
How do amateur security engineers learn to find new exploits to produce CVEs? - always_learning
Saw a similar post on reddit but it didn&#x27;t have many responses. I&#x27;m also very interested in the subject.<p>Considering one already has experience in security. E.g. Bachelors&#x2F;Masters level courses, practical bug bounties, CTF and can use metasploit. These all teach the users how to use tools, or to find pre-existing&#x2F;known attacks and vulnerabilities.<p>How does one jump from this to finding new&#x2F;undiscovered vulnerabilities in applications, operating systems that could be made into actual CVEs?<p>Does anyone have experience in this?<p>For example, how do those in Google Project Zero perform such finds?<p>Thanks.
======
_pdp_
There is no magic. You have to try things. There are two things that worked
for me personally:

* Study the technology in order to find out potential oversights and design problems. * Fuzz test it to find problems by brute force.

Keep in mind that the more you practice the better you become at it. Your
intuition will start to help you filter things that are worth exploring and as
such get more fruitful results faster. While you can read about vulnerability
research techniques, your intuition will only grow through practice and
experience.

Also the more bugs you discover the more confident you become which also helps
in the long run because in many situations you will not know what you are
doing but you believe strongly that you will find something.

Also, keep in mind that while security researcher are smart people, what they
do is not that genius at the end of the day. When you are reading someones
awesome research you may come to the conclusion that the work had the same
logical development as outlined in the paper - a stroke of a genius. It does
not work quite like that in reality. It only makes sense at the end. It does
not make that much sense in the process. You just fake it until you make it.
:)

So yah, the way you make the jump from using tools to finding vulnerabilities
yourself is by making that jump. Pick a small target area of research first
and grow from there.

