Comments: 61 • Responses: 19  • Date: 

Million202613 karma

How much money have you personally made doing this?

brxxn013 karma

I've made over $15,000 from various bug bounty programs.

Benbejamminboy6 karma

On average how easy (or difficult) is it generally to find exploits in companies etc?

brxxn07 karma

It usually depends on the company, their tech stack, and how many bug bounty hunters research it. It's sometimes super simple to find exploits in a company (under 3 hours) and sometimes it can be extremely hard. Usually, bug bounties that have hard scopes will pay more for an attack than companies with easier scopes. However, if you're trying to get started, I'd recommend looking at easier scopes first and then moving into harder scopes.

oldmrdeebs5 karma

What will it take to get people to care about the phones and apps they're using blindly? It's pretty bad

brxxn04 karma

This is a major issue in the cybersecurity field, which can provide vectors for serious attacks. The solution many people have decided to work with is securing their app as much as possible from the other malicious apps rather than assume the user won't install anything bad. Obviously, apps with administrator permission or read/write on webpages can steal lots of information and there's nothing that cybersecurity analysts or companies can do. A lack of care is an extreme problem, and it's something I'd also like to raise awareness about, too.

Glitch_in_the_pink3 karma

I’m not sure if you can answer, but are antivirus packages for iPhones worth buying? I’ve heard they’re immune to hacking etc but I don’t believe anything is!

brxxn05 karma

iPhones are not immune to hacking, but anti-viruses do nothing to make your phone more secure. I would recommend just making sure you are on the latest version of iOS, as otherwise your phone will be vulnerable to more bugs. Apple actually runs a bug bounty program for bugs found in iOS. Security fixes are added in every update by Apple to make sure phones are more secure and safer. I'd also recommend not installing an app unless you trust it and not visiting weird websites.

favhwdg3 karma

How much knowledge about coding and computers do you need for your job?

brxxn06 karma

There's obviously a good amount of knowledge you need about programming, but it's not too much if you're interested in the field. Learning programming is a useful skill in this field, and it can also be used for other fields, too. You don't need to know too much programming, but you will need to familiarize yourself with common knowledge of networking, HTTP, and how websites and programs work. There are many resources on the internet to help people who are interested in this field get started, some of which I included in the original post.

rman9162 karma

How have people reacted at your age?

brxxn02 karma

I usually don't tell them as it doesn't really matter that much. I'm pretty sure there are other people my age that also do this, so it wouldn't be rare to see someone my age submitting reports.

spike731932 karma

Ironic this pops up as I'm actually considering going into this field.

For someone looking to get into this line of work, can you recommend some good resources to learn what's needed to succeed in the job?

brxxn03 karma

I'd recommend Hacker101 if you need some basic CTF challenges. I'd also recommend BugBountyNotes, as they may have some useful content.

spike731932 karma

Thanks for the reply.

I was more so asking about like resources to learn how to even do these sort of jobs. I used to do some minor coding stuff years ago (im talking like 2009-2012) that I think was either html or c+? I can't remember truthfully. Basically, what is the like required knowledge to preform these jobs, and what is a good place to start learning how to gain said knowledge?

brxxn02 karma

I'd first learn a programming language like Python and then move into security research tutorials on OWASP and Bug Bounty Notes. You can learn python from its documentation or by googling how it works. I'd also recommend you get familiar with a web server library on the language you decide to learn. You can google pretty much anything about it.

gangler522 karma

Starting school for cyber security in January. No idea what I'm in for.

When somebody works in Cyber Security, does that tend to imply using tools that you're trained in, or like writing code from scratch?

brxxn03 karma

You can do both. Tools streamline the process, and you don't usually have to reinvent the wheel. Sometimes, you will need to make a script, but most of the time other specialized tools can be used.

TheDogeMaster0072 karma

Is c++ a good programming language for this field?

brxxn04 karma

I would recommend other languages such as Python or Javascript as C++ isn't usually used in web development. C++ will also take longer to create web development scripts with and doesn't have as many libraries as other languages.

TheDogeMaster0071 karma

Is python good?

brxxn02 karma

Yeah, it can be used for a lot of things, both in this field and in programming.

Glasshouse813Ebay2 karma

Have you worked on any cryptocurrency projects like Ethereum?

brxxn01 karma

I plan on getting into cryptocurrency soon, but I haven't started with it yet.

ZylonBane1 karma

Wouldn't you prefer a good game of chess?

brxxn01 karma

Does chess impact the world as much as security research?

TheButtonator1 karma

What are your thoughts on the Australian anti-encryption laws? This legislation requires developers to code a back-door into any encryption used in their programs for 'security measures'.

brxxn01 karma

Anti-encryption laws aren’t good. It allows for more vectors to attack the application and retrieve data for both attackers and the government.

Zoraninja1 karma

Just started an OSINT internship and feeling genuinely overwhelmed and out of my element, any advice that might make conducting these investigations more fruitful or streamlined?

brxxn01 karma

Sometimes, you should look over the knowledge you already think you know. I find this useful in many areas when I may have misunderstood something that caused me to be very confused instead of cramming new content in.

[deleted]1 karma


brxxn01 karma

It really depends on what you’re doing. For web research, you don’t need that much reverse engineering. You may need to understand JS files that are compressed and minified, but other than that not really. For game/app bug research, you’re definitely going to need to know how to do reverse engineering and maybe even learn assembly for programs compiled in C++ or C.

[deleted]1 karma


brxxn01 karma

That’s not my area of expertise, but you would need to look for UAFs or buffer overflows and then find a way to cause them to happen. There would be money in kernel research, but then you would also have to learn the kernel too.

Smashmundo1 karma

What’s your opinion on Kali Linux?

brxxn01 karma

Overrated. I use a macOS or my PC for it.

Smashmundo1 karma

Do you mean you use your Mac or PC for cyber security in general?

brxxn01 karma

It usually depends on the day and where I am.