Bug Bounty Shorts<p>This article outlines a method for performing reconnaissance, a crucial step in ethical hacking and cyber attacks. It involves the use of various Open Source Intelligence (OSINT) tools such as subfinder, amass, httpx-toolkit, waybackurls, Katana, and gauplus to discover, verify, and enumerate subdomains of a target system. By gathering this information, an attacker can better understand their target and potentially exploit vulnerabilities. <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/BugBounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BugBounty</span></a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a></p><p><a href="https://osintteam.blog/how-i-do-recon-d24bea0ff421?source=rss------bugbounty-5" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">osintteam.blog/how-i-do-recon-</span><span class="invisible">d24bea0ff421?source=rss------bugbounty-5</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
mastodon.ie is one of the many independent Mastodon servers you can use to participate in the fediverse.
Irish Mastodon - run from Ireland, we welcome all who respect the community rules and members.
Administered by:
Server stats:
1.8Kactive users
mastodon.ie: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#bugbounty
5 posts · 5 participants · 0 posts today
Bug Bounty Shorts<p>This article discusses a troubling trend in the bug bounty industry, where companies are rejecting valid vulnerability reports, silently patching them without acknowledgment or payment, blocking ethical hackers, and removing monetary rewards. The takeaway is that this practice could drive away security researchers, leaving corporations vulnerable to exploits. Use <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/BugBounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BugBounty</span></a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> to follow the conversation.</p><p><a href="https://medium.com/@krivadna_87390/the-dark-side-of-bug-bounty-from-rewards-to-punishment-544a1a6f526e?source=rss------bugbounty-5" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">medium.com/@krivadna_87390/the</span><span class="invisible">-dark-side-of-bug-bounty-from-rewards-to-punishment-544a1a6f526e?source=rss------bugbounty-5</span></a></p>
The New Oil<p><a href="https://mastodon.thenewoil.org/tags/OpenAI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenAI</span></a> now pays researchers $100,000 for critical vulnerabilities</p><p><a href="https://www.bleepingcomputer.com/news/security/openai-now-pays-researchers-100-000-for-critical-vulnerabilities/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/openai-now-pays-researchers-100-000-for-critical-vulnerabilities/</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.thenewoil.org/tags/BugBounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BugBounty</span></a></p>
Bug Hunter Cat<p>Best source of infosec and cybersecurity news and information? (Social Media)<br>It is to evaluate which one I choose as my main one.<br><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a> <a href="https://infosec.exchange/tags/bugbounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bugbounty</span></a> <a href="https://infosec.exchange/tags/webappsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>webappsecurity</span></a></p>
Pyrzout :vm:<p>OpenAI Bug Bounty Program Increases Top Reward to $100,000 – Source:hackread.com <a href="https://ciso2ciso.com/openai-bug-bounty-program-increases-top-reward-to-100000-sourcehackread-com/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ciso2ciso.com/openai-bug-bount</span><span class="invisible">y-program-increases-top-reward-to-100000-sourcehackread-com/</span></a> <a href="https://social.skynetcloud.site/tags/1CyberSecurityNewsPost" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>1CyberSecurityNewsPost</span></a> <a href="https://social.skynetcloud.site/tags/artificialintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>artificialintelligence</span></a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurityNews</span></a> <a href="https://social.skynetcloud.site/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://social.skynetcloud.site/tags/BugBounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BugBounty</span></a> <a href="https://social.skynetcloud.site/tags/Hackread" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Hackread</span></a> <a href="https://social.skynetcloud.site/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://social.skynetcloud.site/tags/Chatgpt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Chatgpt</span></a> <a href="https://social.skynetcloud.site/tags/OpenAI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenAI</span></a> <a href="https://social.skynetcloud.site/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AI</span></a></p>
Pyrzout :vm:<p>OpenAI Bug Bounty Program Increases Top Reward to $100,000 <a href="https://hackread.com/openai-bug-bounty-program-increases-top-reward/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">hackread.com/openai-bug-bounty</span><span class="invisible">-program-increases-top-reward/</span></a> <a href="https://social.skynetcloud.site/tags/ArtificialIntelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ArtificialIntelligence</span></a> <a href="https://social.skynetcloud.site/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://social.skynetcloud.site/tags/BugBounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BugBounty</span></a> <a href="https://social.skynetcloud.site/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> <a href="https://social.skynetcloud.site/tags/ChatGPT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ChatGPT</span></a> <a href="https://social.skynetcloud.site/tags/OpenAI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenAI</span></a> <a href="https://social.skynetcloud.site/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AI</span></a></p>
