Hacking, AppSec, and Bug Bounty newsletter
2019-08-27 | Speak hexadecimal with ease, The Rashomon of Disclosure, and How do you take your bug bounty notes?
Tuesday, August 27, 2019
Defamation magazine brings you hanky code for hexadecimal, circa 1968.
TWEET OF THE DAY
Some days you're the vuln. Some days you're the exploit. - @blackroomsec
OTHER ARTICLES WE’RE READING
A topic at a recent Hacker Couch stream, and @fisher asks the twitters, how do you take your #bugbounty notes?
Got RCE or SSRF inside an AWS Lambda function? Spencer’s got ya covered.
Disclosure is anything but simple - @halvarflake provides an even take in a recent blog post, The Rashomon of Disclosure.
MalwareTech’s DejaBlue Analysis
Vigilance is required: Scott Piper tweeting that there are bots repeatedly try to spin up EC2s on flaws.cloud every single second with stolen access keys, hoping he slips up and grants unnecessary privs.
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
People that claim there is an easy and obvious path to go about security vulnerability disclosure have either not thought about it very hard, or have sufficiently strong incentives to self-delude that there is one true way.