/tech/ - Technology★

if you're a good hacker you're making actual hacks for money. These "hackers" earn next to nothing with the cheap bounties companies offer.

if your a good hacker you would fix the double post bug here as your first bounty

Bug bounties are a complete meme. Most of the bounties go to the same handful of people who already do this professionally in some other way; you are basically competing with a bunch of teenagers for peanuts.

>>1042651

This. Even if you had zero-days the spooks pay MUCH better.

Any "hacker" earning their money doing bug bounties is a skid that knows few tricks here and there and never amounts to anything.

They think it is a valuable experience that might land them a job but they're deluding themselves into literal shit digging work.

>>1042687

But what if you were doing them not for the money, but to piss the spooks off by fixing zerodays in software they like to hack?

>>1042609

I just want to know how I've only ever seen this problem on /tech/. CSS problem or what?

>>1042593 (OP)

>I need to study Web app stuff right?

Not really. Learn how to actually work on malware, reverse engineer it, and detect it (a/v and traffic signatures). You'll make way more money doing it and you won't just be a skid.

>>1042732

It comes from faggots who don't see their post show up, so they post it again. Then the original post shows up, and then the second post.

>I've only ever seen this problem on /tech/

I've seen it on reddit too. Think there was a bug one time, because I saw a thread where everyone's post had doubled. It's more egregious on /tech/ because no one can delete threads except the BO.

>>1042593 (OP)

>find a lethal bug

>use bug and earn as much as you can

>anomalous attacks

>find another lethal bug

>sell old bug

>repeat.

>>1042593 (OP)

They're memes. If you contribute to an open source project anyway, you can earn beer money doing random companie's specific feature requests, but it's not a way to support yourself.

>>1042593 (OP)

Yes they are a meme. It's 100% marketing. "Look bruh discord has a bug bounty, it must be better than conject0r, even though it crashes every 5 seconds". Bug bounties don't and never have made software any more secure. The software industry is a joke and as an obvious collary, so is the security of all software.

>Any experiences?

Oh you're one of those people.

>>1042797

>do attack A that nobody else has done

>sell it to company a year later after they figured it out

genius. is there a way to collect bug bounties anonymously?

>>1043329

from a software engineering standpoint it's a meme, but that's something you wont understand. also whatever news article you link to may or may not just be marketing/hype

>>1043333

seething

>>1043329

sounds very meme to me. why is it always some kid that does these instead of people that call themselves "professionals" and do that shit as their job

>>1043339

i dunno about the "whitehat community" but everyone i know who's actually good at hacking became millionares 10 years ago and wouldn't waste their time with this shit. point is, software industry is shit

>>1043339

to get young retards into the field to flood the market suppress wage costs

>>1042593 (OP)

Hackerone and bugcrowd are decent. I know some people pull bounties from those programs on the regular.

Things you will need to know for real hacking. Look this shit up on YouTube.

Assembly programming

Shellcode

Egghunting

Exploit development

That or learn relational database applications development then Learn SQL injection and things like that for Web applications penetration testing.

>>1042605

True blackhats can make more money in given circumstance. That and something like 95% of moralfags are leftists. Fuck the security industry. But if a guy wants to make some cash on bug bounties whatever. I'm over it.

>>1042714

This is absolutely true. Doing tech work on prospect is not recommended. Most people will make up some reason they are not going to pay you.

>>1043306

This is categorically false. Finding and fixing bugs makes software more secure. Hackers finding security holes and responsibly reporting them to developer helps developers tremendously.

>>1043329

True, there are some success stories.

>>1043333

Also true. Nearly everything in the security industry is a scam. Best bet just write hack tools and put them on Github to build a portfolio in hopes of getting offered a real job. That or just hack because you love it.

>>1042593 (OP)

You would be better off and make more by catching actual bugs OP. Media has a successor bias reporting the only 2 or 3 over successful cases when the average success is very low and an average bug catcher actually makes the double of an average bug bounty hunter. Don't treat it as anything more than a part time job.

>>1043592

>>>1043306

This is categorically false. Finding and fixing bugs makes software more secure.

No it fucking doesn't, and since you list "Egghunting" as if it's some fundamental wisdom you come off as yet another skidd0. Fixing one vuln someone finds makes the software slighty better at best, does fuck all to change the attitude of the "software engineers", and gets you and the vendor some PR.

>Hackers finding security holes and responsibly reporting them to developer helps developers tremendously.

No it doesn't. It's literally just a market.

>>1043342

THIS. IT'S ALWAYS ABOUT THIS!

>>1042609

this

HAPAS ARE SUPERIOR TO WHITES

I smell rats.

These are our enemies. Why are we supporting them?

Whatcha sliding Chaim?

Whatcha sliding MOSHE?

Yeah, right, and the moon is made of cheese.