Hacking on Bug Bounties for Four Years
Hacking on Bug Bounties for Four Years
I very highly appreciated transparency, especially in the field of generability. The priz e-making money around the world has submitted many reports, using the discovered problems in many fields, using many techniques and methodology. However, if you are already an active prize money and do not understand what the prize program expects or what you will pay, you have such knowledge. You will have a big handicap compared to that. Through this blog post, I would like to be able to elucidate the prize program paid to the bounty bug program.
The last blog post in this series was about four years ago, 120 days, 120 bugs. There have been many things in the last four years. Moving to Europe for six months, traveling to the Australian state expressway twice, winning a live hacking event, establishing a company, and those who think that they are families are the target area management platform. I helped with the construction.
Unlike the previous blog post, I did not impose the goal of finding one bug a day. Instead, he participated in an unreasonable bug as long as time allowed. There were many months when I couldn't find anything, and when I evaluated myself as a hacker, I was often afraid. He may be an excellent hacker, but he acknowledged that there was always a better hacker in the world, and decided to accept it as a very competitive individual.
I think it's a waste of time if you don't understand the basic application security attacks and vulnerabilities before working on Bug Bounty. Practice here and learn more.
If you're looking for a paid, wider resource, check PentesterLab and practice.
By participating in bugs bounty, assetNote gained knowledge of the security team that really cares. This is why we can maintain a high reputation when we always find a report.
The main motivation for this blog post is to educate the masses about the bug reward payment program.
For example, do you know that you can submit a locking EC2 IP (subdomain indicating the EC2 IP that the company no longer owns) without reading the proof of the following pudding? I'm clearly grateful for this information because I'm paying the program.
Findings
The following are my survey results for the past four years. The necessary information has been posted again, but if you read the title, you should be able to understand what kind of program I have reported.
date | insect | repayment |
---|---|---|
2020-09-02 14:04:11 UTC | [Redacted] | 1. 000, 00 $ |
2020-07-16 18:39:22 UTC | Spring's debug endpoints were executed, and [Redacted] & amp; amp; amp; AMP Heapdump revealed all secrets; buying accounts from trace. | 2. 500, 00 $ |
2020-06-30 22:54:07 UTC | [Redacted] blind SSRF via a billing AP I-access to internal hosts | 60, 00 $ |
2020-06-10 13:53:43 UTC | Full account redemption by sub domain redemption via Redacted] | 300, 00 $ |
2020-06-10 13:24:10 UTC | Full account redemption by sub domain redemption via Redacted] | 300, 00 $ |
2020-06-10 13:21:57 UTC | Full account redemption by sub domain redemption via Redacted] | 300, 00 $ |
2020-06-08 14:28:05 UTC | Amazon S3 Subdomain Hijack- [Redacted] | 256, 00 $ |
2020-06-08 05:29:58 UTC | Redacted] Route53 host zone take over | 500, 00 $ |
2020-06-05 16:27:42 UTC | Redacted] Cisco IP Conference Station CEP-7937G administrator table released on the Internet in the IP series | 400, 00 $ |
2020-06-03 21:07:51 UTC | PRE-Auth BLIND MSSQL injection that affects Redacted] | 1. 024, 00 $ |
2020-06-03 14:18:24 UTC | Pr e-certified MSSQL injection that affects Redacted] | 1. 024, 00 $ |
2020-06-02 15:28:50 UTC | Pr e-certified SQL injection that affects Redacted | 1. 024, 00 $ |
2020-06-02 15:26:58 UTC | RCE via arbitrary writing file and pass route [Redacted] | 1. 024, 00 $ |
2020-06-02 15:25:08 UTC | RCE via arbitrary writing file and pass route [Redacted] | 1. 024, 00 $ |
2020-05-18 10:12:38 UTC | Redacted] Route53 host zone take over | 1. 000, 00 $ |
2020-05-18 10:11:58 UTC | Redacted] Route53 host zone take over | 1. 000, 00 $ |
2020-05-18 10:06:22 UTC | Redacted] Route53 host zone take over | 1. 000, 00 $ |
2020-05-18 10:05:20 UTC | Redacted] Route53 host zone take over | 1. 000, 00 $ |
2020-05-11 18:47:54 UTC | Redacted] Route53 host zone take over | 100, 00 $ |
2020-05-11 14:59:23 UTC | Subdomain acquisition [Redacted] (Cookie Disclosure-& Amp; Amp; Gt; Account) Account Account | 2. 500, 00 $ |
2020-05-11 14:31:18 UTC | Subdomain acquisition [Redacted] (Cookie Disclosure-& Amp; Amp; Gt; Account) Account Account | 2. 500, 00 $ |
2020-05-07 01:47:49 UTC | Displays all [Redacted] IDor [Redacted] metadata. | 1. 000, 00 $ |
2020-04-29 22:58:57 UTC | See all IDOR [Reward] | 4. 000, 00 $ |
2020-04-29 22:57:55 UTC | See IDor [Reward] | 2. 500, 00 $ |
2020-04-24 18:19:23 UTC | Acquisition of [Redacted] sub domain via Heroku | 300, 00 $ |
2020-04-24 18:18:45 UTC | Acquisition of [Redacted] sub domain via Heroku | 300, 00 $ |
2020-04-23 19:45:04 UTC | Redacted] The horizontal bluetret force function of the [Redacted] account that exploits streaming registration | 500, 00 $ |
2020-04-22 17:44:29 UTC | Displays all [Redacted] IDor [Redacted] metadata. | 500, 00 $ |
2020-04-22 17:42:51 UTC | IDor Today, [Redacted] View [Redacted] of Redacted | 500, 00 $ |
2020-04-22 17:42:06 UTC | See all [Redacted] of IDOR [Redacted] [Redacted] | 500, 00 $ |
