Category: Bug Bounty

Secure your Jenkins instance or hackers will force you to! (Snapchat’s $5,000 Vulnerability)

After presenting “Doing Recon Like a Boss” at levelUp and releasing a blog post on HackerOne about the same topic, I decided to start looking for a few vulnerabilities on public programs to see if that methodology is still applicable to public programs. As a part of this I decided to look at Slack and Snapchat’s bug bounty programs and preforming my recon exactly as described in the talk.

Continue reading

Written by Comments Off on Secure your Jenkins instance or hackers will force you to! (Snapchat’s $5,000 Vulnerability) Posted in Bug Bounty