Hacking, AppSec, and Bug Bounty newsletter
2018-08-31 | Hacktivity highlights, RCE on SharePoint, and Motherboard’s InfoSec journalists host a Reddit AMA
Friday, August 31
RCE on SharePoint by Bypassing Workflows Protection Mechanisms CVE-2018-8284 advisory by ncc group
Insecure Infrastructure Integrations YML Loading leads to Windows Privilege Escalation [47 upvotes] - $2,500 bounty for this report to New Relic by @fbogner.
Remote code execution by hijacking an unclaimed S3 bucket in Rocket.Chat's installation script. [17 upvotes] - no bounty for this report to Rocket.Chat by @edoverflow.
OTHER ARTICLES WE’RE READING
Burp Suite Enterprise beta version launched today
That Huazhu Hotels Group Ltd breach number is 130 million customers per Bleeping Computer
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: email@example.com
The thing is, optimizing is all about either maximizing or minimizing something, which in computer terms are the same. So what is the opposite of an optimization, ie the least optimal case, and how do we identify and measure it? The question we need to ask, which we never do, is: ‘What’s the most extreme possible behavior in a system I thought I was optimizing?’
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.