2020-04-06 19:13:19 UTC | Facebook- [Redacted] payment | 5. 000, 00 $ |
2020-03-07 15:12:24 UTC | Access QueryBuilder in Redacted and access secrets | 3. 000. 00 $ |
2020-02-25 15:02:20 UTC | Get [Redacted] subdomain via Amazon S3 | 750, 00 $ |
2020-02-20 23:01:58 UTC | Possibility of HTML injection, e-mail reception, and template injection via the "Info Info" section in Redacted] | 500, 00 $ |
2020-02-18 14:45:40 UTC | Redacted]/Libs/granite/content/login. html of administrator's Blue Forces | 500, 00 $ |
2020-02-15 12:24:57 UTC | Blind XSS by subscribing to Redacted] | 500, 00 $ |
2020-02-04 03:45:38 UTC | HTML injection by email when posting to Redacted] | 700, 00 $ |
2020-01-21 17:13:58 UTC | A function that attaches malicious attachment (any name, any type of content) to [Redacted] support staff via [Redacted]. | 2. 000, 00 $ |
2020-01-15 11:41:59 UTC | Redacted] No authentication is required for displaying and deleting the lock of the terrace. | 250, 00 $ |
2019-12-12 16:25:11 UTC | URL + WebHook + object of [Redacted] leaks to JavaScript of [Redacted] | 3. 000. 00 $ |
2019-11-21 22:15:20 UTC | Screenhero JWT authentication information from AWS & amp; amp; amp; Redacted] is still working | 1. 000, 00 $ |
2019-10-17 13:44:23 UTC | [Redacted] RCE via IBM Aspera Exploit leads to safe file storage | 1. 000, 00 $ |
2019-10-15 14:29:25 UTC | [Redacted] SSO bypass that leads to access to internal documents and portals | 250, 00 $ |
2019-10-11 18:07:51 UTC | Administrator access to [Redacted] by guess authentication | 1. 500, 00 $ |
2019-10-11-18: 06: 15 UTC | The Responsibility for Third Party Su b-Domain -[Redacted] EC2 IP is no longer controlled by [Redacted]. | 250, 00 $ |
2019-09-30 16:56:50 UTC | Several server problems (SSRF, management table that affect Redacted] | 2, 660, 00 $ |
2019-09-25 22:10:00 UTC | Use the UUI D-IDor of Redacted to read the details of any [Redacted]. | 1. 000, 00 $ |
2019-09-10 16:17:59 UTC | Redacted] SSRF | 2. 000, 00 $ |
2019-09-03 15:28:36 UTC | Redacted] SSRF | 17. 900, 00 $ |
2019-08-29 00:43:00 UTC | White list override of the organization registration flow of Redacted] | 250, 00 $ |
2019-08-09 05:15:44 UTC | [Pre-submission] SSRF in [redacted] (iframely) | 2, 970, 30 $ |
2019-07-29 16:32:59 utc | [Workaround] SSRF via [redacted] leads to internal network access and allows reading of internal JSON responses | 23. 000, 00 $ |
2019-07-24 02:52:42 utc | Phpinfo exposed to [redacted] | 100, 00 $ |
2019-07-24 02:46:02 utc | SSRF in [redacted] leads to AWS compromise via security credentials | 5. 000, 00 $ |
2019-07-08 14:44:23 utc | Remote command execution (via TSI parameters) in production [REDACTED] - CVE-2017-12611 | 2. 000, 00 $ |
2019-06-12 17:42:53 utc | Aspera and other leaked private usernames/passwords in [REDACTED] | 1. 500, 00 $ |
2019-06-12 17:42:08 utc | Bypass SSO/authentication for APIs hosted in [REDACTED] | 1. 500, 00 $ |
2019-06-12 14:45:09 utc | Remote Code Execution (Multiple Endpoints) - [REDACTED]. | 4. 500, 00 $ |
2019-06-10 17:29:35 utc | Export all drivers' emails, DOBs, full addresses, federal tax IDs and other PII to [REDACTED]. | 1. 800, 00 $ |
2019-06-10 16:53:22 utc | Receive [redacted] customer email, mobile by harness via lead ID via API | 12. 600, 00 $ |
2019-06-10 16:52:40 utc | Ability to leverage all opportunities (IDOR) Export PII to customers [REDACTED]. | 12. 600, 00 $ |
2019-06-07 18:51:24 utc | [REDACTED] [IDOR] - Access all accounts via regression vector/re-attack with abuse [redacted] (regression?) | 2. 500, 00 $ |
2019-06-07 18:17:31 utc | Blind [redacted] via RPC call to checkAvailableLiveChatagents SSRF | 62, 50 $ |
2019-06-07 18:07:22 utc | HTML injection in email when adding reviewer to [REDACTED] | 125, 00 $ |
2019-06-07 17:42:09 utc | [IDOR] Display employee [redacted] via /API/readhandler in [redacted] | 1. 500, 00 $ |
2019-06-07 15:33:31 utc | Export mobile number and [redacted] using only one email address for any [redacted] | 750, 00 $ |
2019-06-07 14:36:01 utc | Opportunities to use IDOR IDOR IDOR / IDOR IDOR IDOR / [REDACTED] | 125, 00 $ |
2019-06-07 14:24:15 utc | Export mobile number and [redacted] with only one email address for any user [redacted]. | 750, 00 $ |
2019-06-07 14:11:20 utc | HTML injection into [redacted] receipt when printed from [redacted] | 100, 00 $ |
2019-06-07 13:56:46 utc | Ability to access AirWatch Admin Panel and API in [REDACTED] | 1. 000, 00 $ |
2019-06-07 13:21:31 utc | IDOR of [redacted] allows access to information [redacted] of any user [redacted]. | 250, 00 $ |
2019-06-07 10:13:20 utc | [REDACTED] [IDOR] - Access all accounts via regression vector/re-attack with abuse [redacted] (regression?) | 15. 000, 00 $ |
2019-05-22 19:33:27 utc | Sqli and ID bypass in [redacted] | 4. 500, 00 $ |
2019-04-29 14:14:42 utc | XS resurrected in [REDACTED] | 500, 00 $ |
2019-04-29 14:14:29 utc | Redacted] SSRF | 1. 500, 00 $ |
2019-04-25 07:33:22 utc | Local file disclosure via Rails CVE-2019-5418 at [REDACTED]. | 100, 00 $ |
2019-04-19 02:28:54 utc | SSRF - in [REDACTED]. | 4. 950, 00 $ |
2019-04-19 02:28:35 utc | SSRF to [redacted] & amp; amp?#39;url' parameters | 4. 950, 00 $ |
2019-03-29 11:23:14 utc | redacted] meeting leaks AWS S3 secrets, giving attackers access to [redacted] | 364, 50 $ |
2019-03-27 18:41:51 utc | Acquisition of [Redacted] sub domain via Heroku | 750, 00 $ |
