We’re thrilled to introduce our new Head of Hackers, Soti Giannitsari!
In her previous role as Head of Community at HackTheBox, Soti played a pivotal role in expanding one of the world’s largest Capture The Flag (CTF) communities, interacting with hackers on a daily basis. As she joins Intigriti, Soti will be instrumental in creating an exciting environment for cybersecurity talent to secure companies in the real world and monetize their skills through bug bounties.
On her first day, we had a chance to sit down with Soti and ask her seven essential questions about her insights, experience, and her plans for nurturing Intigriti’s community.
0xQ1:Hello Soti! How does someone grow up to become a hacker community leader? Can you tell us a little bit about yourself and how you ended up here?
Hi there! To be honest, finding myself in this position was quite unexpected. My initial aspiration was to explore the world of hacking and breaking things, yet somehow, I found myself representing and assisting people who shared my fervor for this field.
It all began in 2013 when I was pursuing a degree in Computer Science at the university, and we were introduced to the intriguing realm of Cyber Security and hacking. This was my first encounter with tools like Kali, nmap, metasploit, and Burp. Through this journey, I gained a deep appreciation for the significance and far-reaching impact of cybersecurity. This impact extended beyond the realm of IT and corporations; it affected individuals in profound ways. I realized that I could earn a living by both breaking and protecting people’s digital assets, and this revelation left me utterly captivated.
Soon, I began interacting with fellow hackers on forums, in competitions, and at university. We shared a common passion and decided to unite, forming a hacking team we named “Aggressive Cake.” Our weekends were dedicated to our shared love, as we congregated in my dad’s office (who happened to be an architect) for intensive study sessions. Not only did we refine our skills, but we also reached out to others who shared our enthusiasm, creating a platform for knowledge exchange and support. Each member specialized in a different facet of hacking, from Windows Exploitation to Pwn, Forensics to Web, and more. We took part in competitions and gradually climbed the ranks on CTF Time. Our practice spanned various platforms like OverTheWire and VulnHub until the inception of Hack The Box in 2017, which we eagerly embraced, even contributing as volunteers.
Therefore I cannot thank and appreciate enough the rest members and hacking mentors of Aggressive Cake. Now they are known security researchers and red team experts around the world. They remain humble while still inspiring people: Eks, Securosophy and InfidelCastro.
My journey continued with two years of experience as a System Administrator and three years as a penetration tester. In 2019, the founders approached me with a unique proposition: extend the same assistance I had provided to my small team, Aggressive Cake, to the global hacking community. Guiding hackers worldwide in finding their first job in Cyber or becoming Bounty Hunters became a dream I never knew I had. Being a woman from a modest background, I aimed to create a secure, inclusive, and equal-opportunity community where skills were the sole criteria, and mutual support was the norm. The vision was to take the collaborative spirit we nurtured in my dad’s office and share it with the world. It worked beyond my expectations.
Now, with an abundance of passion, fresh insights from the gaming industry, and an unwavering love for cybersecurity, I stand here today, eager to connect with and empower Bounty Hunters and Security Researchers through Intigriti.
0xQ2: *Beep Beep!* Your hacker nickname is r0adrunn3r. Do you hack as fast as the cartoon character, or how did you come up with that name?
One thing I have come to understand about myself is that I’m not particularly fast, at least not by my own standards. When I have performed a task countless times, I can navigate it with the swiftness of a seasoned pro, like WannaCry spreading through a network. However, when faced with something new or unfamiliar, I take my time and delve into thorough research. I can vividly recall my former manager, Vasilios Maritsas, exhorting me with a spirited “Faster, Soti, faster!” during an onsite Red Teaming mission, when I found myself mired in the complexity of numerous domains. Ironically, the origin of my nickname stemmed from my passion for running.
Given that our profession often requires long hours of sitting, even during the adrenaline-charged moments of hacking, I had to find an outlet for my restlessness when I felt stuck. That is when I turned to running – a physical escape that cleared my mind and helped me regain focus.
So, in 2014, when I and my fellow hackers were brainstorming nicknames for the formation of “Aggressive Cake,” I aimed for something light-hearted and entirely unrelated to hacking. As I pondered, it struck me that the one distinctive trait separating me from my hacking comrades was my penchant for going for a run when the going got tough. That became my chosen nickname, and as I searched online, I stumbled upon an image of a spirited pony amidst a shower of confetti, and it felt strangely fitting.
Now, after nine years, I still carry that image, that nickname, and the age-old habit of seeking solace in running when faced with challenges. It has become an integral part of who I am.
0xQ3: The hacker community can be quite diverse. How do you plan to foster an inclusive and welcoming environment for hackers from all backgrounds and skill levels at Intigriti?
First and foremost, inclusiveness should be viewed as a mindset, not just a pursuit of numerical diversity. It is not about forcing people from diverse backgrounds into the hacking community just for the sake of statistics. Instead, it is about making the existing community open, safe, and welcoming for everyone. In a hacking community, what should set individuals apart are their passion and curiosity, not their race, gender, or skill level.
Speaking of skill levels, knowledge only emerges after extensive practice. Every hacker starts as a complete novice, and even the most accomplished bounty hunters acknowledge that there is always someone more skilled. With that in mind, the possibilities are boundless, and the only limiting factor is the time one is willing and able to invest.
When it comes to the rest, we will persist in fostering an inclusive and equal-opportunity mindset. Bullying or discrimination based on identity have no place in a community filled with individuals who need to think creatively. If someone chooses to engage in such behaviour, that is their decision, but it is also our prerogative to maintain a secure, joyful, and global community. Respect for others, regardless of their background, is essential, and in hacking, the only criteria that truly matter are skills, exploits, and best practices.
Communities can be likened to a pastry recipe. Each one is remarkable in its own right, but when diverse elements come together in a harmonious exchange, they can create a true masterpiece.
0xQ4: You’ve travelled a lot in your previous job to meet hackers all across the world! What are the most fascinating people you met along the way and what did you learn from them?
Ι must emphasise one crucial point: exceptional hackers, those with an impressive tally of zero-day discoveries and substantial bounties, invariably display remarkable humility. Their motivations extend beyond mere financial gain, and they refrain from boastful behaviour. Moreover, they underscore the indispensable qualities of patience and unwavering persistence.
I distinctly recall an encounter with Orange Tsai at RomHack, during which I queried the duration of his pursuit of a particular vulnerability. His response was illuminating, as he revealed that he had dedicated a substantial six months, if not more, to this endeavour. This highlights the commitment and tenacity required to excel in this field. A similar experience unfolded when I crossed paths with wald0 at Insomnihack. Oblivious to his identity, I complimented his talk about Bloodhound, and mentioned that wald0, co-creator of the tool is one of my favourite hackers. To my astonishment, he casually replied, “I’m somewhat familiar with him; it’s actually me.”
Meeting Carlos Polop in person presented yet another revelation. His cheerful and approachable way contrasted starkly with the image of the mastermind behind LinPeas.
Turning to 0xdf and ippsec, they exemplify exceptional kindness and humility despite their influential video content and research, which have helped countless individuals, including myself, secure their first jobs in the field of cybersecurity. They have imparted the valuable lesson that one truly comprehends a subject when capable of explaining it in the simplest terms.
A special acknowledgment is due to another source of inspiration, Stok, who consistently maintains authenticity. He readily admits when he lacks knowledge and, when he does, approaches matter with professionalism, offering support and assistance. His unwavering commitment to his unique style as a content creator is commendable, matched only by his enduring humility.
John Hammond offered me a vital lesson in the significance of multitasking and the undeniable reality that even proficient hackers encounter failure. It is worth noting the uncanny resemblance he bears to Ed Sheeran. Furthermore, Ben, also known as Nahamsec, has proven that one can embrace a cool, fun-loving persona while remaining a dedicated and capable hacker.
Lastly, I had the privilege of meeting one formidable woman in the cybersecurity field, Lilian Ablon. From a young age, she demonstrated that women can and will transform the landscape of cybersecurity and also holds a black badge in Defcon.
In summary, it is essential to recognize that excellence in this domain is achieved through tireless practice, and when all is said and done, it all boils down to manipulating bits and bytes.
0xQ5: Bug bounty and CTFs are alike, but absolutely not the same! What are some aspects the bug bounty scene can learn from the CTF world?
Persistence is a fundamental trait in the world of Capture The Flags (CTFs). You are aware that a flag is hidden somewhere, but the challenge lies in locating it amidst a sea of uncertainties. In the realm of bounties, the outcome is even less certain; you embark on a quest without the assurance of discovering anything. Nevertheless, a golden rule prevails within a given time, nothing remains impervious.
The CTF domain is sometimes labelled as surreal, but my personal experience has shown me that the developers and system administrators who set up the very systems we attempt to breach exhibit a level of creativity and imagination akin to Picasso’s masterpieces. Expect the unexpected! Different technologies, unpatched versions, unfiltered inputs, and bespoke misconfigurations lay in wait.
Furthermore, the rabbit holes encountered in CTFs and the extensive research that may initially appear to go unused hold substantial value for the future. This is a veritable fact! Even if it seems like your efforts are in vain during that period, rest assured, it will prove beneficial at some point down the line.
0xQ6: The world of cybersecurity is always changing. How do you stay up to date with the latest trends, tools, and techniques in the field, and how do you plan to encourage continuous learning among hackers at Intigriti?
To stay at the forefront of the hacking world, I rely on three key methods. First, I turn to Twitter, where threads and discussions are invaluable sources for staying updated on the latest hacking news and connecting with new researchers. Following that, I faithfully follow YouTube channels and blogs that consistently offer insightful research, enabling me to both witness their findings and replicate their techniques across various platforms.
However, the most crucial step is getting your hands dirty and diving into the world of unguided exploration. We are fortunate to have a platform here at Intigriti that provides free access to innovative technologies and state-of-the-art applications, all within a secure environment. It fosters an open community where learning can translate into additional income.
These three approaches are my top recommendations for staying informed and growing as a hacker. Learning from researchers and putting that knowledge into practice within our platform while engaging with the community is the path to progress. Even if the worst-case scenario unfolds, where you fail despite acquiring a wealth of knowledge and forging numerous connections, I am all in!
0xQ7: Many aspiring hackers look up to experienced role models like yourself. Can you share any advice for those who are just starting their journey in cybersecurity and bug hunting?
Those who refrain from trying or putting in the effort are the ones who never experience mistakes or failures. Attempting something new invariably involves errors, but those errors serve as stepping stones to invaluable experience – a lifelong asset in your arsenal. Remember, you are neither the best nor the worst, so avoid comparing yourself to others. Much like in disciplines such as Yoga or running, your journey is uniquely yours. Embrace your pace and your path and persist in doing what you love.
Seek inspiration from the world around you; it is everywhere. Whether it is derived from movies, anime, the natural world, or the melodies of music, there is an abundance of sources waiting to infuse your life with positivity. Craft an equation of life that includes elements which resonate with you, bolster your sense of self, and enhance your hacking journey. With this approach, you will undoubtedly achieve wonders!
Thank you Soti for this interview! We look forward to see your contributions to the Intigriti community!