Is it actually possible to make any good money doing that or am I better off doing surveys or some shit for money on the side lol
Is it actually possible to make any good money doing that or am I better off doing surveys or some shit for money on the side lol
Never done any myself, but I believe it’s possible to make decent money at it if you know what you’re doing–but that requires some familiarity with computer and/or network security; they’re not just paying for finding any old bugs, they only pay for exploitable vulnerabilities (and they will often argue about what is and isn’t exploitable). There are also legal risks to be considered; if you accidentally access sensitive data in the process of vuln-hunting, you could be at risk of prosecution, and there can be legal risks in communication/negotiation with the company, too (though I’m not really too knowledgeable about what those are, tbh).
Thanks for the input. I think I’m gonna look into it I just don’t wanna spend hours and hours trying to find stuff to no success :(
Worth checking out; the jhaddix methodology
https://youtu.be/uKWu6yhnhbQ?
Also, on YouTube either nahamsec or The Cyber Mentor had a good roadmap for getting started and what websites to sign up with.
Thanks for the link, I’ll check it out! (also thank you for removing that tracking code lol)
Welcome. Lol, yeah, I miss hexreplybot.😞
If you’re going to give it a try, I would recommend giving fuzzing a shot; it’s a very effective way to find interesting and potentially exploitable bugs. I’m not too familiar with the tools these days, so I don’t know if there are fuzzers you can just download and start messing around with, or if you still need to roll your own to effectively target the full attack surface of the application you’re interested in, but I imagine there are plenty of resources on the subject online.
I think there are fuzzing libraries you can use but in the end you still have to write a way to interface with the application somehow. I’m not too familiar either.