Comments: 61 • Responses: 19 • Date: 2019-10-06 16:41:41 UTCsource
Million202613 karma2019-10-06 17:43:26 UTC
How much money have you personally made doing this?
View HistoryShare Link
brxxn013 karma2019-10-06 18:57:17 UTC
I've made over $15,000 from various bug bounty programs.
Benbejamminboy6 karma2019-10-06 16:51:34 UTC
On average how easy (or difficult) is it generally to find exploits in companies etc?
brxxn07 karma2019-10-06 16:56:16 UTC
It usually depends on the company, their tech stack, and how many bug bounty hunters research it. It's sometimes super simple to find exploits in a company (under 3 hours) and sometimes it can be extremely hard. Usually, bug bounties that have hard scopes will pay more for an attack than companies with easier scopes. However, if you're trying to get started, I'd recommend looking at easier scopes first and then moving into harder scopes.
oldmrdeebs5 karma2019-10-06 16:53:05 UTC
What will it take to get people to care about the phones and apps they're using blindly? It's pretty bad
brxxn04 karma2019-10-06 17:01:37 UTC
This is a major issue in the cybersecurity field, which can provide vectors for serious attacks. The solution many people have decided to work with is securing their app as much as possible from the other malicious apps rather than assume the user won't install anything bad. Obviously, apps with administrator permission or read/write on webpages can steal lots of information and there's nothing that cybersecurity analysts or companies can do. A lack of care is an extreme problem, and it's something I'd also like to raise awareness about, too.
Glitch_in_the_pink3 karma2019-10-06 20:42:27 UTC
I’m not sure if you can answer, but are antivirus packages for iPhones worth buying? I’ve heard they’re immune to hacking etc but I don’t believe anything is!
brxxn05 karma2019-10-06 20:55:41 UTC
iPhones are not immune to hacking, but anti-viruses do nothing to make your phone more secure. I would recommend just making sure you are on the latest version of iOS, as otherwise your phone will be vulnerable to more bugs. Apple actually runs a bug bounty program for bugs found in iOS. Security fixes are added in every update by Apple to make sure phones are more secure and safer. I'd also recommend not installing an app unless you trust it and not visiting weird websites.
favhwdg3 karma2019-10-06 16:56:58 UTC
How much knowledge about coding and computers do you need for your job?
brxxn06 karma2019-10-06 17:04:45 UTC
There's obviously a good amount of knowledge you need about programming, but it's not too much if you're interested in the field. Learning programming is a useful skill in this field, and it can also be used for other fields, too. You don't need to know too much programming, but you will need to familiarize yourself with common knowledge of networking, HTTP, and how websites and programs work. There are many resources on the internet to help people who are interested in this field get started, some of which I included in the original post.
rman9162 karma2019-10-06 21:24:40 UTC
How have people reacted at your age?
brxxn02 karma2019-10-06 21:31:11 UTC
I usually don't tell them as it doesn't really matter that much. I'm pretty sure there are other people my age that also do this, so it wouldn't be rare to see someone my age submitting reports.
spike731932 karma2019-10-06 18:33:18 UTC
Ironic this pops up as I'm actually considering going into this field.
For someone looking to get into this line of work, can you recommend some good resources to learn what's needed to succeed in the job?
brxxn03 karma2019-10-06 18:54:46 UTC
I'd recommend Hacker101 if you need some basic CTF challenges. I'd also recommend BugBountyNotes, as they may have some useful content.
spike731932 karma2019-10-06 20:10:25 UTC
Thanks for the reply.
I was more so asking about like resources to learn how to even do these sort of jobs. I used to do some minor coding stuff years ago (im talking like 2009-2012) that I think was either html or c+? I can't remember truthfully. Basically, what is the like required knowledge to preform these jobs, and what is a good place to start learning how to gain said knowledge?
brxxn02 karma2019-10-06 20:18:11 UTC
I'd first learn a programming language like Python and then move into security research tutorials on OWASP and Bug Bounty Notes. You can learn python from its documentation or by googling how it works. I'd also recommend you get familiar with a web server library on the language you decide to learn. You can google pretty much anything about it.
gangler522 karma2019-10-06 20:44:33 UTC
Starting school for cyber security in January. No idea what I'm in for.
When somebody works in Cyber Security, does that tend to imply using tools that you're trained in, or like writing code from scratch?
brxxn03 karma2019-10-06 20:53:27 UTC
You can do both. Tools streamline the process, and you don't usually have to reinvent the wheel. Sometimes, you will need to make a script, but most of the time other specialized tools can be used.
TheDogeMaster0072 karma2019-10-06 18:02:29 UTC
Is c++ a good programming language for this field?
brxxn04 karma2019-10-06 18:56:33 UTC
TheDogeMaster0071 karma2019-10-06 19:16:13 UTC
Is python good?
brxxn02 karma2019-10-06 19:17:40 UTC
Yeah, it can be used for a lot of things, both in this field and in programming.
Glasshouse813Ebay2 karma2019-10-06 18:26:36 UTC
Have you worked on any cryptocurrency projects like Ethereum?
brxxn01 karma2019-10-06 18:54:11 UTC
I plan on getting into cryptocurrency soon, but I haven't started with it yet.
ZylonBane1 karma2019-10-07 05:23:24 UTC
Wouldn't you prefer a good game of chess?
brxxn01 karma2019-10-07 10:29:22 UTC
Does chess impact the world as much as security research?
TheButtonator1 karma2019-10-07 15:28:41 UTC
What are your thoughts on the Australian anti-encryption laws? This legislation requires developers to code a back-door into any encryption used in their programs for 'security measures'.
brxxn01 karma2019-10-07 15:39:04 UTC
Anti-encryption laws aren’t good. It allows for more vectors to attack the application and retrieve data for both attackers and the government.
Zoraninja1 karma2019-10-07 07:17:42 UTC
Just started an OSINT internship and feeling genuinely overwhelmed and out of my element, any advice that might make conducting these investigations more fruitful or streamlined?
brxxn01 karma2019-10-07 11:08:44 UTC
Sometimes, you should look over the knowledge you already think you know. I find this useful in many areas when I may have misunderstood something that caused me to be very confused instead of cramming new content in.
[deleted]1 karma2019-10-07 06:40:52 UTC
brxxn01 karma2019-10-07 10:32:30 UTC
It really depends on what you’re doing. For web research, you don’t need that much reverse engineering. You may need to understand JS files that are compressed and minified, but other than that not really. For game/app bug research, you’re definitely going to need to know how to do reverse engineering and maybe even learn assembly for programs compiled in C++ or C.
[deleted]1 karma2019-10-07 10:49:18 UTC
brxxn01 karma2019-10-07 11:13:16 UTC
That’s not my area of expertise, but you would need to look for UAFs or buffer overflows and then find a way to cause them to happen. There would be money in kernel research, but then you would also have to learn the kernel too.
Smashmundo1 karma2019-10-07 11:04:07 UTC
What’s your opinion on Kali Linux?
brxxn01 karma2019-10-07 11:10:49 UTC
Overrated. I use a macOS or my PC for it.
Smashmundo1 karma2019-10-07 12:13:24 UTC
Do you mean you use your Mac or PC for cyber security in general?
brxxn01 karma2019-10-07 12:23:22 UTC
It usually depends on the day and where I am.
Copyright © 2014 BestofAMA.com, All rights reserved.
reddit has not approved or endorsed BestofAMA, reddit design elements are trademarks of reddit inc.