Hacking, AppSec, and Bug Bounty newsletter
2019-07-16 | Insta race condition, Single WAF rule broke Cloudflare, and HBD Google’s Project Zero
Tuesday, July 16, 2019
Single WAF rule broke Cloudflare, wonderful post by John Graham-Cumming. Check the Appendix: About Regular Expression Backtracking for technical details
TWEET OF THE DAY
Thread on learnings from $15K critical SSRF by @nbahoragg
OTHER ARTICLES WE’RE READING
Cracking windshields, firing XSS payloads. Nice writeup by @zlz on a Tesla report.
In this week’s rendition of “Tom’s tips”, we review the reasons for not going out of scope
Insta race condition, $30K bug
Tool alert: silver, a cross-platform implant framework that supports C2 over Mutual-TLS, HTTP(S), and DNS by Bishop Fox’s @LittleJoeTables
Turla back with Topinambour malware per research by Kaspersky
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
One of the agents responding to my cracked windshield fired my XSS hunter payload from within the context of the “[redacted]” domain.
This was super exciting.