Hacking, AppSec, and Bug Bounty newsletter
2019-04-08 | FIN6 resurgence, Garden variety malware, and Reverse engineering iOS applications
Monday, April 8
New threat research by FireEye on threat actor FIN6 deploying new tactics that includes both Ryuk and LockerGoga Ransomware
TWEET OF THE DAY
Forget spamming XSS payloads. In my experience, goal based hacking has been extremely effective.
1. Click around and pay attention to how the product works.
2. Have an idea for a high impact, app specific goal.
3. Try literally everything you can possibly think of to achieve it.
OTHER ARTICLES WE’RE READING
SSRF + Path Tranversal = Account Takeover blog by @ngalongc
Garden variety malware (pun intended).
Reverse engineering iOS applications, 5-module course by Ivan Rodriguez
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
A Bug Bounty is a really important part of the lifecycle, because things that we found, using external researchers, as supporting us can actually be encoded in our automation systems. So we can actually learn from those things that we've seen in the past, and actually directly apply those into our systems internally.