Collaborate Disseminate
The Microsoft .NET Bounty Program states that "Vulnerabilities in the .NET Framework, or any ASP.NET framework running on .NET Framework (Webforms or MVC)" is out of scope.
Is .NET Framework covered by another bounty program?
Or … Continue reading Does .NET Framework have a bounty program?
Should you notify your ISP before you engage in bug bounty activities? Has anyone had issues with this in the past? What kind of reactions did you get from your provider?
I am not engaging in bug bounty activities against my ISP.
Continue reading Bug Bounty — Notifying ISP before you start? [closed]
U.S. prosecutors have charged a 30-year-old man with attempting to extort Major League Baseball and broadcasting illegal game streams after he allegedly breached the league’s website. Attorneys from the Southern District of New York charged Joshua Streit with running HeheStreams.com, a website that allowed users to stream games from the MLB, National Hockey League, National Basketball Association and the National Football League for a fee, according to a complaint. The site attracted a sizable following on social media and discussion forums like Reddit, where fans congregated to praise the cheap prices HeheStreams offered in comparison to the leagues’ official streaming services, the Wall Street Journal reported. In March 2021, prosecutors say, Streit contacted MLB personnel to complain about “a lack of gratitude” after he alerted the organization about a “network vulnerability.” Streit allegedly requested $150,000 from the MLB in exchange for his apparent disclosure. An MLB executive responded to Streit […]
The post US charges alleged extortionist, HeheStreams operator with demanding $150K from MLB appeared first on CyberScoop.
Continue reading US charges alleged extortionist, HeheStreams operator with demanding $150K from MLB
Meanwhile, Zerodium’s quest to buy VPN exploits is problematic, researchers said. Continue reading U.S. Ban on Sales of Cyberattack Tools Is Anemic, Experts Warn
I’ve found bug in a moderately known company when I started my bug bounty career, 7 months ago, since then I’ve found other bugs and received bounty for them on other companies, but this first company fixed the bug and promised me they’ll … Continue reading Bug bounty programme ignoring me after promising a bounty for 7 months now, not paying me as well [closed]
I’ve found bug in a moderately known company when I started my bug bounty career, 7 months ago, since then I’ve found other bugs and received bounty for them on other companies, but this first company fixed the bug and promised me they’ll … Continue reading Bug bounty programme ignoring me after promising a bounty for 7 months now, not paying me as well [closed]
I’m a newbie ethical hacker and bug bounty hunter. Lets, assume my target is somethingtohack.com, the thing is the company’s scope defines that the main domain is out of scope, but subdomains like subdomain.somethingtohack.com are in scope… Continue reading Can I escalate a main domain SSTI/RCE to all the subdomains belonging to that domain?
The security vulnerabilities bring the web behemoth up to 10 browser zero-days found so far this year. Continue reading Pair of Google Chrome Zero-Day Bugs Actively Exploited
Bug hunters who want to help the US federal government secure their online assets can now source all the relevant information from a vulnerability disclosure policy (VDP) platform offered by the Cybersecurity and Infrastructure Security Agency (CISA). … Continue reading CISA launches US federal vulnerability disclosure platform
I’m working with an interesting vulnerability I found which enables local file inclusion (LFI) on a target server. In summary, there is a PDF generation API endpoint which accepts an HTML string as input. In return, it will render the HTML… Continue reading Does Windows Server ship with any sensitive images in the filesystem?