ZERO DAILY

Hacking, AppSec, and Bug Bounty newsletter

2018-11-19 | Authentication bypass in NodeJS application by bl4de, Active Directory kill chain attack and defense, and Hack the planet

Monday, November 19

TOP STORY

TWEET OF THE DAY

  • Call comes in:

    “Hi this is Telstra, we need to verify your identity”
    “Sure, can you verify your identity first?”
    “Uh, we’re Telstra”
    “Ah, but that’s not how this is going to work, can you verify my account information”
    “But we need to verify you first!”

    Yeah, nah, bye! - @troyhunt

OTHER ARTICLES WE’RE READING

ABOUT ZERO DAILY

Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.

Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?

Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com

The idea of "encryption at rest" in large cloud providers always struck me as focusing on the wrong things. If someone breaks into an AZ, steals the drives, escapes alive with them, reconstitutes them all and gets my data, I kinda think they deserve it?

Corey Quinn