Any advice on finding anything but low hanging fruit?
Posted in BugBounty Discussion by @monkeyman




monkeyman

Researcher

I'm not sure if it's a mindset thing that's messing me up or not, but I can't seem to find anything other than trivial bugs. I've tried just sticking to one program for a couple months and just reading documentation on everything, but in the end the result was 5 months of nothing and 2 invalid reports.

I've been trying my hand at bug hunting for about 3 years now, but it seems that the only bugs I can find are ones that are really trivial.

I was wondering, what mindset do you guys have when really trying to crack something that seems unbreakable on the surface? Do you stay on one promising looking request for months on end? Do you read RFC's on everything that's even remotely relatable? What check boxes go off in your head that makes you think, "This can't be exploited."?


Posted on 2018-12-04