Hacking, AppSec, and Bug Bounty newsletter
2018-06-06 | Ret2 Systems Pwn2Own vulnerability write up part 1, Cartoon intro to DNS over HTTPS, and Recon advice and tools from Sahil
Wednesday, June 6
Pwn2Own competitors, Ret2 Systems released The Exploit Development Lifecycle, From A to Z(ero Day, part 1 in a blog series that “will document a methodical approach to the discovery and exploitation of these vulnerabilities.” Apple reportedly fixed their #Pwn2Own vulnerabilities last week.
Exploiting JSONP callback [21 Upvotes] - $50 bounty for this report to Liberapay by @kapytein.
TWEET OF THE DAY
"What do you do?"
- "I'm an ethical hacker."
"Wow so you can hack ANYTHING?"
- "Technically it's not that easy, you need to..."
"Please hack my ex's facebook account!"
- "Even if that was legal I..."
"Hey can you fix my computer?"
- ಠ_ಠ - @securinti
OTHER ARTICLES WE’RE READING
A cartoon intro to DNS over HTTPS by Mozilla’s Lin Clark
The Atlantic Council’s https://disinfoportal.org/ tracks Russian disinformation efforts around the globe.
Google announces easier way for Android devs to send end-to-end encryption for push messages
Ten step recon with tools tools tools by @ehsahil
More on election security threats from DHS’ Matthew Masterson in Cyberscoop
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
You can enable DNS over HTTPS in Firefox today, and we encourage you to. We’d like to turn this on as the default for all of our users. We believe that every one of our users deserves this privacy and security, no matter if they understand DNS leaks or not.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.