Hacking, AppSec, and Bug Bounty newsletter
2019-09-12 | SBOM, 10K bug in Chrome, and CORS CORS CORS
Thursday, September 12, 2019
The times they are a changin. New hacker community role for your Editor, means new flair coming soon with Zero Daily. Expect more hacker stories, profiles, hacktivity highlights, CTF writeups, and poc data you wont get anywhere else. For now, we stick with our regularly scheduled programming.
TWEET OF THE DAY
What was the first vulnerability you exploited?
(Can be from a Bug bounty, CTF, DVWA, etc)
I think mine was Weiner’s Attack against RSA for PicoCTF.
ARTICLES WE’RE READING
Software bill of materials apostle Allan Friedman recommend this Ars Technica article by Dan Goodin on open-source attacks and the increasing risks to the supply chain.
Articles on CORS, CORS, CORS.
Michal Bentkowski inspected the new portal <portal> element in Chrome a few months ago and it resulted in a few interesting bugs, including SOP bypass and arbitrary file read in Chrome ($10k bounty).
Congrats to all the WCTF winners and their amazing team names: Whitzard, Plaid Parliament of Pwning, $wag, mhackeroni, Azure Assassin Alliance, BurpFiction and PpwnPHOfun.
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
The Enigma Machine was one of the centerpoints of World War II, and its cryptanalysis was one of the stepping stones from breaking codes as an art to cryptography as a science.