Anyone has any idea how people actually find zero days and buffer overflow?

normally there are two ways for finding 0days..

1. Reverse Engineering
2. Fuzzing

Reverse engineering requires inside-out knowledge of OS internals, Assembly, Data Structures etc. however in fuzzing you must be good with programming and you must know the application behavior and various input points.