2019-03-20 17:08:11 utc | XS resurrected in [REDACTED] | 500, 00 $ |
2019-03-18 17:29:00 utc | XS resurrected in [REDACTED] | 500, 00 $ |
2019-03-18 17:28:49 utc | XS resurrected in [REDACTED] | 500, 00 $ |
2019-03-18 17:28:35 utc | [redacted] leaked CVS repo containing usernames and passwords | 750, 00 $ |
2019-03-18 15:35:10 utc | [redacted] form leaks usernames and passwords for [redacted]/wowza steaming servers | 500, 00 $ |
2019-03-15 15:08:35 utc | Extract any [redacted] pin code in Bcrypt, associated phone numbers and emails | 5. 000, 00 $ |
2019-03-14 17:51:32 utc | Multiple identifiers in [redacted] | 500, 00 $ |
2019-03-14 17:51:18 utc | Multiple persistent XSS vulnerabilities in [redacted] | 1. 000, 00 $ |
2019-03-14 17:51:02 utc | Authentication bypass in [redacted] allowing full access to anonymous users (including private streams) | 1. 000, 00 $ |
2019-03-14 17:50:45 utc | Slack webhook token leaks to JavaScript in [redacted] | 500, 00 $ |
2019-03-11 23:06:12 utc | Any subject + HTML verified as [redacted] Ability to send emails | 900, 00 $ |
2019-03-04 21:58:43 utc | Getting the WP-motor subsection of [redacted] | 500, 00 $ |
2019-03-04 19:04:59 utc | Extract any [redacted] pin code in Bcrypt, associated phone numbers and emails | 500, 00 $ |
2019-02-22 18:41:36 utc | [redacted]'s | 8. 000, 00 $ |
2019-02-13 17:59:01 utc | Ability to close any [redacted] using the identifier of [REDACTED] | 8. 000, 00 $ |
2019-02-07 00:05:37 utc | HTML to [redacted]'s writing stream of [redacted] Injection | 500, 00 $ |
2019-01-30 16:59:57 utc | [redacted]'s VHOST header hopping gives access to MSSQL DB Explorer | 1. 900, 00 $ |
2019-01-30 16:14:57 utc | [redacted]'s Rce via objectStateFormatter deserialization | 4. 000, 00 $ |
2019-01-30 16:13:00 utc | [redacted]'s zip file on webroot containing all source code and database | 3. 000. 00 $ |
2019-01-29 21:52:20 utc | [redacted]'s multiple reflected XS | 500, 00 $ |
2019-01-29 17:54:05 utc | Report sensitive data in debug file via redacted | 100, 00 $ |
2019-01-23 16:09:32 utc | Git repo is publicly available on many subdomains [redacted] and [redacted] | 600, 00 $ |
2019-01-22 23:02:09 utc | Critical: Product access to all [redacted] admins and employees - gain access to all email uuids and administrative actions | 4. 500, 00 $ |
07-01-2019 21:02:45 utc | SSRF via [redacted] leading to internal network access, ability to read internal JSON responses | 23. 000, 00 $ |
2018-12-06 15:58:56 utc | Reflect XSS in [redacted]/pay/alipay/wap. php. | 400, 00 $ |
2018-12-06 15:37:27 utc | This reflects XSS via the `http_referer` parameter in the [redacted] JavaScript environment. | 400, 00 $ |
2018-11-30 15:35:15 utc | Enabling Django debug feature leads to Postgres password leak in [redacted] | 500, 00 $ |
30-11-2018 15:20:07 utc | Ability to send SWF files to [redacted] via CKFinder | 400, 00 $ |
30-11-2018 15:08:41 utc | [redacted] discloses sensitive information leading to access to customer data via API | 800, 00 $ |
30-11-2018 13:46:33 utc | [redacted] Leaked Newsroom (China) CMS source code leaked on GitHub, including secret WeChat - leads to RCE on subscriber machines | 200, 00 $ |
29-11-2018 17:41:02 utc | White list override of the organization registration flow of Redacted] | 500, 00 $ |
29-11-2018 15:29:00 utc | redacted] blind MSSQL injection | 2. 000, 00 $ |
2018-11-28 15:02:39 utc | redacted] reveals RSA private key of Alipay merchant. | 200, 00 $ |
2018-11-21 16:58:25 utc | redacted] to get recursive [redacted]UUIDs | 1. 000, 00 $ |
2018-11-20 22:19:04 utc | redacted] API allows unauthenticated users to send messages to [redacted]Slack | 100, 00 $ |
2018-11-15 10:13:13 utc | redacted] Externally available MSSQL server reveals large amounts of data + local read files | 400, 00 $ |
2018-11-02 20:18:53 utc | redacted] Ability to customize your own order prices | 1. 500, 00 $ |
2018-10-24 14:40:13 utc | Arbitrary file upload leading to permanent XSS in [redacted] | 400, 00 $ |
24-10-2018 10:36:13 utc | Extract [updated] details (name, openid, unionid, mobile, nickname, state, city, gender, day of week) for each user via [redacted] | 400, 00 $ |
2018-10-22 14:26:23 utc | Critical: Product access to all [redacted] admins and employees - gain access to all email uuids and administrative actions | 500, 00 $ |
2018-10-12 18:56:47 utc | redacted]Unauthenticated XXE in /OA_HTML/lcmServiceController. jsp | 166, 67 $ |
2018-10-06 18:26:10 utc | redacted]PhantomJS SSRF response fully readable via AWS | 500, 00 $ |
2018-09-30 00:29:08 utc | readacted]Multiple issues (SSO bypass, Git repository with employee credentials and broken application logic) | 2. 000, 00 $ |
2018-09-03 09:55:32 UTC | Multiple instances of MSSQL injection based on "redacted]" "30 databases can be accessed to a database | 5. 000, 00 $ |
2018-09-03 09:15:04 UTC | REDACTED] /cms/Handler/kvimupload. ashx RCE with any file uploading | 3. 000. 00 $ |
2018-09-03 09:13:37 UTC | REDACTED]/STAFF/CMS/Handler/Toolsupload RCE by any file uploading. | 3. 000. 00 $ |
2018-09-03 09:03:06 UTC | MSSQL injection via redacted] /ninCentive/report. aspx | 2. 000, 00 $ |
2018-08-30 17:52:47 UTC | Redacted's direct list is connected to Russia's [Redacted] PII and internal documents/ Discovery Ride Deck | 1. 000, 00 $ |
2018-08-28 07:07:34 UTC | Highly confidential repo containing "Redacted] application source and database, over 700 cases~More than 700 emails leaked | 800, 00 $ |
