6 Valuable Lessons I Learned Working for A Cybersecurity Startup
Ever wondered what it’s like to work at one of the fastest growing cybersecurity start ups in the world? In this blog post I share 6 life lessons I have learned from working at the #1 most popular bug bounty platform, HackerOne.
Chaining Multiple Vulnerabilities to Gain Admin Access
In April of this year I participated in a private program on HackerOne that was vulnerable to a series of IDOR that led to a complete takeover of an application. Unfortunately because this is a private program, I cannot disclose the name or company related information per their request. However I wanted to share the details on how I escalated my basic privileges from a regular “customer” account to an admin user.
Secure your Jenkins instance or hackers will force you to! (Snapchat’s $5,000 Vulnerability)
After presenting “Doing Recon Like a Boss” at levelUp and releasing a blog post on HackerOne about the same topic, I decided to start looking for a few vulnerabilities on public programs to see if that methodology is still applicable to public programs. As a part of this I decided to look at Slack and Snapchat’s bug bounty programs and preforming my recon exactly as described in the talk.