This month’s Pentester Spotlight features another member of the Malhotra family. Last month we featured Goonjeta; now let us introduce you to her brother Herane.
Herane’s journey into pentesting started in 11th grade when he could change all the Admin passwords for all the PCs in his school computer lab, and then he was off in his hacking career. During his first year of college, he encountered bug bounties and found a high vulnerability in Microsoft’s application.
“My expertise lies in identifying logic flaws which can lead to Account Takeovers,” he said. “Reading research reports from other researchers has always helped me increase my knowledge, and I always think - what would I have done had I encountered this bug? This thinking process has helped me bypass the fixes for many bugs.”
Account Takeovers are also his favorite kind of attacks. He likes that there is always a possibility of taking over an account by chaining authentication-related bugs with business logic flaws.
Time at Cobalt
Herane turns to Twitter, Youtube, and Medium to stay up to date with the industry, and that’s how he found Cobalt. He joined the Core in June of 2021.
“I love that we researchers get to interact with the client directly, understand their assets, and perform the pentest accordingly,” he said. “Being a lead also allows me to guide and interact with the new pentesters.”
When working with customers, Herane wants them to know that they will have a pentest unlike any they’ve had before.
“They’ll get regular updates on the tests performed and bugs identified,” he said. “This will help them increase the security posture of their applications and other assets.”
As a Lead in the Core, Herane has proven himself a natural leader and teammate. To those interested in joining the Core, he has this to say:
“Get ready for some amazing experiences and sharing knowledge with everyone,” he said. “Cobalt core is a very friendly community of cyber security experts. Feel free to contact the TPMs, content team, and other pentesters; they all are super friendly and helpful.”
Being in the Core is extra special for Herane because he gets to work with his sister, Goonjeta. She joined a couple of months after Herane in November of 2021.
“She is exceptionally talented, and working with her is great,” he said. “A lot of times when we are hacking together, we come up with amazing ideas, which has often led to some unique and interesting bugs with high bounties. She is a great hacker, and I enjoy collaborating with her.”
Personal Life
Herane also has a popular Youtube channel with over 100k subscribers, where he shares his journey in cybersecurity along with other related topics. He currently lives in India, where he appreciates how many cybersecurity researchers live there.
“I believe that I can learn new things very quickly, he said. “Not just related to cybersecurity, it can be related to music, sports, YouTube, and cooking. I am also very adventurous and love exploring new places and meeting new people.”
