.svg){kind=icon}
.svg){kind=icon}
The Cobalt Pentester Spotlight highlights the fascinating journeys of our Cobalt Core members. Through interviews, we share their experiences, background, and insights into the world of an accomplished pentester.
1. What's your handle? Do you use more than one? Where did it come from/ What's the origin story?
I don't use a specific handle for my professional work. Instead, I prefer to be recognized by my full name, which ensures clarity and professionalism in all my interactions.
2. What got you into cybersecurity? How did you get into pentesting specifically?
My interest in technology started at a young age, driven by a curiosity about how things work and how digital information is protected. This led me to cybersecurity, where I found a perfect blend of challenge and problem-solving.
During my Master’s in Computer Applications, I delivered presentations on cybersecurity topics, which deepened my interest and encouraged me to explore the field further. I was particularly drawn to penetration testing–breaking down application security, finding vulnerabilities, and helping fix them. Thinking like an attacker to strengthen security is intellectually stimulating and rewarding, aligning perfectly with my passion for continuous learning and problem-solving.
As my interest in offensive security grew, I got into penetration testing through online courses, books, and Capture The Flag (CTF) competitions. This built a strong foundation in my techniques and tools. I gained practical experience through security internships and pentesting real-world projects, which helped refine my skills. Actively engaging with the cybersecurity community, attending conferences, joining forums, and collaborating with professionals reinforced my passion for pentesting and commitment to securing digital assets.
3. What exploit or clever attack are you most proud of and why?
Some of the exploits I am most proud of involved a comprehensive penetration test on a client's banking web application and another one on the bidding application:
CryptoJS Bypass:
Description: During a penetration test of a banking application, I discovered a critical vulnerability that allowed me to bypass the CryptoJS encryption mechanism using Chrome Developer Tools. The application relied on CryptoJS to encrypt every request to protect sensitive data in transit.
This exploit required a deep understanding of cryptographic principles and web security. Successfully identifying and bypassing the encryption mechanism in a banking application improved my technical skills and knowledge in cryptography.
Steps to Exploit:
- Inspecting Network Traffic:
- Using Chrome Developer Tools, I monitored the network traffic between the client and the server.
- I observed that all requests were encrypted using CryptoJS, but the encryption keys and algorithms were accessible in the client-side JavaScript code.
- Identifying the Encryption Key:
- By examining the JavaScript code, I identified the hardcoded encryption key and the encryption algorithm used by CryptoJS.
- This key was not securely stored and was easily retrievable from the client-side code.
- Decrypting Requests:
- With the encryption key and algorithm in hand, I used Chrome Developer Tools to intercept and decrypt the encrypted requests.
- This allowed me to view and manipulate sensitive data, such as account numbers, transaction details, and personal information, in plaintext.
- Crafting Malicious Requests:
- I crafted malicious requests by encrypting arbitrary data using the same encryption key and algorithm.
- These requests were accepted by the server, demonstrating that the encryption mechanism could be bypassed to perform unauthorized actions.
Business Logic Bypass in Bidding Process:
In a bidding application, I identified a flaw in the input validation process that only allowed numerical values but not decimal values for bids. By manipulating the request directly, I was able to bypass the client-side validation and submit decimal values. The application accepted these values, allowing me to place more precise bids and potentially gain an unfair advantage in the bidding process.
By bypassing the input validation to submit decimal values in a bidding application, I learnt the impact of business logic flaws. This finding emphasized the importance of robust input validation and server-side checks, and it improved my skill in uncovering significant security issues.
4. What is your go-to brag when talking about your pentesting skills?
My go-to brag is that I love finding unique vulnerabilities and digging into every part of an application, from hidden endpoints to small details that can lead to significant security gaps.
When I pentest an app, my first step is always full reconnaissance. I dive deep into understanding the app’s functionality to uncover hidden endpoints and explore all angles to identify flaws that could lead to serious issues.
5. Share a time something went wrong in the course of a pentest? What happened and what did you do?
I take a careful approach to pentesting to avoid unintended disruptions. I pay close attention to payloads, always use a Cobalt VPN, and only conduct aggressive testing like rate limit checks towards the end of an engagement. I am especially cautious with production applications and always consider the client’s timeframe.
6. What are your favorite tools or TTPs when conducting pentests? Why do you find them effective?
I do automated and manual testing to get the best results when conducting a pentest. Over the years, I’ve experienced many tools and scripts for web, mobile, network, and thick client testing.
For web applications, I start with reconnaissance using httpx, Aquatone, and Naabu to find live assets, followed by ffuf and dirsearch for hidden directories. Burp Suite Pro is my go-to, with DOM Invader for DOM clobbering and XSS, and Dalfox for automated XSS scanning. SQLmap speeds up SQL injection testing, while Nuclei helps check for known vulnerabilities. A mix of manual payload crafting and logic testing ensures deeper findings.
In mobile app pentesting, I rely on MobSF for static analysis, and tools like Frida and Objection for bypassing security controls, hooking functions, and analyzing API calls. I use jadx, apktool, and adb for reverse engineering.
I use Nmap, Naabu, Masscan, and Nessus for network and infrastructure assessments for scanning.
For thick client apps, I use Wireshark, EchoMirage, and TCPView for traffic analysis, ProcMon and Process Hacker for monitoring system interactions, and Ghidra or IDA Pro for reverse engineering. I also use Frida for hooking into running processes and Burp Suite/Mitmproxy for API interception.
I choose these tools for their efficiency and flexibility, as they help me cover all endpoints and functionalities of the application along with manual pentesting.
