I'm aware of Hacker One and some of the other bug bounty programs. I have done my share of fun little SQL and XSS exercises on homegrown PHP forums back in the day, but it's easy to get lost in the breadth of the bug hunting surface area today. What are some of the ways to get started when it feels everything simple has got to be claimed already? Any good resources besides reading writeups on past exploits?