Are bug bounty programs a meme? Can you actually make money of this shit? Any experiences?
What do you think how hard it is to get to that level? I've built some foundation, studying on Cybrary Network+, Comptia A+, Security+, Linux+ and currently reading TCP/IP illustrated. I need to study Web app stuff right?
Other urls found in this thread:
infosecurity-magazine.com
if you're a good hacker you're making actual hacks for money. These "hackers" earn next to nothing with the cheap bounties companies offer.
if your a good hacker you would fix the double post bug here as your first bounty
Bug bounties are a complete meme. Most of the bounties go to the same handful of people who already do this professionally in some other way; you are basically competing with a bunch of teenagers for peanuts.
We call them bug chasers now
This. Even if you had zero-days the spooks pay MUCH better.
Any "hacker" earning their money doing bug bounties is a skid that knows few tricks here and there and never amounts to anything.
They think it is a valuable experience that might land them a job but they're deluding themselves into literal shit digging work.
But what if you were doing them not for the money, but to piss the spooks off by fixing zerodays in software they like to hack?
I just want to know how I've only ever seen this problem on Zig Forums. CSS problem or what?
I need to study Web app stuff right?
Not really. Learn how to actually work on malware, reverse engineer it, and detect it (a/v and traffic signatures). You'll make way more money doing it and you won't just be a skid.
It comes from faggots who don't see their post show up, so they post it again. Then the original post shows up, and then the second post.
I've only ever seen this problem on Zig Forums
I've seen it on reddit too. Think there was a bug one time, because I saw a thread where everyone's post had doubled. It's more egregious on Zig Forums because no one can delete threads except the BO.
find a lethal bug
use bug and earn as much as you can
anomalous attacks
find another lethal bug
sell old bug
repeat.
They're memes. If you contribute to an open source project anyway, you can earn beer money doing random companie's specific feature requests, but it's not a way to support yourself.
Yes they are a meme. It's 100% marketing. "Look bruh discord has a bug bounty, it must be better than conject0r, even though it crashes every 5 seconds". Bug bounties don't and never have made software any more secure. The software industry is a joke and as an obvious collary, so is the security of all software.
Any experiences?
Oh you're one of those people.
do attack A that nobody else has done
sell it to company a year later after they figured it out
genius. is there a way to collect bug bounties anonymously?
its a meme
meanwhile a 19 year old self taught guy from some 3rd world shithole gets paid 1million
infosecurity-magazine.com
Zig Forums forever BTFO
from a software engineering standpoint it's a meme, but that's something you wont understand. also whatever news article you link to may or may not just be marketing/hype
seething
sounds very meme to me. why is it always some kid that does these instead of people that call themselves "professionals" and do that shit as their job
i dunno about the "whitehat community" but everyone i know who's actually good at hacking became millionares 10 years ago and wouldn't waste their time with this shit. point is, software industry is shit
to get young retards into the field to flood the market suppress wage costs
Hackerone and bugcrowd are decent. I know some people pull bounties from those programs on the regular.
Things you will need to know for real hacking. Look this shit up on YouTube.
Assembly programming
Shellcode
Egghunting
Exploit development
That or learn relational database applications development then Learn SQL injection and things like that for Web applications penetration testing.
True blackhats can make more money in given circumstance. That and something like 95% of moralfags are leftists. Fuck the security industry. But if a guy wants to make some cash on bug bounties whatever. I'm over it.
This is absolutely true. Doing tech work on prospect is not recommended. Most people will make up some reason they are not going to pay you.
This is categorically false. Finding and fixing bugs makes software more secure. Hackers finding security holes and responsibly reporting them to developer helps developers tremendously.
True, there are some success stories.
Also true. Nearly everything in the security industry is a scam. Best bet just write hack tools and put them on Github to build a portfolio in hopes of getting offered a real job. That or just hack because you love it.
You would be better off and make more by catching actual bugs OP. Media has a successor bias reporting the only 2 or 3 over successful cases when the average success is very low and an average bug catcher actually makes the double of an average bug bounty hunter. Don't treat it as anything more than a part time job.
1043306
This is categorically false. Finding and fixing bugs makes software more secure.
No it fucking doesn't, and since you list "Egghunting" as if it's some fundamental wisdom you come off as yet another skidd0. Fixing one vuln someone finds makes the software slighty better at best, does fuck all to change the attitude of the "software engineers", and gets you and the vendor some PR.
Hackers finding security holes and responsibly reporting them to developer helps developers tremendously.
No it doesn't. It's literally just a market.
THIS. IT'S ALWAYS ABOUT THIS!
this
HAPAS ARE SUPERIOR TO WHITES
HAPAS ARE SUPERIOR TO WHITES
HAPAS ARE SUPERIOR TO WHITES
HAPAS ARE SUPERIOR TO WHITES
HAPAS ARE SUPERIOR TO WHITES
HAPAS ARE SUPERIOR TO WHITES
I smell rats.
These are our enemies. Why are we supporting them?
Whatcha sliding Chaim?
Whatcha saying schlomo?
Whatcha sliding MOSHE?
Yeah, right, and the moon is made of cheese.
The Semitic influence is strong with this one.