You can do tons of things to become good at bug hunting: participating in CTFs, reading write-ups and looking for bugs being some excellent strategies!
However, we usually neglect to mention the “other stuff”. The activities that aren’t directly about security at all! Think about it. A professional sports player usually doesn’t only play their own sport. They go to the gym and build fitness. You can do the same for bounty hunting!
Here are three activities that have helped me become a better bounty hunter:
👨💻 Coding
It’s all about thinking about code.
In writing code, architecting systems, and debugging your own mistakes, you gain insight into what thoughts go into designing a system. This insight is tremendously helpful when you’re looking for bugs.
Plus, you can build tools that automate some of** your hacking**!
📚 Reading
(Web3) security is a very diverse field.
You will only get a superficial understanding if you never do your research and dive down that rabbit hole. Read about how compilers work, game theory, economics, systems thinking, formal methods, traditional security, etc.
Go down those rabbit holes! It will pay off tenfold.
🥗 Health
The picture of a hacker dude that stays up all night, chugs countless energy drinks, and never goes out is wrong!
Sleep, food, exercise, etc., all the boring stuff your mom made (or makes :p) you do. These are critical to your brain functioning and, therefore, your bounty hunting performance!
Take good care of yourself!