Hacking, AppSec, and Bug Bounty newsletter
2018-01-19 | Enterprise implementation of bug bounty, RCE on Medfusion 4000, and Technical details of a Pixel remote exploit chain
Friday, January 19
Greetings from D.C. where we are in town for ShmooCon. Come have a drink on us.
See a playbook on enterprise implementations of bug bounty programs
Information Disclosure and Privilege Escalation [5 upvotes] - $750 bounty for this report to Inflection by @hackedbrain.
Reflected XSS using Header Injection [9 upvotes] - $100 bounty for this report to SEMrush by @inferno-
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
TWEET OF THE DAY
How does your network look like? ^_^ - @evilsocket
OTHER ARTICLES WE’RE READING
How MailChimp was leaking your email address
Mario & Luigi at light speed (in camera speak that is).
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: email@example.com
Get this email forwarded to you? Click here to subscribe to the Zero Daily
I started a bug bounty program at a fortune 500 global financial services company. This paper reflects the research used to justify the program, the project to implement it, operational processes in use, and lessons learned along the way.