From CTFs &amp; vulnerable VMs to bug bounty
Posted in BugBounty Discussion by @katsuragicsl
Don't know how did you guys come to bug bounty, but I came from CTFs and vulnerable VMs.
I was playing with CTFs and VMs (like those on vulnhub) before I hunt for bugs in bug bounty programs. I found that bug hunting is muchhh difficult. I can solve many challenges with time and perseverance, but when I hunting bugs, I am able to find some text injection(N/A for most cases) and a few XSS on some infamous programs with no bounty (and no one want to touch them). There is a big gap between CTF/vulnerable VM and bug hunting. I think I got stuck.
So I wonder how do you guys overcome this problem? Looking for different types of bug? Different programs? Or something else?
Edited on 2018-11-26 at 02:12:37pm (GMT)
I started off my security journey with ctfs as well and I understand where you're coming from. It feel like ctf's kind of train you to be in the wrong mindset maybe? I don't know.
I'd be interested in what successful hunters think about this.