2018-08-20 13:01:40 UTC | The server variable leaks to [Redacted] /servar. asp and can steal cookies httponly | 400, 00 $ |
2018-08-14 17:08:24 UTC | The accountability of the thir d-party sub domain- [Redacted] EC2 IP is no longer controlled by [Redacted] | 62, 50 $ |
2018-08-13 18:25:52 UTC | XS S-based DOM of Redacted] | 125, 00 $ |
2018-08-12 07:04:32 UTC | [First 30] [Redacted]/Handle_pasted_images blind SSRF | 375, 00 $ |
2018-08-10 06:36:30 UTC | [First 30] Publish accessable CA and Secrets. Enc files to VPN- [Redacted] | 1. 250, 00 $ |
2018-08-10 02:11:48 UTC | [First 30] Acquisition of subsection [redacted] 1. | 555, 00 $ |
2018-08-09 08:08:16 UTC | Once you know the UUID of any user [Redacted], you can get the profile information and metadata (email, payment, account type, associate). | 1. 000, 00 $ |
2018-08-09 07:39:29 UTC | Ability to brute force for any [REDACTED] table user without restrictions | 500, 00 $ |
2018-08-09 05:56:38 UTC | UUID (including internal employee transfer code) and [Redacted] employee UUID (including payment profiles) | 1. 000, 00 $ |
2018-08-09 05:49:26 UTC | If you know the UUID, you can download which user [Redacted] payment profile and confidential information | 1. 000, 00 $ |
2018-08-09 05:47:46 UTC | Once you know the UUID of any user [Redacted], you can get the profile information and metadata (email, payment, account type, associate). | 2. 000, 00 $ |
2018-07-26 16:21:23 UTC | XSS has been revealed in JPlayer. swf in the S3 bucket [Redacted] of the Redacted property. | 250, 00 $ |
2018-07-19 18:46:43 UTC | Redacted]/API/UTILS/Postbase XSS via sig n-up | 300, 00 $ |
2018-07-11 22:48:23 UTC | (Dynamic) IDor in `/API/[Redacted]` via [Redacted] | 500, 00 $ |
2018-07-11 22:44:36 UTC | Redacted] A function to enumerate [Redacted] via `/API/[Redacted]` | 2. 000, 00 $ |
2018-07-06 06:53:19 UTC | A large number of users registered in [Redacted] can be accessed without authentication on the incentive management table | 800, 00 $ |
2018-07-06 06:47:06 UTC | RCE on [Redacted] with any file upload | 3. 000. 00 $ |
2018-07-06 06:40:07 UTC | Authentication bypass that leads to administrator access to Redacted]/ LocationCms/ (Can be changed/ deleted/ added) | 800, 00 $ |
2018-07-06 06:31:23 UTC | Redacted] /locationCMS/template/storelist. aspx MSSQL injection | 2. 000, 00 $ |
2018-07-02 12:08:16 UTC | Serious issues related to Redacted] (database authentication information, source code of the entire application and leakage of SQLI) | 800, 00 $ |
2018-06-28 20:17:38 UTC | Export the payment method ( e-mail or last four tab numbers) used via redacted] | 500, 00 $ |
2018-06-22 15:48:11 UTC | [Redacted] API `/API/UTILS/Download-File`, which leads to an internal access to the assets | 3. 250, 00 $ |
2018-06-22 15:47:31 UTC | Redacted] API`/API/Partner/[Redacted] `` `` `` multiple ful l-action SSRFs that lead to internal access to [Redacted] have occurred. | 625, 00 $ |
2018-06-16 19:14:30 UTC | Post on Facebook [Redacted] | 500, 00 $ |
2018-06-16 17:56:17 UTC | Post on Facebook [Redacted] | 4. 000, 00 $ |
2018-06-16 17:55:00 UTC | Post on Facebook [Redacted] | 5. 000, 00 $ |
2018-06-16 15:54:20 UTC | Post on Facebook [Redacted] | 500, 00 $ |
2018-06-16 15:10:50 UTC | Post on Facebook [Redacted] | 500, 00 $ |
2018-06-16 14:56:58 UTC | Post on Facebook [Redacted] | 500, 00 $ |
2018-06-16 14:38:05 UTC | Post on Facebook [Redacted] | 3. 000. 00 $ |
2018-06-16 13:47:59 UTC | Post on Facebook [Redacted] | 5. 000, 00 $ |
2018-06-16 13:27:27 UTC | Post on Facebook [Redacted] | 500, 00 $ |
2018-06-13 21:24:58 UTC | [Redacted] . zendesk. com's Zendesk administrator certification information via Redacted] | 2, 250, 00 $ |
2018-06-13 21:21:41 UTC | A function to receive support calls with the [Redacted] ID of another store using the ID of Redacted] | 1. 500, 00 $ |
2018-05-31 13:02:19 UTC | The implementation of CloudFlare in Redacted is incorrect | 500, 00 $ |
2018-05-26 17:51:18 UTC | Redacted] The SSRF above allows access to the internal host [Redacted] | 1. 000, 00 $ |
2018-05-26 16:52:38 UTC | XSS is stored in the roll dialog of [First 30] - [Redacted] | 1. 206, 00 $ |
2018-05-26 13:59:34 UTC | Redacted] The SSRF above allows access to the internal host [Redacted] | 1. 728, 00 $ |
2018-05-26 12:40:45 UTC | The EC2 IP of [First 30] - [Redacted] is no longer controlled by [Redacted]. | 216, 00 $ |
2018-05-26 11:45:03 UTC | XSS is stored in the roll dialog of [First 30] - [Redacted] | 125, 00 $ |
2018-05-26 09:10:39 UTC | A function to brute the current user password without locking using an active session | 125, 00 $ |
2018-05-25 13:34:24 UTC | [Redacted] Bruteforcable [Redacted] via Cisco 375 0-Telnet/ssh/http. | 250, 00 $ |
25-05-2018 13:33:35 UTC | Two WordPress management boards for WPENGINE [Redacted] [Redacted] | 400, 00 $ |
2018-05-23 21:59:17 UTC | In Redacted], secrets (sessions) such as AWS secret keys are leaked | 500, 00 $ |
02-05-2018 12:35:46 UTC | The serve r-side source code has been released in [Redacted]. | 250, 00 $ |
2018-04-20 13:29:13 UTC | The released Rabbit-MQ management table was found in Redacted. | 250, 00 $ |
2018-04-11 22:41:51 UTC | Multiple vulnerabilities in the Russian Telegram bot API in Russia, which leads to an important [Redacted] data exposure | 3. 750, 00 $ |
