Hacking, AppSec, and Bug Bounty newsletter
2018-05-24 | VPNFilter, Distilling packet captures using Suricata, and So you want to be a web security researcher?
Thursday, May 24
Sofacy botnet targeted by FBI ahead of suspected VPNFilter malware attack targeted at Ukraine reports Reuters. Known devices affected by VPNFilter are Linksys, MikroTik, NETGEAR and TP-Link networking equipment according to the Talos blog.
SSRF in Exchange leads to ROOT access in all instances [118 upvotes] - $25,000 bounty for this report to Shopify by @0xacb.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
OTHER ARTICLES WE’RE READING
Unicode analyzer and zero width spaces 101 by @swiftonsecurity
James Kettle from Portswigger penned a blog: So you want to be a web security researcher?
How to distill packet captures using Suricata, Bro, and PRADS by Chris Sanders. Part 3 in a blog series dedicated to analyzing large PCAPs.
The curious case of encrypted URL parameters blog by Silent Signal - “when the entropy is high and the parameter is called enc, things get interesting pretty fast.”
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: email@example.com
Get this email forwarded to you? Click here to subscribe to the Zero Daily
Wait, are we supposed to get up really early this Friday for a GDPR viewing party, or was that only for the Royal Wedding? Asking for a friend...
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.