Orwa Atiyat (OrwaGodfather) climbed the hacker ladder quickly after starting his bug hunting journey just 3 years ago. Since then, Orwa has been awarded for both MVP and P1 Warrior, Top Bug Hunter: LevelUpX Champion Buggy Award for the 2022 year, and was most recently a part of the winning team, Tess’s Squad in the 2022-23 Hacker Cup as Team Captain. As a hard worker dedicated to increasing security globally, Orwa’s journey is not only inspirational, but insightful as well. Buckle up for this month’s Researcher Spotlight!
“The road to cybersecurity is little different for everyone. I was never good at hacking and I did not obtain any scientific qualifications or any certificate in this field. So, I watched the th3g3nt3lman video on the BC YouTube channel about a GitHub topic. It was really cool and easy to understand, so I immediately started looking for leaks and I got 6 bounties in the first month. In my first 3 months, I didn’t understand the meaning of sub domain or domain or ports or anything else but after that, I started reading and watch everything connected with bug bounty topics.”
Don’t walk, run to the Bugcrowd YouTube channel to start learning how to hack. 🏃
“I have wanted to be in this field all my life, but the person who first sparked my interest in hacking was my brother, th3g3nt3lman. I said to myself, ‘Yeah, nothing is impossible; I can do something’…”
The right mindset to achieving your goals: “I can”.
“I started in 2020 (3 years ago), hunting and learning at the same time.”
When it comes to hunting, learning will be a constant. Keep learning, keep growing.
“In fact, bug bounties have completely changed my life. Before bug bounty, I was drowning in debt, but in 3 years I was able to pay off the debt, travel for tourism many times, own my own home, and help my family.”
If this doesn’t inspire you, we don’t know what will.
“I hunt full-time, but at the same time I do not exhaust myself. So, I hunt about 5-6 hours per day and the rest of the time I spend with family and friends.”
“There are many challenges but most of them are the feelings of being distracted by the huge number of programs on the table, as there is competition everywhere. I was able to overcome this challenge by putting my focus on certain types of programs and collaborate with friends to divide the tasks. However, do not lose your focus by working on many platforms and programs at the same time. Choose a place where you find comfort to work.”
“I use a lot of tools all the time, just in recon part subdomain enumeration, port scanning, etc. But, for testing, dorking on google/github/bing, Burp Suite, and nuclei with specific templates. Create a special template for each vulnerability that you have discovered and run this template over nuclei on all programs. Finally, the best place to learn is to watch the community’s Twitter posts. Here you can find all the useful tools in hunting and indexed.”
Bookmark that page for a go-to resource. 👆
“1: Focus on information disclosure bugs, 2: Focus on IDOR bugs, 3: If you don’t have background in JS language start learning JS. No one was born an elite hacker, so never give up. Thomas Edison conducted 1000 failed experiments. The 1001 experiment was the light bulb. You will got a lot of N/As – duplicate reports at some point. Accept it because every N/A – duplicate report is one step closer to success.”
“Learning web languages and how to write excellent reports.”
🧑💻✍️📝
“Sleep well, gym, and most importantly, don’t be an introvert – sit with family and friends. If I’m about to finish finding a bug and I feel exhausted or tired, I stop immediately and go take a break or watch something on TV. Also, after finding a bug, I don’t report directly, I take some time to rest. After I rest, I start sending the report.”
“I see myself finding more bugs/0days and being distinguished, loved and helpful to many both new and old hunters, I would love to see everyone win. A goal I have is Marriage, but I’m still looking for the right wife 😊.”
All the single ladies, all the single ladies. 🎶
“The answer will be a bit long and I advise everyone to read it. I want to point out that I have hacked on many platforms, but Bugcrowd platform is absolutely the best for me, for many reasons and I will mention some of them…
And more wonderful things, but I need at least 4 pages. From here, I want to thank all the Bugcrowd team especially Tal, Timmy, Jordyn, Rami, Tatiana, Wilson.”
As the Bugcrowd team, we appreciate your resilience in pushing limits to reach your goals.
“I do not have any certifications that qualify me to work in this field, so I am continuing hunting to get more bounties.”
“A natural and wonderful life. I sit with the family and go out with friends, watch parties, but the most important thing is that I spend a lot of time with the children at home. I love them a lot.
I donate 20% of every bounty I get to help people. In the past, I suffered from poverty, so I could not complete my studies and did not obtain certifications. I didn’t want to watch other people suffer from the same thing, so every year I pay the university fees for two people who can’t afford the fees. Thanks to God, so far in 3 years, I have helped 6 people complete their studies at the University.”
“I have 3 heroes…
In life: My mother
In success: Denzel Washington
In hacking: My brother, Majd [th3g3nt3lman]”
“My main profession is a chef. At the beginning of bug hunting I was cooking and hunting in the same time from my phone and I remember two funny things that happened at that time. I was roasting the chicken in the oven and at that time I found a critical bug and immediately started reporting from my phone. When I finished writing and sending in the report, I found that the chicken had burned, but it’s ok, still a critical bug I reported, LOL.”
“I want to end this writing with words that I like, when you ask for strength, god will not give you strength, god will give you difficulties to make you strong. When you ask for wisdom, god will give you problems to solve. When you ask for courage, god will give you dangers to overcome. When you ask for patience, god will give you situations where you are forced to wait. When you ask for favors, god will give you opportunities. When you ask for everything so you could enjoy life, god will give you life so you could enjoy everything.
Never give up, never back down. Believe in yourself and be patient. Thanks All!”
Orwa is a great example of what hard work looks like. We are proud of all the milestones you’ve reached so far and can’t wait to see where your journey takes you next.
Want to stay caught up with all things Bugcrowd? Follow us on Twitter and Instagram and don’t forget to join us on Discord! Are you ready to join the hunt? Sign up for a researcher account today and start your hacking journey!