Hackread.com<p>New: OpenAI Bug Bounty program boosts max reward to $100,000, expanding scope and offering new incentives to enhance AI security.</p><p>Read: <a href="https://hackread.com/openai-bug-bounty-program-increases-top-reward/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">hackread.com/openai-bug-bounty</span><span class="invisible">-program-increases-top-reward/</span></a></p><p><a href="https://mstdn.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mstdn.social/tags/OpenAI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenAI</span></a> <a href="https://mstdn.social/tags/ChatGPT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ChatGPT</span></a> <a href="https://mstdn.social/tags/BugBounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BugBounty</span></a> <a href="https://mstdn.social/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AI</span></a></p>
r1cksec<p>A writeup about extracting YouTube creator Emails🕵️♂️ </p><p><a href="https://brutecat.com/articles/youtube-creator-emails" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">brutecat.com/articles/youtube-</span><span class="invisible">creator-emails</span></a></p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/osint" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>osint</span></a> <a href="https://infosec.exchange/tags/bugbounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bugbounty</span></a></p>
Konstantin :C_H:<p>With <a href="https://infosec.exchange/tags/CVE_2025_29927" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE_2025_29927</span></a>, Next.js has now suffered its second major vulnerability in just three months, following <a href="https://infosec.exchange/tags/CVE_2024_51479" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE_2024_51479</span></a>.</p><p>I originally built CVE Crowd with <a href="https://infosec.exchange/tags/NextJS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NextJS</span></a>.</p><p>However, as the application became more complex (especially with authentication), I decided to switch to a framework I was more familiar with.</p><p>Honestly, I’m feeling a bit relieved about that right now...</p><p><a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Pentesting</span></a> <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AppSec</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/BugBounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BugBounty</span></a> <a href="https://infosec.exchange/tags/Hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Hacking</span></a> <a href="https://infosec.exchange/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE</span></a> <a href="https://infosec.exchange/tags/CVECrowd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVECrowd</span></a></p>
Bug Bounty Shorts<p>In this article, we delve into advanced cryptographic vulnerabilities, using real-world case studies as examples. Learn about Side-Channel Attacks – exploits that target timing, power consumption, and electromagnetic emissions to extract secret keys. Gain expert security recommendations on how to fortify your cryptographic implementations against such attacks. <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/BugBounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BugBounty</span></a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a></p><p><a href="https://cyberw1ng.medium.com/cryptographic-failures-advanced-insights-and-real-world-attacks-bb6230f9f5be?source=rss------bugbounty-5" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cyberw1ng.medium.com/cryptogra</span><span class="invisible">phic-failures-advanced-insights-and-real-world-attacks-bb6230f9f5be?source=rss------bugbounty-5</span></a></p>
Teri Radichel<p>Seeking signs of <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> posts on this platform. Or information on <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a> <a href="https://infosec.exchange/tags/bugbounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bugbounty</span></a> what’s causing <a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>databreach</span></a> es and how to stop them.</p>
B'ad Samurai 🐐<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@cR0w" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>cR0w</span></a></span> If you're in a BB program like Hacker1, they are very quick to claim these. Often -1 to +1 day my tooling will.</p><p>If your org suffers this often, I do recommend including it within the scope of your BB program*</p><p>*First must start a BB program </p><p><a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dns</span></a> <a href="https://infosec.exchange/tags/bugbounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bugbounty</span></a></p>
Marduk_James :verified_paw:<p>It's been a while but here is another SQLi lab. Enjoy!</p><p><a href="https://medium.com/@marduk.i.am/sql-injection-union-attack-retrieving-multiple-values-in-a-single-column-d6c6d91be74d" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">medium.com/@marduk.i.am/sql-in</span><span class="invisible">jection-union-attack-retrieving-multiple-values-in-a-single-column-d6c6d91be74d</span></a></p><p><a href="https://infosec.exchange/tags/BugBounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BugBounty</span></a> <a href="https://infosec.exchange/tags/bugbountytips" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bugbountytips</span></a> <a href="https://infosec.exchange/tags/SQL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SQL</span></a> <a href="https://infosec.exchange/tags/SQLI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SQLI</span></a> <a href="https://infosec.exchange/tags/injection" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>injection</span></a> <a href="https://infosec.exchange/tags/informationsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>informationsecurity</span></a> <a href="https://infosec.exchange/tags/PortswiggerLabs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PortswiggerLabs</span></a></p>
Dyne.org foundation<p>At Dyne.org, we prioritize privacy & security. </p><p>Researchers & hackers are encouraged to search for & disclose vulnerabilities in our stack. Responsibly reported bugs are rewarded. Check out our bounty program. </p><p>🔗 <a href="https://security.dyne.org/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">security.dyne.org/</span><span class="invisible"></span></a></p><p><a href="https://toot.community/tags/BugBounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BugBounty</span></a></p>
