It’s a proud moment for an Indian girl named Aditi Singh who has pointed out a major bug in the system and for that she has received an award of $30,000 (Rs 22 lakh approx) by Microsoft. The tech giant rewarded the ethical hacker for detecting a bug in the Azure cloud system.
This is not the first time she has done this. Earlier, Aditi found out about a similar bug in Facebook two months ago. This bug is a remote code execution (RCE) which Aditi has discovered in Microsoft’s Azure cloud system, as per the report by India Today.
This RCE bug in Microsoft Azure was found out by Aditi two months back, and the details were informed to the company. However, that didn’t fetch any kind of response as the company was busy checking if anyone had downloaded the insecure version of the system, the report added.
Explaining the reason behind the RCE bug, Aditi said that developers should have first downloaded a Node Package Manager instead of writing the code directly. “Developers should write codes only after they have the NPM,” Aditi was quoted as saying.
Aditi also revealed how she entered into ethical hacking, where she has been working for the last two years. She recollects her first hacking incident where she somehow hacked her neighbour’s Wi-Fi password. After that incident, she started showing interest in ethical hacking when she was preparing for her medical entrance exam, NEET. While she didn’t get through medical school, she did find bugs in over 40 companies including Facebook, TikTok, Microsoft, Mozilla, Paytm, Ethereum and HP. Aditi really became confident about ethical hacking after she found an OTP bypass bug in TikTok’s Forgot Password system.
Aditi further revealed how people showing interest in ethical hacking can find so many resources available online. She added that to get into advanced hacking one must know a programming language. Aditi also suggested OSCP, a certificate course for ethical hacking.
Before Aditi, another Indian Mayur Fartade was awarded $30,000 for finding a bug on Instagram that could have allowed malicious users to view what he called “targeted media” without following a user, by making use of the Media ID.