ZERO DAILY

Hacking, AppSec, and Bug Bounty newsletter

2019-08-13 | Taviso goes down the rabbit hole, Orange’s Pre-auth RCE on Twitter VPN, and Web cache poisoning by albinowax

Tuesday, August 13, 2019

Took a bit of a break for security summer camp, back at it this week for a jam-packed Zero Daily for ya. 

TOP STORY

  • From @taviso: I’m publishing some 🔥 research today, a major design flaw in Windows that's existed for almost *two decades*. I wrote a blog post on the story of the discovery all the way through to exploitation. Repo of code and tools used

HACKTIVITY HIGHLIGHTS

OTHER ARTICLES WE’RE READING

ABOUT ZERO DAILY

Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne. 

Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?

Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com
 

Hi, we have cracked the admin hash and got the root shell. This is definitely a Pre-auth RCE on your SSL VPN server

Orange Tsai