Before i can even think about actively tackling bugs, the first thing that comes to my mind is… The environment on which you are performing the hack. I have couple of questions regarding this point.
Hack Performed on the BASE Operating System or VM?
-Operating System Fully Patched
-Various Operating System Versions (7,8.1,10)
-Various Browsers Tested with Bug (IE/Edge/Chrome/FF)
I can assume that there is a clean way to perform the hack, vs the dirty way (Performing and using the hacking tools on your base operating system) For the seasoned bug bounty hunters do you work strictly within VMs?
I’m sure that this question would really depend on the type of bug you are trying to find, Say for an Application Hack you wouldn’t want to install all these applications on your Base machine, but for Web App hacking you wouldn’t mind performing these hacks on your Base machine?
Or does it really not even matter?
Look forward to your response