ZERO DAILY
Hacking, AppSec, and Bug Bounty newsletter
2019-03-18 | Jobert’s Unescape Room XSS game, How to get started pentesting, and Security Voices Podcast
Monday, March 18
TOP STORY
-
Katarina Borodina wrote a thing on how to get started pentesting, good overview to share with friends looking to break into the biz #longlivetheredteam. And on the pentester motif, check out PowerHub by Adrian Vollmer: web application which aids a pentester in transferring files, in particular code which may get flagged by endpoint protection.
HACKTIVITY HIGHLIGHTS
-
[Grab Android/iOS] Insecure deeplink leads to sensitive information disclosure [133 upvotes] - $7,500 bounty for this report to Grabtaxi Holdings by @bagipro
-
Exfiltrate and mutate repository and project data through injected templated service [462 upvotes] - $11,000 bounty for this report to GitLab by @jobert
TWEET OF THE DAY
-
Hackers, I've built a small game that helps improve your XSS skills! It dynamically generates (increasingly more difficult) levels for you to exploit XSS vulnerabilities. No level is the same. Let me know what you think. Happy hacking! - @jobertabma
OTHER ARTICLES WE’RE READING
-
Security Voices Podcast: Jack and Dave talk security with other smart people like Wendy Nather, Zane Lackey, and Carey Nachenberg
-
CVE-2019-5418 - File Content Disclosure in Action View, time to write a Burp plugin
-
Sector:443’s Python for Reverse Engineering #1: ELF Binaries
-
Politico looks at Beto O'Rourke history of stances on cyber issues
-
Googling strangers, professor’s game with students highlights importance of OpSec in every day life
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com
If I don’t skateboard through Bally’s hallway with @BetoORourke at @defcon this year I’m going to be disappointed.