Hacking, AppSec, and Bug Bounty newsletter
2017-06-19 | Cybersecurity badges, RTFM.py, and a $50K bounty
Monday, June 19
Have a great week!
Cybersecurity? Yeah, there’s a badge for that. The Girl Scouts announced that they are offering the badge along with 17 other new badges. This in response to a survey of members who highlighted technical training as a top desire. Sylvia Acevedo couldn’t be prouder.
SQL injection vulnerability on a DoD website [6 upvotes] - no bounty for this report to the U.S. Dept Of Defense by @korpit. Hacker was able to demonstrate this vulnerability by crafting a specially formatted URL.
Completed Compromise & Source Code Disclosure via Exposed Jenkins Dashboard at https://jenkins101.udemy[dot]com [34 upvotes] - $300 bounty for this report to Udemy by @n0rb3r7. Old report, but recently disclosed. Usage of CVSS calculator, and quick triage by team.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
OTHER ARTICLES WE’RE READING
The red team field manual cheat sheet: rtfm.py
EU Parliament panel supports end-to-end encryption
$50K sounds good: Ethereum’s Status Network Token Bug Bounty
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
Everything you’re doing on the internet is going through the CIA.