Hacking, AppSec, and Bug Bounty newsletter
2019-03-13 | Pentest active directory part II, SANS’ top cybersecurity journalist awardees, and When your dormant blind XSS payload pops
Wednesday, March 13
Hausec’s pentest active directory part II, great stuff here.
TWEET OF THE DAY
When your blind XSS payload you planted a year ago pops. - @IamMandatory
OTHER ARTICLES WE’RE READING
Switzerland Post Office, overseeing the e-voting project, posted an update on their site, tl;dr “sorry this happened, the vendor didnt fix this issue since 2017, but were good now”.
Motherboard’s Joseph Cox got approached by a Saudi cybersecurity company to buy zero day exploits
Krebs reviews patch Tuesday, March 2019 edition
WSJ [paywall] reports about a review that the US Navy, Industry Partners Are ‘Under Cyber Siege’ by China-backed APT groups.
SANS’ chose their top cybersecurity journalist awardees, congrats to all! Read their stuff, they do important work: @bing_chris, @josephfcox, @a_greenberg, @kjhiggins, @JennaMC_Laugh, @bobmcmillan, @nakashimae, @FYRashid, @dnvolz, @KimZetter, @kashhill, @lilyhnewman, and @ZackWhittaker.
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Someone once said that electronic voting is like having the threat model of the CIA, with the budget of the Post Office.