Bug Hunter Cat<p>90% of code will be writen by AI, they say...<br>And Bug Bounty Hunters...<br>😅😅😅😅😅😅</p><p><a href="https://infosec.exchange/tags/ai" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ai</span></a> <a href="https://infosec.exchange/tags/aicoding" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>aicoding</span></a> <a href="https://infosec.exchange/tags/programming" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>programming</span></a> <a href="https://infosec.exchange/tags/bugbounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bugbounty</span></a> <a href="https://infosec.exchange/tags/bugbounties" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bugbounties</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/BugBountyHunters" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BugBountyHunters</span></a></p>
The New Oil<p><a href="https://mastodon.thenewoil.org/tags/Google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Google</span></a> paid $12 million in bug bounties last year to security researchers</p><p><a href="https://www.bleepingcomputer.com/news/security/google-paid-12-million-in-bug-bounties-last-year-to-security-researchers/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/google-paid-12-million-in-bug-bounties-last-year-to-security-researchers/</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.thenewoil.org/tags/BugBounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BugBounty</span></a></p>
Konstantin :C_H:<p>I'm excited to share CVE Crowd's Top 5 Vulnerabilities from February 25!</p><p>These five stood out among the 352 CVEs actively discussed across the Fediverse.</p><p>For each CVE, I’ve included a standout post from the community.</p><p>Enjoy exploring! 👇</p><p><a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Pentesting</span></a> <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AppSec</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/BugBounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BugBounty</span></a> <a href="https://infosec.exchange/tags/Hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Hacking</span></a> <a href="https://infosec.exchange/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE</span></a> <a href="https://infosec.exchange/tags/CveCrowd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CveCrowd</span></a></p>
0xceba<p>after a lengthy concept review, code review, and QA process, PortSwigger has published the Burp Variables extension to the BApp Store! if you do API testing from Burp, you should look into this productivity extension which allows you to store and reuse variables in your outgoing requests, similar to other API testing clients like Postman and Insomnia. this is a productivity boon because it gives you single place to update ephemeral credential/token values and it helps you keep track of your identifiers & credentials which minimizes false positives. to learn more:</p><p>- install the extension from the BApp Store<br>- see more details at the BApp Store page: <a href="https://portswigger.net/bappstore/27f89b068a3045649d4df77a863209c1" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">portswigger.net/bappstore/27f8</span><span class="invisible">9b068a3045649d4df77a863209c1</span></a><br>- review the source code at the extension's source repo: <a href="https://github.com/0xceba/burp_variables" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/0xceba/burp_variabl</span><span class="invisible">es</span></a></p><p><a href="https://infosec.exchange/tags/burp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>burp</span></a> <a href="https://infosec.exchange/tags/burpsuite" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>burpsuite</span></a> <a href="https://infosec.exchange/tags/burp_suite" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>burp_suite</span></a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a> <a href="https://infosec.exchange/tags/pentest" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentest</span></a> <a href="https://infosec.exchange/tags/bugbounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bugbounty</span></a> <a href="https://infosec.exchange/tags/bugbountytips" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bugbountytips</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a></p>
Billy J Bryant<p><a href="https://defcon.social/tags/HotTake" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HotTake</span></a> : <a href="https://defcon.social/tags/BugBounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BugBounty</span></a> programs are hurting more than they are helping. </p><p>I'm not sure about your teams, but my team has seen a massive uptick in the number of low quality reports, mostly augmented with (or straight up written by) <a href="https://defcon.social/tags/genai" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>genai</span></a> tools with little to no usable or factual claims. </p><p>This doesn't improve the security of my company's products, instead it dillutes the security workforce by making us spend more time investigating poorly written or prepared bug reports.</p>
Max Maass :donor:<p>Update on the <a href="https://infosec.exchange/tags/BugBounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BugBounty</span></a> project: a mixed bag so far. Two of the reports were accepted as low findings (fair enough), with a combined reward of 100€, which is nice. Others were closed as out of scope, admonishing me to read the scope document.</p><p>I always figured that the "no brute force" exclusions in bug bounty scopes means that I should not try to brute force passwords, but if I find a way to guess passwords in a way that is much more efficient than the regular login form, this would still qualify, as long as I didn’t actively exploit it. But it seems like some programs disagree. So, if I find a misconfiguration that opens an authentication server up to more efficient password guessing, I should... just sit on it since it is out of scope? I don't even necessarily want a bounty, I just want people to fix it, but apparently some of these just get closed by triage and not even forwarded to the affected companies…</p><p>Would be interested in hearing your experience with this kind of situation - how do you handle such scope issues, especially if you’re not really in it for the money and just want the companies to close easily fixed issues in their configs?</p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload