Hey Paula. Say I have fair amount of high-level programming experience, moderate experience with C, moderate understanding of how OS works in general, and call pull off a simple ROP attack. Wanna be one of those people that discover Spectre/Meltdown/SSL Heartblead/Dirty COW. Where would you suggest to start?
As you already have a solid programming base and general understanding, I would suggest you to focus your efforts in joining online communities to be updated. Some people think security is kind of a lone-wolf job, nothing further than reality. Keeping the right news, communities and tech-pals around you is important. I'm mostly in Spanish communities, but there are tons around the world.
I would experiment, too. Either trying online capture the flag, or building your own laboratories. Take a close look to OWASP wiki.
I think you are aiming to be a zero-day hunter. For that, I think reading and learning about older vulnerabilities could guide you into what kind of vulnerabilities appear in new versions of different applications and OS. Good luck with it!
Hi Pavel,
The Meltdown/Spectre vulnerability are a pretty hard to find vulnerability.
If you really want to find one of that kind one day, I should say, start with a Phd in CyberSecurity targeted on hardware and then get to work into a security lab.
Cheers
Hey Paula. Say I have fair amount of high-level programming experience, moderate experience with C, moderate understanding of how OS works in general, and call pull off a simple ROP attack. Wanna be one of those people that discover Spectre/Meltdown/SSL Heartblead/Dirty COW. Where would you suggest to start?
As you already have a solid programming base and general understanding, I would suggest you to focus your efforts in joining online communities to be updated. Some people think security is kind of a lone-wolf job, nothing further than reality. Keeping the right news, communities and tech-pals around you is important. I'm mostly in Spanish communities, but there are tons around the world.
I would experiment, too. Either trying online capture the flag, or building your own laboratories. Take a close look to OWASP wiki.
I think you are aiming to be a zero-day hunter. For that, I think reading and learning about older vulnerabilities could guide you into what kind of vulnerabilities appear in new versions of different applications and OS. Good luck with it!
Hi Pavel,
The Meltdown/Spectre vulnerability are a pretty hard to find vulnerability.
If you really want to find one of that kind one day, I should say, start with a Phd in CyberSecurity targeted on hardware and then get to work into a security lab.
Cheers
Hey, thanks. That’s the answer I expected.