How to get into offensive security?

Question

I understand web application security, that means I know what the OWASP top 10 are and I know how they work. Given a 0-day I could write a script for it. I understand what people are talking about when I listen to a defcon talk or security podcast. I know what a buffer over flow is. I also understand the basics of cryptography and can write/read assembly if I absolutely have to. I know how to read/write iptable rules. I have taken part in CTFs.1. How does one start doing bug bounties?2. How does one start finding 0-days?Are there any online courses that are good at teaching the above?I don't want to find 0-days because of malicious reasons. I want to learn how to find them as articles about them seem clever. I like the exploratory nature of it.

smoyer · Accepted Answer

If you're like me, finding vulnerabilities is like solving a puzzle. There's a certain satisfaction but you learn something at the same time. There was a great session at the All-Day-DevOps conference yesterday called "The 5Ws of CTF" that espouses learning computer/software exploits through playing "Capture-the-Flag" (https://www.alldaydevops.com/addo-speakers/ell-marquez). I thought the session was recorded on YouTube but couldn't find it. I did find an earlier version of the same talk at https://www.youtube.com/watch?v=WGiCO2u8JCg.

v3nom · Answer

Try sites like HackerOne where you will get a framework for ethically looking for vulnerabilities in public software. Since you seem to know the lingo and top issues on the web, try to find your first XSS on a website. The first one will take some time, but once you find one you will feel the rush of accomplishment. The second one will be easier to find and you will start noticing patterns in what to look for for.