ZERO DAILY

Hacking, AppSec, and Bug Bounty newsletter

2018-11-08 | Zero Day in VirtualBox, Google’s OSS fuzz has found over 9k bugs, and WooCommerce RCE

Thursday, November 8

TOP STORY

TWEET OF THE DAY

  • My #pwn2own exploit chain from this year, essentially 3 logic bugs to go from Safari to kernel on macOS up to 10.13.3, is now open source: https://github.com/saelo/pwn2own2018 …. The README also links to a few slide decks which contain some more background information :) - @5aelo

OTHER ARTICLES WE’RE READING

ABOUT ZERO DAILY

Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.

Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?

Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com

I used Chrome F12 to edit an internal system to make it look the way I proposed for an email, and the system owner sent a group email saying no changes are allowed on production systems without change control.

They thought I edited the server.
I said they were simulated pictures

@SwiftOnSecurity