Aditi Singh, a 20-year-old ethical hacker from Delhi, received a $30,000 (about Rs 22 lakh) bounty for discovering a flaw in Microsoft's Azure cloud system. Aditi, who found a similar bug in Facebook two months ago and earned a reward of $7500 (about Rs 5.5 lakh), claims that both companies had a remote code execution (RCE) bug, which is still relatively new and isn't getting much attention.

Hackers can gain access to internal systems and the data they contain by exploiting such faults. Aditi points out that identifying bugs is difficult, and ethical hackers must stay on top of their game about new bugs in order to report them and still be eligible for payments. She, on the other hand, emphasises the importance of first getting information and learning about ethical hacking, rather than focusing solely on making money.

““An issue that I noticed two months ago has only recently been addressed by Microsoft. They haven't fixed all of them,” adds Aditi, who was the first to notice the RCE flaw and claims that it took the tech giant two months to reply because it was checking to see if anyone had downloaded the unsafe version. Before starting to look for a problem, Aditi recommends that individuals ask the company's support team if they have a bug bounty programme, and if the company verifies that they have, bounty hunters should go ahead.

Bug bounty hunters are mainly trained cybersecurity specialists or security researchers who scour the web and scan systems for bugs or holes that hackers can use to gain access and inform businesses. If they are successful, they are awarded with money.

Aditi reveals that when the RCE problem was discovered in Facebook and Microsoft, the developers created the code without first downloading a Node Package Manager — a subsidiary of GitHub where anyone may access the programmes from these firms because they are open-sourced. "Developers should only write code after they've obtained the NPM," she advises.

Aditi has been involved in ethical hacking for the past two years. She began by breaking into her neighbor's WiFi password (which she considers a personal achievement), and she hasn't looked back since. “When I was studying for NEET, my medical entrance exam in Kota, I became interested in ethical hacking,” Aditi explains.“I didn't finish medical school, but I discovered flaws in over 40 companies, including Facebook, Tiktok, Microsoft, Mozilla, Paytm, Ethereum, and HP, to name a few." She has also earned letters of recognition from Harvard University, Columbia University, Stanford University, and the University of California, as well as being named to the Google Hall of Fame.

Aditi, who is self-taught and observes that anyone who can access Google and Twitter may become an ethical hacker, says, "I was confident I wanted to get into ethical hacking when I reported an OTP bypass bug in TikTok's Forgot Password section and won a bounty of $1100."

“There are numerous resources, including Google, Twitter, and Hacker One, that provide write-ups with ethical hacking explanations,” Aditi explains. She goes on to say that after hacking into the company's application, she got hired for a position. “They didn't ask for my credentials; instead, they looked at my skills, and I was hired.”

Aditi points out that if people want to master advanced hacking techniques, they need be familiar with a programming language, such as Python or JavaScript. She also recommends OSCP, a credential programme geared at assisting ethical hackers. When you ask her where she spends her "bounty," she claims the majority of money is spent on hacking tools or certificate courses in hacking.