I began to focus on exploiting network & web application-based vulnerabilities and reporting them to organizations through bug bounty programs.

Question: What were the initial challenges and blockers you faced?

Pranit: Initially, I faced several challenges such as lack of basic knowledge and difficulty in finding resources. There were limited resources available on hacking, and not all of them were accurate or relevant. I overcame these challenges by finding out relevant cybersecurity books, bug bounty and CTF write-ups which improved my skills.

Question: What learning methodology did you follow or still follow?

Pranit: When learning anything, I rely on the concept of first principles and mental models.

Question: What all certifications do you hold, and what certificates would you recommend to the readers?

Pranit:

• Certified Ethical Hacker (CEH) v9
• Offensive Security Certified Professional (OSCP)
• Amazon Web Services Security Fundamentals

I would recommend readers to prioritize developing skills more than certification as in most of the real-life scenarios your ability to dissect the problems and find solution.

Question: What is your favourite thing to hack on?

Pranit: Web Applications & Recon are one of my favourite things to hack on

Question: What does your tool arsenal look like - Could you share some?

Pranit: It depends on the target scope, however, I use the below tools for most of my engagements:

• Subfinder, sublist3r, amass, ffuf, dirsearch
• Nmap, rustscan, mitm6, responder, impacket, greyhound, GoPhish
• Nuclei, Remix IDE, truffle, ganache And many more

Question: How do you cope with Burn Outs?

Pranit: To deal with burnouts, I do a few things that have worked for me:

• Create a hacking routine: Set regular working hours that are precise (For Eg: 3-4 hours per day)
• Exercise: Regular exercise may significantly reduce stress and burnout.
• Hobbies: Having a hobby that you enjoy might help you take a break from hacking.

Question: What would you advise the newcomers in Cyber Security?

Pranit: Become comfortable with not knowing anything”. I’ve learned multiple aspects of cyber security over the years, and each one demands a unique strategy and prior knowledge which is attainable once you are comfortable in not knowing anything and learning.

Question: How do you keep up with the latest trends in Cyber Security - Could you share your go-to resources?

Pranit: These are few learning resources I have followed over the years: Basics: TryHackMe Rooms, Pentester Labs Bug Bounty: HackerOne Hactivity, Intigriti Bug Bytes, HacktheBox Web Challenges Network: HacktheBox Boxes, TryHackMe Red Team: HacktheBox Labs - Dante, Offshore, Rasta Writeups/News: Twitter, Infosec Writeup, Linkedin

Question: What’s your life outside hacking?

Pranit: Outside of hacking I enjoy working out, riding and travelling.

Social Profiles

• LinkedIn: https://www.linkedin.com/in/pranit-garud/

• Twitter: https://www.twitter.com/rootsploit

Did you find Pranit’s story interesting and inspiring? Please share it with your friends and colleagues to spread the word.

We will be coming up with more exciting and inspiring stories Weekly.

Follow Me on Twitter