Jobs & Career in Exploit Development
#1
Hi,
For those of you who have been in Exploit Development as a career or as a hobby , I have a a few questions :-

(1) How did you initially started out informally and How were you able to get a job falling in this domain? 

(2) What made you standout in your selection and interview?

For those who pursue this as a Hobby :-

(1) What keeps you going and How much time do you devote it?

(2) Tell us about your experience with Exploit Brokers.

Any feedback appreciated . Thank You

--
About Me : I am considering a career in vuln research/application security/exploit development since my Ape brain understanding is that :- 

You find a Vuln. This is your entry point. You use an exploitation technique that you develop yourself (outside of the noted 6 ) , you write the code that gets you from Point A to Point B . You test it.
Sell it for good amount of money.
The brokers sells this to their clients who package this shit into a malware and deploy it for their interests.

It's legal , does not infringe on anything or breaks any law.
--
I am considering whether it would be a good idea to become a JavaScript Developer and seek job opportunities in EU/US.

Why Javascript ? I saw a lot of talks. One of them was Titled : From Zero to Zero Day . 
35C3 - From Zero to Zero Day - YouTube
The 18 year old person explained how he got an RCE in Edge by targeting Chakra UI and other shit that I could understand. But the point in , JS is used in a lot of applications, so I think learning it in deep dive & practicing it would be crucial in this domain. 

Is there anything wrong with this? Am I a retard unhinged from reality?

Then I saw how you exploit vulnerabilties in IOS Applications  , 
Exploiting Unpatched iOS Vulnerabilities for Fun and Profit - YouTube

The process for exploit engineering  , 
(35C3 - The Layman's Guide to Zero-Day Engineering - YouTube )
[The transformer in the second half of talk explains how you write the code and check for Bug Collision]

The methodology used for finding exploits. 
(m r Mane Piperevski Methodology for Vulnerability Research and Exploit Development - YouTube)

This is all good n stuff . But what I don't like is how much you have to learn, how much you have to research and fucking read everything else that came before. 

So how do you approach the above barriers?
--
I looked into jobs in Exploit Development. 
They are only in Fort Meade (about 25 of them with little to no applicants, good salaries [75 K USD - 180K USD, lot of benefits) or They are in Israel (Vuln Research , ask for CVEs and Undergraduate).

Are there anywhere else? 
--
Thank You for your time and all feedback is appreciate

====
Bug Bounties isn't what I want to do in my spare time.
Reply
#2
I'll leave those questions up to @dropzone haha Smile He has a lot of experience with this. But ditto, I kind of want to get into this as well.

Related to the thread though: https://greysec.net/showthread.php?tid=6700 Good thread on getting started with exploit development.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Exploit Brokers. How do you become one? Ayumi_Nkm 0 4,519 04-12-2022, 09:43 AM
Last Post: Ayumi_Nkm
  Help me exploit a binary thepublicip 1 4,524 04-09-2022, 04:35 PM
Last Post: Ayumi_Nkm
  IoT / Embedded Exploit Development chios 3 28,732 02-05-2021, 07:47 AM
Last Post: chios
  Exploit Development? findinguser 4 27,295 01-20-2021, 07:09 PM
Last Post: Insider