How to find Zero Day exploits with fuzzing tools such as Radamsa. Radamsa is one tools used Bug Hunting, or vulnerability hunting.  This is a demonstration of vulnerability hunting using fuzzing software security methods, sometimes referred to as monkey testing.  Shows how to install and use Radamsa to generate large amounts of test data in hopes of finding a software vulnerability that can lead to a Zero Day exploit.  Once discovered, the ethical hacker is faced with a decision on what to do with his Zero Day information.  Should he report the vulnerability and associated exploit to a Bug Bounty program such as Zerodium or ZDI (Zero Day Initiative) or the Facebook Bug Bounty program? Or should he sell his vulnerability to the highest bidder on the dark web?  Thanks to the Edward Snowden leaks, we know that the NSA pays bounties for Zero Day exploits that are not reported to the Common Vulnerability and Exposures (cve) index.  North Korea, Russia and China also pay bounties. So the moral dilemma faces successful bug hunters - should I report or withhold the exploit?