How do you find these bugs? Do you look for known vulnerabilities someone already published or try to find brand new zero days?
How do you do the latter?
Always was interested in cyber-security.
Gd luck
My stuff aren't considered zero day vulnerabilities. I haven't found a zero day yet. Zero is like something inside the software itself that is a security flaw and discovered for the first time. The stuff I find are usually already known but the developers didn't take the time to actually deeply check code for exploitable conditions. Example is the time I hacked a popular forum software with just an image, the developer of that forum software gave me bug bounty $75 and patched up the flaw that didn't strip malicious code from Svg image files.
Sometimes I discover my own new Dorks and submit them to Dork database as I have here with my nickname Ozzy
Usually I do some Api and other kinds of penetration testing using known methodologies. Basically find some flaw that impacts business. In the case of United Airlines, I got awarded 100k miles for finding backend vulnerabilities including one that allowed me to hack them with PDF and one that allowed me to email people as @united.com email address.
Toyota same thing, they were leaking sensitive info from their Jira and I was able to see passwords used by their devs. Sometimes you can exploit Jenkins stuff too. Just find out what web technologies they may be using and find out exploits or learn how to exploit stuff in YouTube. I'm not a master in this, just average guy that learned stuff. Here this one is a Dork I discovered myself and sent to dork database.
guys if i get that Cyber Security job it'll be $80k a year and it's with a big company in Minneapolis area. I got some Cyber security experience.
