[email protected] 2020: Beyond the Borders of Scope

Дата: 10.08.2020. Автор: CISO CLUB. Категории: Подкасты и видео по информационной безопасности

In this session, Jr0ch17 talks about a somewhat controversial topic in bug bounty: looking at out-of-scope assets. This is not about doing actual hacking on those out-of-scope assets, it’s about doing recon on them in special ways in order to find bugs on the in-scope assets. The recon that he does uses a few techniques/tricks that he’s been doing for a while which have resulted in him finding some bugs in programs’ core applications. As a matter of fact, with the help of that recon, he’s never gotten a single duplicate yet so it definitely is an unexplored area. I will go through each technique or trick and show an example of a bug I’ve found. Some as simple as a reflected XSS (actually not that simple) and some with higher impact like RCE and information disclosure.

CISO CLUB

Об авторе CISO CLUB

Редакция CISO CLUB. Официальный аккаунт. CISO CLUB - информационный портал и профессиональное сообщество специалистов по информационной безопасности.
Читать все записи автора CISO CLUB

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *