yeah i knew it boils down to some really low level knowledge but seems like a lot of black magic to me regardless on how people end up being able to publish papers or discover vulnerabilities...is it just educated trial and error ? poking at things that you think, hmmm maybe there's a hole here somewhere and then viola, you come across a CVE?