Ask HN: Any student bug bounty hunters?
Have any students been rewarded for bug bounties/does security research as a hobby? I'm working on a journalism project on student bug bounty hunters and would love to ask a couple of questions.
Please comment/email me if you'd be willing to help! I'd really appreciate it.
I also have personal experience doing this kind of stuff (I've found/been rewarded for bugs in Facebook/Google/Firefox/Apple) so happy to talk about my own experiences with anyone I'd be interviewing!
15 comments
[ 2.6 ms ] story [ 34.0 ms ] threadI get the impression the big bucks are in black-box proprietary/commercial systems? My only experience is with finding a small credential-leakage design flaw in an open source web app while poking through its source code one day.
I currently view most bug bounty hunting a bit like this - https://www.corsix.org/content/malicious-luajit-bytecode - so any suggestions about where to get started would be interesting. I'm not talking about "this is what XSS is", I'm talking megalists of recent compromises with annotated source code, that sort of thing. That would be both engaging, mentally challenging, and highly educational.
(As an aside, there was that one time I accidentally crashed Uppsala University's PDP-11/70 a few months ago (the logout program may have stepped on some kernel data structures :D), but that was kind of a fluke.)
I've gotten bug bounties from Facebook/Google/Firefox by applying fuzzing to open source projects, using AFL/Libfuzzer. I'd say that fuzzing open source projects are a good, easy way to start security research since its relatively low barrier to entry and can pay good dividends.
Anyways, hoping to get a response from someone I can interview for my project! Please drop me a line if you can help. Happy to answer more questions.
Am I student bug bounty hunter? No. I'm a student that sometimes breaks things and tells people when I do.
Really appreciate your help, questions won't take too long!
Seriously though, I started because I wanted to secure my server. So I looked at how other people secure better severs. Sometimes I looked so deep I found errors, normally little things like leaving a default account set up, or leaving FTP wide open.
If you're looking for some generic response like "Just go to http://hunt4.bugs", I don't think one exists.
Here's some resources - https://forum.bugcrowd.com/t/researcher-resources-how-to-bec...
Haven't done much since though.
Really appreciate your help, and no worries if you're busy!