7. What are your favorite asset types (web applications, APIs, network, etc.) for pentests and why?
At first, all asset types are exciting because each presents unique challenges. I love exploring different attack vectors, which makes pentesting so engaging.
That said, web applications are my favorite asset type due to their variety of vulnerabilities, from XSS and SQL injection to hidden endpoints and business logic flaws. APIs are a close second, with flaws like misconfigurations and poor authentication.
Mobile applications offer challenges like insecure data storage and communication flaws. At the same time, thick client apps combine local execution and network interactions, making them a unique test of client- and server-side security.
Network pentesting is crucial for assessing infrastructure, services, and protocols vulnerabilities. While it’s all about securing the backbone of an organization, I find web apps and APIs more engaging because they offer complex, layered vulnerabilities that require a creative approach to solve.
8. What certifications do you have? Why did you go for those ones specifically?
I don’t hold any certifications yet, but I’m actively preparing for OSCP (Offensive Security Certified Professional) and working on my skills by doing various machines and CTFs. I’m focusing on OSCP first because of its hands-on approach to real-world penetration testing.
In addition, I’m working to attain AI/machine learning (ML) certifications. As AI and ML technologies evolve, I see them playing an important role in cybersecurity. I am excited to explore how AI/ML can be integrated with penetration testing and cybersecurity practices.
9. What advice do you wish someone had given you when you first started pentesting?
When I first started pentesting, I wish someone had advised me that patience and persistence are your best allies. It's easy to rush through an engagement, but sometimes the most valuable findings come after digging deeper, testing again, and thinking outside the box. Another piece of advice would be to continue learning and keep yourself updated.
Lastly, I have learned from my experience to focus on quality over quantity. It's easy to get caught up in finding as many vulnerabilities as possible, but taking the time to test and address the issues thoroughly. Also, we should focus on all the flaws, like low-severity issues that can be missed easily but can make a significant difference in the overall security.
10. How do you approach explaining findings to customers during a pentest? Is there a way you discuss your findings with customers? How do you ensure they have a quality experience?
When discussing findings with customers, I prioritize clarity and actionability. I explain vulnerabilities in a way that’s easy to understand, avoiding too much technical terminology unless necessary. I also provide context, explaining each vulnerability's risk to their business, not just its technical details. This helps the customer understand the severity and relevance of each issue.
To ensure a quality experience, I ensure the scope is clear from the start and address any queries during the engagement. This helps me dive deeper into the application and ensures nothing is missed. I communicate clearly, provide regular updates, and offer practical, prioritized remediation recommendations.
11. What is your favorite part of working with a pentesting team? What about working on your own?
Working with a pentesting team is rewarding because of the collaboration and the chance to share knowledge. Every team member has a unique way of testing, allowing me to learn different techniques. I gain new insights into interesting vulnerabilities and improve my approach in every project. I enjoy discussing findings, brainstorming different strategies, and learning from others' experiences.
I also enjoy working alone. I like going through the application at my own speed and spend more time on the interesting parts. Even when working alone, I always plan to cover everything within the scope of the project and the given timeframe. This way, I make sure that nothing gets missed. Solving problems independently and using my skills to get things done is satisfying.
12. Why do you like pentesting with Cobalt?
I like pentesting with Cobalt because of the dynamic team environment and the opportunity to work on various complex, real-world projects. The company nurtures a culture of continuous learning, where I can constantly challenge myself and improve my skills. I also appreciate the collaborative approach, working alongside talented professionals with diverse backgrounds, which allows me to broaden my perspective and explore new techniques.
What stands out is how Cobalt motivates the Cobalt Core team by showing trust in their skill set, and offering different rewards and kudos for highlighting their work. It’s fulfilling to know that my contributions are valued. Additionally, Cobalt strongly emphasizes quality and client satisfaction, which aligns perfectly with my values as a pentester.
13. Would you recommend Cobalt to someone looking for a pentest? Why or why not?
I highly recommend Cobalt for its expert team, commitment to quality, and client satisfaction. The company fosters a collaborative and learning-driven environment, which ensures thorough and effective pentesting. Plus, they trust and motivate their pentesters, creating a positive atmosphere that drives high-quality results on every project.
14. What do customers or the media often misunderstand about pentesters?
One common misunderstanding is that pentesters are only about breaking things or causing damage. Our goal is to find and fix vulnerabilities before malicious actors can exploit them. We are problem-solvers, not hackers with malicious intent.
Another misconception is that a pentest is just about running automated tools. While tools help, the real value comes from manual testing, creative thinking, and understanding the business context to assess risk.
Finally, some may think that pentesting is a one-time task, but in reality, security is an ongoing process that requires constant testing and updates to stay ahead of evolving threats.
15. How do you see pentesting changing in 2025 and over the next few years?
In 2025 and beyond, pentesting will evolve with the rise of AI and automation, streamlining repetitive tasks and allowing pentesters to focus on complex assessments. While these tools will help, human expertise will still be crucial for spotting subtle vulnerabilities. We will also see more focus on cloud security, IoT, and AI-driven threats.
16. What's your p(Doom)?
On one hand, attackers could use AI to automate attacks, find vulnerabilities faster, and adapt to bypass defenses, increasing the chance of security breaches. On the other hand, pentesters can use AI to automate tasks, like scanning for vulnerabilities, making the testing process faster and more efficient. However, AI might also miss complex vulnerabilities that need human creativity. The challenge will be balancing AI's power in both offensive and defensive strategies to ensure we stay ahead in cybersecurity.
