Even if you fail – you shouldn't really hope to complete the task – you will get actual experience. I don't think there's a better way to start except to painfully try doing it. Just don't scold yourself too much if you fail – that is completely expected. 2/2

N-day analysis carries a detail which ctf or exploit replication do not have: you never know if you are analyzing vulnerability or not. It is the same as 0-day research, just with a better probability and far lesser pool of candidates, conveniently singled out for you. 3/3

I am not trying to make those view-baiting threads where people pile up resources; admittedly, I just share what I myself did. Maybe it's a bit too demanding and painful. But I don't think there is any more cost-effective way to learn. 4/4

Pinning this since people ask the same question all the time. Remember that the key piece of advice here isn't that you only learn by doing but that in this particular attempt you should free yourself of expectation of success, and just get your feet on the n-day ground.