Hacking, AppSec, and Bug Bounty newsletter
2017-05-08 | AMT part deux, Big Mac attack, and #hackerlife
Monday, May 8
Happy Monday. Make it a great week!
Intel’s AMT vuln part deux. Here’s the vulnerability explained in 2 paragraphs. Downclimb has good notes on disabling AMT and there’s a GitHub repo by researcher Bart Blaze which is based on Intel’s mitigation guide.
open xxxect at https://projects.invisionapp.com [16 upvotes] - $100 bonus for this report to Invision by @seifelsallamy. A long standing back and forth with collaboration between hacker and security team. Hacker revisits bug stream, finds XSS, and forgotten vbscript, gets a bonus!
Ode to the use-after-free: one vulnerable function, a thousand possibilities - blog post by our boy, @scarybeasts.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity.
TWEET OF THE DAY
I think @natashenka and I just discovered the worst Windows remote code exec in recent memory. This is crazy bad. Report on the way. - @taviso
OTHER ARTICLES WE’RE READING
Big Mac attack. Literally.
You are only as strong as your weakest link.
Curiosity is why phishing will always be a thing.
Hack a rival university, get arrested. Hack United Airlines, get 15 million miles. Graduate from college, go work for Amazon. #hackerlife
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
“The issue of cybersecurity is often shrouded in mystique. We view that as unhelpful because there are all sorts of different attacks with different motivations and levels of sophistications – you need to think about it in that disaggregated way in order to tackle it.”
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty solutions encompass vulnerability assessment, crowdsourced security testing and responsible disclosure management. Discover more about our hacker powered security testing solutions or Contact Us today.