> I was trying to start a conversation with humans, that's all.

Totally fair, and I'm sorry you got a hostile response.

My (very low-value) opinion is don't waste your time learning how exploits work. Yeah it's kinda neat seeing clever misuse of components. But there is very little upside to investing in that knowledge.

0. You look at old exploits and marvel at them for a while, but they are long ago patched and technically useless.

1. You waste a bunch of time looking for a sploit but don't find one.

2. You find one but nobody cares, you don't get street cred. The sploit is patched in the next release, and you don't get back your time spent finding it.

3. You find a sploit but all you get is a thanks from the billion dollar company, followed by a patch.

4. You create an exploit and use it maliciously or sell it to a criminal syndicate. you are a criminal. Or you get sued because it's a civil/copyright issue.

5. You find a sploit and other people treat you as a criminal even though you didn't do anything with it. You even intended to help.

6. You find sploits but still can't get a job as a white hat because other people who found more sploits got the job.

The only good outcomes are:

7. You found a very clever sploit and got a bounty for it.

8. You got hired in cyber security and get paid for sploits or countering them.

9. You seriously just love decoding machine instructions and find joy from making it do unintended things.

Overall, I think the risk/reward ratio is suboptimal for this field unless you go black-hat which is obviously fraught with moral and legal hazards.