Just depends on what you're submitting and who to. Apple's bug bounty (as an example) pays a pretty large amount depending on what you're reporting. PAC bypasses go for upwards of 150k and side-channel attacks go upwards of 250k (last time I checked). The only downside to reporting to companies like Apple is that no matter the severity it'll take around 5-6 months for their team to get back to you which is coupled with a tedious process of confirming your identity etc. Or you could just sign up for H1 and submit some shitty XSS's to mail.ru's VDP and get paid in small amounts.

just do unethical work pog

Bug bounty hunters make a lot(1 mIllion monthly) if you work legally.

if you try to do illegally, You should peak at 250K probably.

you certainly can live off comfortably if that's what you're asking

both option are good IMO, software engineer will pay well, ethical hacker can create a commercial service (penetration and hardening service) for government web app in my country

Unless you have a degree in cybersecurity, making a living off of (ethical) hacking isn't great. I would recommend doing a bit in your free time on bugbounty or hackerone if you're interested in that, should be some good supplemental income

(August 18, 2022, 11:53 PM)GregoryContmr Wrote: Hey, I was wondering, is becoming a hacker (ethical) in the future a good idea, like financially and how hard you work. Or should I stick to becoming a software engineer?

Well, I wouldn't recommend being a Bug Hunter as a full-time job though. Bug Hunter is more like a hobby that able to make money. Not for a full time job. But, I'm just recommending a decision. I'll leave it up to you ;)

(August 19, 2022, 05:58 PM)omniking Wrote: Look into bug bounties if that's what you mean, most companies offer rewards for that

*most companies offer arrest warrants for that under pretense that you will receive a reward.

It really depends on where your morals are. Very few make it big, because of their lack of understanding of history--what worked before does not work now. Why doesn't it work now? What steps can be bypassed?
Risk vs reward. If you are a person who doesn't enjoy the buttclench of a simswap and siphoning accounts that aren't yours; there is very little profit for you.

---

(August 19, 2022, 06:05 PM)apache Wrote: Just depends on what you're submitting and who to. Apple's bug bounty (as an example) pays a pretty large amount depending on what you're reporting. PAC bypasses go for upwards of 150k and side-channel attacks go upwards of 250k (last time I checked). The only downside to reporting to companies like Apple is that no matter the severity it'll take around 5-6 months for their team to get back to you which is coupled with a tedious process of confirming your identity etc. Or you could just sign up for H1 and submit some shitty XSS's to mail.ru's VDP and get paid in small amounts.

They will likely report and issue an arrest warrant first. The most recent RCE vulnerability with iMessage was reported and arrested, only later to be acquitted and hired, (but still arrested first)
Apple doesn't take kindly to threat actors nor malware enthusiasts. If you are going to submit a bug bounty, ensure you have a long standing github or public repo of the same bug bounty behaviour.

(August 26, 2022, 12:56 PM)Dyne Wrote:

(August 19, 2022, 05:58 PM)omniking Wrote: Look into bug bounties if that's what you mean, most companies offer rewards for that

*most companies offer arrest warrants for that under pretense that you will receive a reward.



It really depends on where your morals are. Very few make it big, because of their lack of understanding of history--what worked before does not work now. Why doesn't it work now? What steps can be bypassed?
Risk vs reward. If you are a person who doesn't enjoy the buttclench of a simswap and siphoning accounts that aren't yours; there is very little profit for you.

---

(August 19, 2022, 06:05 PM)apache Wrote: Just depends on what you're submitting and who to. Apple's bug bounty (as an example) pays a pretty large amount depending on what you're reporting. PAC bypasses go for upwards of 150k and side-channel attacks go upwards of 250k (last time I checked). The only downside to reporting to companies like Apple is that no matter the severity it'll take around 5-6 months for their team to get back to you which is coupled with a tedious process of confirming your identity etc. Or you could just sign up for H1 and submit some shitty XSS's to mail.ru's VDP and get paid in small amounts.

They will likely report and issue an arrest warrant first. The most recent RCE vulnerability with iMessage was reported and arrested, only later to be acquitted and hired, (but still arrested first)
Apple doesn't take kindly to threat actors nor malware enthusiasts. If you are going to submit a bug bounty, ensure you have a long standing github or public repo of the same bug bounty behaviour.

I've reported multiple vulnerabilities to Apple over the years and while the wait for them to reply is around 5-6 months they still have a good pay out. It doesn't matter about your "public image" it's just a matter of your good intentions.

if you just want money the easiest way is to specialize in software engineering because obviously there are a lot more jobs in the market for that area.