2018-04-05 21:07:29 UTC | REDACTED] API has discovered vulnerabilities that do not require approval, leading to the outflow of AWS cloud data and user data (20. 000 staff detailed information leaked. | 15. 000, 00 $ |
05-04-2018 21:06:52 UTC | Postgres SQL injection of [Delete] that may lead to AWS cloud account hijack | 15. 000, 00 $ |
23-03-2018 22:29:19 UTC | Secrets from Config/Secrets/Secrets. json found in Redacted (CloudFront authentication information, private key, server settings). | 9. 500, 00 $ |
2018-03-22 15:33:20 UTC | Django management panel published in Redacted]. | 250, 00 $ |
16-03-2018 17:32:47 UTC | Multiple vulnerabilities in the Russian Telegram bot API in Russia, which leads to an important [Redacted] data exposure | 500, 00 $ |
09-03-2018 17:01:55 UTC | Any origin trusted when performing a verified API call on Redacted | 250, 00 $ |
09-03-2018 16:58:16 UTC | Published Django Management Table @ [Redacted]. | 750, 00 $ |
2018-03-02 12:53:11 UTC | Published Django Management Table @ [Redacted]. | 750, 00 $ |
2018-03-02 12:48:41 UTC | Redacted] Inherit the ownership of the domain [Redacted] Amazon S3 bucket is not claimed | 500, 00 $ |
28-02-2018 22:48:14 UTC | Vulnerability of multiple SQL injections in Redacted] | 2. 500, 00 $ |
2018-02-20 02:34:49 UTC | Secrets from Config/Secrets/Secrets. json found in Redacted (CloudFront authentication information, private key, server settings). | 500, 00 $ |
06-02-2018 17:40:24 UTC | Located in Django's P2P refiner table management panel@ [Redacted]. | 250, 00 $ |
06-02-2018 17:34:27 UTC | Redacted] Su b-domain acquisition | 4. 000, 00 $ |
2018-01-31 23:17:37 UTC | Acquire [Redacted] and [Redacted] sub domain via azure VM | 4. 000, 00 $ |
2018-01-31 14:59:44 UTC | AWS Credential disclosure via SSRF of Atlassian Confluence [Redacted] | 2. 500, 00 $ |
2018-01-24 15:11:23 UTC | Test scripts for PHP and phpmyadmin are available on the public web at [Redacted]: 81. | 200, 00 $ |
2018-01-05 07:00:59 utc | exposing AWS keys via SSRF in [redacted] leads to privileged AWS access | 10. 000, 00 $ |
2018-01-04 13:05:48 utc | getting domains/subdomains of [redacted] via Azure | 400, 00 $ |
2018-01-04 13:04:15 utc | [redacted] points to an IP address that no longer belongs to [redacted] | 200, 00 $ |
2017-12-27 16:15:40 utc | [redacted] ability to extract all uuids, emails, and first names of users via queries | 20. 000, 00 $ |
2017-12-11 17:46:11 utc | HTML injection via email to company name of [redacted] | 500, 00 $ |
2017-12-11 17:41:39 utc | Persistent XSS by [redacted] via subdomain hijacking | 500, 00 $ |
2017-11-28 15:57:33 utc | Unable to subscribe to [redacted] . s3. amazonaws. com due to incorrect S3 ACL | 400, 00 $ |
2017-11-24 11:32:26 utc | Elmah exposed by [redacted], exposing usernames, session details, and sensitive information | 800, 00 $ |
2017-11-21 00:48:14 utc | [redacted] ability to extract all uuids, emails, and first names of users via queries | 2. 500, 00 $ |
2017-11-14 18:30:11 utc | [redacted] ability to extract all uuids, emails, and first names of users via queries | 500, 00 $ |
2017-11-13 23:43:58 utc | Persistent XSS by [redacted] via subdomain hijacking | 500, 00 $ |
2017-10-23 11:10:21 utc | Administrative panel for OpenVPN exposed in [REDACTED] | 250, 00 $ |
2017-10-02 23:33:44 utc | Allows the ability to forward brute force event forwarding codes without limiting the interest rates imposed on [redacted] | 1. 150, 00 $ |
2017-08-29 16:33:52 utc 5. 000, 00 $ 2017-08-29 16:33:19 utc 5. 000, 00 $ 2017-08-29 16:32:25 utc 1. 500, 00 $ 2017-08-29 16:32:04 utc 1. 0, 00 $ 2017-08-29 16:31:24 utc 500, 00 $ 2017-08-29 16:31:04 utc 500, 00 $ 2017-08-29 16:30:45 utc 500, 00 $ 2017-08-29 16:30:25 utc 500, 00 $ 2017-08-29 16:30:05 utc 500, 00 $ 2017-08-29 16:29:44 utc 500, 00 $ 2017-08-29 16:29:22 utc 500, 00 $ 2017-08-29 16: 29:00 utc 500, 00 $ 2017-08-29 16:28:34 utc 500, 00 $ 2017-08-29 16:28:04 utc 500, 00 $ 2017-08-29 16:27:16 utc 100, 00 $ | ███████████ | 5. 000, 00 $ |
100, 00 $ | ██████████████ | 5. 000, 00 $ |
https: // Source code disclosure in [redacted] (including current mysql db credits). | ████████ | 1. 500, 00 $ |
2017-08-02 22:55:18 utc | ██████████ | 1. 500, 00 $ |
9. 000, 00 $ | ████████████ | 500, 00 $ |
https: // SQL injection in [redacted]/job. php. | ████████████ | 500, 00 $ |
2017-08-02 22:53:40 utc | █████████ | 500, 00 $ |
2. 000, 00 $ | ████████████ | 500, 00 $ |
SQL injection in https: // [redacted] /controls/pe/loaddata. | ██████████ | 500, 00 $ |
2017-07-28 12:58:25 utc | ████████████ | 500, 00 $ |
2. 000, 00 $ | █████████████ | 500, 00 $ |
Exposed [Redacted] statistics/ management team | █████████████ | 500, 00 $ |
2017-07-20 01:18:15 UTC | █████████████████ | 500, 00 $ |
400, 00 $ | ███████████ | 500, 00 $ |
Access to Git storage on QA machines on Redacted and Redacted reveals source code and production secrets. | ███████████ | 100, 00 $ |
2017-07-14 23:00:16 UTC | ███████████ | 100, 00 $ |
300, 00 $ | 2017-06-09 10:13:30 UTC | 1. 000, 00 $ |
250, 00 $ | 2017-06-05 09:42:55 UTC | Administrator access by disclosure of Credits to Grafana instance |
500, 00 $ | 2017-06-02 09:32:33 UTC | 2. 000, 00 $ |
1. 000, 00 $ | 2017-05-12 11:20:10 UTC | 2. 000, 00 $ |
1. 000, 00 $ | 2017-05-12 11:19:28 UTC | 2. 000, 00 $ |
250, 00 $ | 2017-05-12 11:18:36 UTC | 2. 000, 00 $ |
600, 00 $ | 2017-05-12 11:11:24 UTC | 500, 00 $ |
250, 00 $ | 2017-05-12 11:09:23 UTC | 400, 00 $ |
1. 500, 00 $ | 2017-05-12 11:07:07 UTC | 10. 000, 00 $ |
500, 00 $ | 2017-05-04 00:25:09 UTC | 300, 00 $ |
9. 500, 00 $ | 2017-05-04 00:24:11 UTC | 250, 00 $ |
2. 000, 00 $ | 2017-05-04 00:22:00 UTC | 500, 00 $ |
9. 500, 00 $ | 2017-04-21 04:00:55 UTC | 1. 000, 00 $ |
1. 000, 00 $ | 2017-04-21 04:00:00 UTC | 1. 000, 00 $ |
250, 00 $ | 2017-04-21 03:59:44 UTC | 250, 00 $ |
200, 00 $ | 2017-04-21 03:57:58 UTC | 600, 00 $ |
500, 00 $ | 2017-04-21 03:57:44 UTC | 250, 00 $ |
500, 00 $ | 2017-04-21 03:57:26 UTC | 1. 500, 00 $ |
500, 00 $ | 2017-04-21 03:47:11 UTC | 500, 00 $ |
1. 000, 00 $ | 2017-04-18 12:51:50 UTC | 9. 500, 00 $ |
250, 00 $ | 2017-04-18 12:47:29 UTC | 2. 000, 00 $ |
17. 500, 00 $ | 2017-04-17 23:09:26 UTC | 9. 500, 00 $ |
500, 00 $ | 2017-04-14 15:07:24 UTC | 1. 000, 00 $ |
500, 00 $ | 2017-04-14 03:13:46 UTC | 250, 00 $ |
9. 600, 00 $ | [redacted]'s multiple reflected XS | 200, 00 $ |
3. 100, 00 $ | 2017-04-14 03:08:36 UTC | 500, 00 $ |
1. 100, 00 $ | 2017-04-11 17:36:38 UTC | 500, 00 $ |
3. 000, 00 $ | 30-03-2017 00:53:31 UTC | 500, 00 $ |
150, 00 $ | 2017-03-21 19:31:45 UTC | 1. 000, 00 $ |
150, 00 $ | 2017-03-03 11:03:03 UTC | 250, 00 $ |
1. 800, 00 $ | 2017-03-03 11:01:13 UTC | XSS enabled by WordPress vulnerability [Readacted |
2. 000, 00 $ | 2017-03-01 20:58:14 UTC | 500, 00 $ |
3. 000, 00 $ | Allows the ability to forward brute force event forwarding codes without limiting the interest rates imposed on [redacted] | 500, 00 $ |
500, 00 $ | 2017-02-24 10:43:09 UTC | [Redacted] IIS short name disclosure vulnerabilities |
250, 00 $ | 2017-02-17 11:48:41 UTC | [READACTED] Vulnerable to IIS short names disclosure |
250, 00 $ | 17-02-2017 11:46:10 UTC | Redacted] Brute Force and WordPress management interface via XMLRPC. |
1. 000, 00 $ | 24-01-2017 00:05:33 UTC | 3. 000. 00 $ |
110, 00 $ | The Responsibility for Third Party Su b-Domain -[Redacted] EC2 IP is no longer controlled by [Redacted]. | Reflect XSS via FlashMediaElement. swf in Redacted]. |
2. 000, 00 $ | 19-01-2017 23:07:35 UTC | Reflect XSS via FlashMediaElement. swf in Redacted]. |
3. 300, 00 $ | 17-01-2017 23:24:01 UTC | 1. 800, 00 $ |
300, 00 $ | 2017-01-11 01:37:53 UTC | 2. 000, 00 $ |
3. 000, 00 $ | 23-12-2016 21:02:39 UTC | 3. 000. 00 $ |
4. 000, 00 $ | 2016-12-20 06:56:47 UTC | 500, 00 $ |
50, 00 $ | 16-12-2016 10:46:58 UTC | 250, 00 $ |
1. 000, 00 $ | 16-12-2016 10:46:58 UTC | 250, 00 $ |
250, 00 $ | 2016-12-09 11:21:36 utc | 1. 000, 00 $ |
750, 00 $ | 2016-12-09 11:20:18 utc | Critical - Performing administrative operations via identifiers on [REDACTED] - Dealing with leaderboards, etc. |
500, 00 $ | 2016-12-09 11:16:50 utc | 2. 000, 00 $ |
750, 00 $ | 2016-12-09 11:15:00 utc | EC2 owned by LucidPress Subdomains pointing to instances of [redacted] (*. lucidpress. com) |
750, 00 $ | 2016-12-09 11:13:10 utc | 300, 00 $ |
750, 00 $ | 2016-12-09 11:13:10 utc | 3. 000. 00 $ |
15. 000, 00 $ | 2016-11-29 10:49:02 utc | 4. 000, 00 $ |
750, 00 $ | 2016-11-29 10:48:37 utc | Information disk of internal moments |
250, 00 $ | 2016-11-28 14:10:40 utc | 1. 000, 00 $ |
250, 00 $ | 2016-11-18 11:52:25 utc | 250, 00 $ |
5. 000, 00 $ | 2016-11-18 11:49:29 utc | 750, 00 $ |
3. 000. 00 $ | 2016-11-18 11:47:47 utc | 500, 00 $ |
250, 00 $ | 2016-11-07 18:18:41 utc | 750, 00 $ |
2. 000, 00 $ | 2016-11-04 17:04:57 utc | 750, 00 $ |
750, 00 $ | 2016-11-04 16:50:25 utc | 750, 00 $ |
1. 200, 00 $ | 2016-11-03 11:58:18 utc | 15. 000, 00 $ |
250, 00 $ | 2016-10-31 15:46:05 utc | 750, 00 $ |
200, 00 $ | 2016-10-24 19:35:37 utc | 250, 00 $ |
1. 000, 00 $ | 2016-10-13 17:25:36 utc | 250, 00 $ |
1. 000, 00 $ | 2016-10-13 17:24:47 utc | 5. 000, 00 $ |
1. 000, 00 $ | 2016-10-13 17:22:22 utc | 3. 000. 00 $ |
2. 000, 00 $ | 2016-10-13 17:03:25 utc | 250, 00 $ |
1. 000, 00 $ | 2016-10-10 23:49:06 UTC | 2. 000, 00 $ |
100, 00 $ | 2016-09-19 19:35:18 UTC | 750, 00 $ |
500, 00 $ | 2016-09-13 20:44:44 UTC | Acquire [Redacted] sub domain via Amazon S3 bucket |
100, 00 $ | 2016-09-07 18:03:11 UTC | 250, 00 $ |
1. 000, 00 $ | 2016-09-04 00:38:19 UTC | 200, 00 $ |
1. 000, 00 $ | 2016-09-01 21:21:44 UTC | 1. 000, 00 $ |
100, 00 $ | 31-08-2016 20:32:42 UTC | 1. 000, 00 $ |
1. 000, 00 $ | 31-08-2016 12:56:29 UTC | 1. 000, 00 $ |
250, 00 $ | 31-08-2016 01:33:12 UTC | 2. 000, 00 $ |
3. 000, 00 $ | 2016-08-30 18:00:10 UTC | 1. 000, 00 $ |
50, 00 $ | 2016-08-29 16:15:09 UTC | 100, 00 $ |
25, 00 $ | 2016-08-23 17:06:26 UTC | 500, 00 $ |
50, 00 $ | 2016-08-23 15:43:27 UTC | 100, 00 $ |
75, 00 $ | 31-08-2016 12:56:29 UTC | 1. 000, 00 $ |
200, 00 $ | 2016-07-30 13:56:21 UTC | 1. 000, 00 $ |
25, 00 $ | 26-07-2016 20:35:16 UTC | 100, 00 $ |
350, 00 $ | 2016-07-25 21:01:07 UTC | 1. 000, 00 $ |
3. 000, 00 $ | 2016-07-14 01:27:21 UTC | 250, 00 $ |
100, 00 $ | 14-07-2016 00:40:57 UTC | 3. 000. 00 $ |
100, 00 $ | 14-07-2016 00:29:42 UTC | Information disk of internal moments |
100, 00 $ | 2016-07-11 14:18:03 UTC | Redacted] sub domain violation |
1. 000, 00 $ | Acquisition of [Redacted] sub domain via Heroku | Information disk of internal moments |
100, 00 $ | 04-07-2016 02:13:59 UTC | Third Party Su b-domain violation- [Redacted] IP EC2 is no longer controlled by [Redacted]. |
100, 00 $ | Redacted] Su b-domain acquisition | 200, 00 $ |
500, 00 $ | 2016-06-24 19:06:43 UTC | Redacted] sub domain violation |
