From Practice Labs to Real Targets
my $0.2
A question that I'm getting asked quite frequently is how to get from practice labs to real targets.
The short answer is to jump right in. But the longer answer, it’s a bit more complicated…
So, you’re someone who’s been doing CTFs and practiced on platforms hackthebox or tryhackme. Well, I assume you’ve gathered a bit of experience here and there. The first move to something real would be VDPs. What are VDPs?
Vulnerability Disclosure Programs.
These are companies that have a vulnerability disclosure policy where they let you responsibly test/hack their assets. If you find valid issues, you might end up in a hall of fame or receive some swag.
How do you find them? Google.
How do you start? Read the policy 5 times over and jump in. You will get a lot of duplicates, but in the end, you'll learn a lot and maybe find some valid issues, assuming you’re just a beginner.
Why not paid programs?
I would not start with paid bug bounty programs because you'll quickly get demoralized since they are hard targets and you're just a beginner.
Now, as you do more VDPs and get into their halls of fame, you become more experienced. Put your experience, your Github portfolio (be smart and build one!), your write-ups, etc in your resume and start applying for pentesting positions.
Notice I'm not telling you to follow the path of bug bounties or the never-ending certification collector. You want to make stable money. And I'll stop here, and maybe continue at a later point in time…
If you want to get updates on stuff I’m doing: