Hacking, AppSec, and Bug Bounty newsletter
2019-04-17 | Who is Lucas Lambert, SentinalOne on domain fronting, and Bad bots report 2019
Wednesday, April 17
Private spy, Lucas Lambert, targeted critics of Kaspersky Lab reports AP News. Journalist who penned the piece, Raphael Satter, has a detailed thread about the connections to Citizen Lab stings and other shenanigans by what appears to be the same person/group.
TWEET OF THE DAY
When people ask you why you take time to bang out a full PoC for a bug you've filed internally. - @IAmMandatory
OTHER ARTICLES WE’RE READING
SentinelOne on domain fronting: it’s benefits and why it’s dying. Teaser at the end for encrypted SNI, a proposed extension to TLS 1.3 that is intended to solve the problems domain fronting was used for.
Reverse-engineering Broadcom wireless chipsets detailed post by Quarkslabs and a productive intern.
Sage and sharer of the bug bounty scripts: TomNomNom’s got a “thinly veiled #bugbountytip that is actually a #linuxtip.” :smile: :heart:
Distil Networks’ bad bots report 2019 edition. Bad bots accounted for 20% of traffic in 2018, and financial sector is most targeted.
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: email@example.com
You ever misspell commands so often that you just alias the misspelling?