ZERO DAILY

Hacking, AppSec, and Bug Bounty newsletter

2017-05-08 | AMT part deux, Big Mac attack, and #hackerlife

Monday, May 8

Happy Monday. Make it a great week!

TOP STORY

HACKTIVITY

  • open xxxect at https://projects.invisionapp.com [16 upvotes] - $100 bonus for this report to Invision by @seifelsallamy. A long standing back and forth with collaboration between hacker and security team. Hacker revisits bug stream, finds XSS, and forgotten vbscript, gets a bonus!

Ode to the use-after-free: one vulnerable function, a thousand possibilities - blog post by our boy, @scarybeasts.

You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity.

TWEET OF THE DAY

  • I think @natashenka and I just discovered the worst Windows remote code exec in recent memory. This is crazy bad. Report on the way. - @taviso

OTHER ARTICLES WE’RE READING

ABOUT ZERO DAILY

Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.

Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?

Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com

Get this email forwarded to you? Click here to subscribe to the Zero Daily

 

“The issue of cybersecurity is often shrouded in mystique. We view that as unhelpful because there are all sorts of different attacks with different motivations and levels of sophistications – you need to think about it in that disaggregated way in order to tackle it.”

Ciaran Martin