1. 000, 00 $ | 2016-06-17 10:15:30 UTC | Remote Blue Tekable MySQL connection to Redacted] |
750, 00 $ | 2016-06-13 15:22:23 UTC | 3. 000. 00 $ |
250, 00 $ | 2016-06-03 10:22:34 UTC | 100, 00 $ |
3. 000. 00 $ | 2016-06-03 10:21:53 UTC | 100, 00 $ |
500, 00 $ | 2016-06-03 10:21:53 UTC | 100, 00 $ |
250, 00 $ | 2016-05-20 12:41:34 UTC | 1. 000, 00 $ |
1. 000, 00 $ | 2016-05-18 18:18:11 UTC | 100, 00 $ |
800, 00 $ | The Responsibility for Third Party Su b-Domain -[Redacted] EC2 IP is no longer controlled by [Redacted]. | 100, 00 $ |
1. 500, 00 $ | 2016-05-13 10:09:19 UTC | 500, 00 $ |
2. 500, 00 $ | 2016-05-13 10:08:42 UTC | 1. 000, 00 $ |
500, 00 $ | 2016-05-06 10:00:26 UTC | 750, 00 $ |
500, 00 $ | 2016-05-06 09:58:21 UTC | 250, 00 $ |
2. 000, 00 $ | 2016-04-26 09:47:31 UTC | 3. 000. 00 $ |
1. 750, 00 $ | The exact amount after calculating all payments in the table above is $ 635. 387. 47 on 1590 days (4 years and 4 months). This number is only a wheelalon platform, and I have never submitted a reward on other platforms measured in this blog post. I report most of the bugs to the Hackerone program. | 500, 00 $ |
If this amount is divided by the number of days, it is possible to immediately calculate that the average of about $ 400 per day will be about $ 400. If you work as a hig h-day consultant, you would have earned that amount or more, but the difference is that I earned all 6. 35 million yen under my condition. | You earned $ 6. 35 million under your own conditions. | 250, 00 $ |
In the table above, there were at least 62 errors that caused automation directly. This is equivalent to 18 % of the total number of bugs I reported in the past four years. This is a very interesting trajectory and prove that automation is one of the aspects that succeeds in finding safety issues. | These companies paid a considerable amount of money to block the attack surface. While earning that money and learning new technologies in the process, we have built as many workflows, techniques, tools, and methodology as possible in AssetNote. We succeeded in establishing an important player as an important player in the management field of the target area by converting the bug's generosity into a more likely business product. | 1. 000, 00 $ |
Most of the bugs were only possible by automated asset discovery, but still needed manual inspection and abuse. The discovery of larg e-scale assets has been an important pillar of my success. | In terms of criticality, there were 24 SQLIs, 22 SSRF, 20 IDOR, and at least 11 RCES. | 800, 00 $ |
Four years of hijacking Uber, I was able to understand their architecture and development methods deeply, and came up with the methodology of approaching their assets. This is an absolute key to my success, and other successful prize money should have a concrete way to approach the project. Regarding hacking, all companies are different. | In the last four years, I worked with a lot of people (although not in order) and learned a lot: | 1. 500, 00 $ |
I found a host and used all the techniques in terms of attack. Around that time, research was published that said if you had a machine, it was possible to achieve RCE via ViewState parameters, via insecure storage. | I asked Andre to help me, and he not only succeeded in leaking the machine, but also became one of the first people to create a tool to exploit this vulnerability. | 2. 500, 00 $ |
Joel - We worked together on Facebook through XXE in a vendor product. | I asked Joel for help in revoking a product from a vendor that had Facebook being targeted in a corporate domain. | 500, 00 $ |
I couldn't figure out why my exploit wasn't working. | Joel's experience when he came to Java was key to our success here. He went through the jar files, created an IntelliJ project, and fixed all the bugs. Then we worked step by step to fix the bugs. | 500, 00 $ |
Naffy-Yahoo helped me understand that the best attack against surface attacks is persistence | I've known Nafi for almost 10 years now, and the biggest thing I've learned from him is that any attack method can be broken with time and effort. In the early days of bug bounty, Nafi dominated the leaderboard of Yahoo's generosity program. | 2. 000, 00 $ |
What Nafi taught me is that with enough persistence and time, things will break, and you need to be observant to take advantage of this. | Sean - We've done countless things together. When we got into a tough situation where we were struggling to solve a problem due to technical complexity or lack of knowledge, Sean helped drive the proof of concept and helped with development. | Sean has been great at translating high-risk security issues into automation, which has led to many vulnerabilities we have discovered together. |
Analysis
OSCAR - I worked a lot with Oscar on Bounty during my time at Bishop Fox.
I used to talk to Oscar almost every day when I was at Bishop Fox. Oscar played a big role when he showed me how to improve the speed that DNA brute force can do.
While working with him, I found him to be incredibly energetic and above all a good human being. He contributed to many generous successes while I worked at Bishop Fox.~HUEY - We perfected my methodology together at Uber
JavaScript trackmaps are a great way to better understand the internals of a client-side application. I now look for sourcemap files whenever I find a JavaScript file, and that's because of Huey.
At Uber, we used SourcEmap files to better understand the GraphQL queries and API endpoints used by the Uber app and leverage them further. Huey helped me understand JavaScript better.
Anshuman - We tested source code together at a PayPal Live Hacking event.
At a recent live hacking event, we got hold of a CMS called Pencilblue that was being used by a particular target. Together we controlled the source code and attacked each other with different streams of the application's source code, and bonded over the speed of approaching the target.
Reece - Helped me turn stolen secrets into account takeovers
At a live hacking event, I discovered a Google cached page leaking credentials like secret keys. A development asset that outputs all the variables and secrets of the environment in plain text was proxied through NGROK, and Google was able to not only index it, but also store it with all the secrets.
After stealing these secrets from the cached copy, I asked Reece to help me prove the impact. Sure enough, without any interaction, he converted the tokens I stole into a redeemable account. Reece is also a very switched on person. He won Miles' live hacking event.
Matthias - Read more about our collaboration in the AssetNote blog post.
Collaboration
We used WebPagetest to gain access to Mozilla's internal AWS network.
- There should be more people who have been working together for many years, but I can't remember right away. What I want to say is that collaboration is really important in the development and success of bug rewards.
Also, don't ask someone to lose something for yourself. In all cases above, the success of the collaboration is that the first classification was performed by the parties. There was always the first foundation and concept shared by trust, which led to the cooperation of actual problems. Don't expect people to exploit things for you without presenting at least half of the chain and concept of exploitation.
As I mentioned in the first half of this presentation, my methodology still focuses on identifying assets owned by organizations on the Internet.
The speed of identifying assets and the discovery of content has been significantly improved. This is also due to the fundamental shift in the security scene of writing tools in Python and writing in Golang and Rust.
- We use this trend in AssetNote, and the main components of our platform, such as DNS resolva in the company, are rewritten by Huey and optimized.
What I noticed about the analysis of the attack surface is to extract information in a way that emphasizes relationships. For example, the output of a higher speed DNS tool is the worst. The following is how TRACERTEA taught DNS data:
0. Shopify. com -& amp; gt; shopify. com -& amp; 23. 227. Shopify. com -& amp; gt; toilet Shopify. com amp; gt; Toilet SHOPIFY. COM -& amp; gt; toilet Shopify. com- & amp; gt; Toilet shopific. com -& amp; ; gt; toilet Shopify. com-- & amp; gt; toilet. com -& amp; gt; toilet shopify. com- & amp; toilet shopific. com- & amp; Gt; Toilet SHOPIFY. COM p; gt; toilet shop. com -& amp; gt; toilet shopific. com -& amp; gt; toilet 23. 0. Shopify. com -& amp; gt; toilet Shopify. com -& amp; gt; 23.
If you look at thousands of assets at once, you have no idea how much this optimization will create. Regarding the analysis of this DNS data, the relationship between sources and destination can be identified immediately.
It's surprising that this simple has a big impact on me, but the same is true for color coding when displaying content discovery results. Most tools are still inadequate in this field, and anyone who has to take the time to find thousands of content discovery will soon be bored. In the end, I spend a lot of time finding a needle hole, but thanks to this color, it has become much easier.
In terms of methodology, the most impact on me is Uber.
- In the last four years, Uber has changed software development and deployment methods. In response to this change, it was very important to always think about the methodology to break through the attack surface. The constant evaluation of Internet assets was very effective, especially for larg e-scale attack surfaces.
Attacks are live, evolve, and sometimes complicated.
When I just started hacking with Uber, I saw services such as Redis and Haproxy (Admin Panel) directly on the Internet. At that time, it was trivial to discover such a security misunderstanding, so I thought it was an immature attack target. But over the years, they have evolved.
Recently, exposed services like Redis are not found in Uber's core attacks. This simply reflects the security of the app, and in terms of the entire attack target, the Uber process and compass are mature in the company.
- Instead, all Uber's internal and confidential assets are routed to OneLogin at the DNS level. In some cases, the protection of confidential assets has not been well protected, but again, but this is a very important reason to always monitor the attack surface.
Who knows? If someone protects assets for a short period of time or rotating confidential assets that OneLogin is forced, you may accidentally disable OneLogin. Perhaps it's because they are trying some changes, or not knowing what they are doing.
Always monitoring assets for security reports is an important part of my methodology and a reasons for receiving natively in AssetNote.
- Not all of the work I did for United Airlines bug rewards are included in this blog post, and I can't write much in detail due to the regulations of the reward program, but thanks to the attack target area. And I can say that I was able to improve my . NET application security test skills.
When I first saw the IIS server four years ago, I didn't know what to start with. Recently, general IIS servers have proved to be very successful.
In addition, there are many other things that I do when approaching the attack surface, so I plan to post more videos on the YouTube channel next year. If you have not yet, please register. )
- AssetNote's continuous security platforms bring the power of automatic identification and larg e-scale asset recognition in the hands of security teams around the world so that we can reproduce our methodology and successful cases. Knowing the assets and exposure to the attack is the key to blocking it, and we will do our best to support security teams around the world.
If you are having trouble tracking and monitoring assets, please contact us. < SPAN> All of the work I did for United Airlines bug rewards is not included in this blog post, and it is not possible to write much in detail because of the rules of the reward program Thanks to the area, I have been able to improve my . NET application security test skills.
When I first saw the IIS server four years ago, I didn't know what to start with. Recently, general IIS servers have proved to be very successful.
- In addition, there are many other things that I do when approaching the attack surface, so I plan to post more videos on the YouTube channel next year. If you have not yet, please register. )
AssetNote's continuous security platforms bring the power of automatic identification and larg e-scale asset recognition in the hands of security teams around the world so that we can reproduce our methodology and successful cases. Knowing the assets and exposure to the attack is the key to blocking it, and we will do our best to support security teams around the world.
- If you are having trouble tracking and monitoring assets, please contact us. Not all of the work I did for United Airlines bug rewards are included in this blog post, and I can't write much in detail due to the regulations of the reward program, but thanks to the attack target area. And I can say that I was able to improve my . NET application security test skills.
When I first saw the IIS server four years ago, I didn't know what to start with. Recently, general IIS servers have proved to be very successful.
In addition, there are many other things that I do when approaching the attack surface, so I plan to post more videos on the YouTube channel next year. If you have not yet, please register. )
- AssetNote's continuous security platforms bring the power of automatic identification and larg e-scale asset recognition in the hands of security teams around the world so that we can reproduce our methodology and successful cases. Knowing the assets and exposure to the attack is the key to blocking it, and we will do our best to support security teams around the world.
If you are having trouble tracking and monitoring assets, please contact us.
Methodology