From CTFs & vulnerable VMs to bug bounty
Posted in BugBounty Discussion by @katsuragicsl




katsuragicsl

Researcher

Don't know how did you guys come to bug bounty, but I came from CTFs and vulnerable VMs.

I was playing with CTFs and VMs (like those on vulnhub) before I hunt for bugs in bug bounty programs. I found that bug hunting is muchhh difficult. I can solve many challenges with time and perseverance, but when I hunting bugs, I am able to find some text injection(N/A for most cases) and a few XSS on some infamous programs with no bounty (and no one want to touch them). There is a big gap between CTF/vulnerable VM and bug hunting. I think I got stuck.

So I wonder how do you guys overcome this problem? Looking for different types of bug? Different programs? Or something else?


Posted on 2018-11-26
Edited on 2018-11-26 at 02:12:37pm (GMT)



monkeyman

Researcher

I started off my security journey with ctfs as well and I understand where you're coming from. It feel like ctf's kind of train you to be in the wrong mindset maybe? I don't know.

I'd be interested in what successful hunters think about this.


Posted on 2018-12-04 at 09:28:14pm (GMT)