Orange

This is my talk about being a Bug Bounty Hunter at HITCON Community 2016

It shared some of my views on finding bugs and some case studies, such as

• Facebook Remote Code Execution... more details
• Uber Remote Code Execution... more details
• developer.apple.com Remote Code Execution
• abs.apple.com Remote Code Execution
• b.login.yahoo.com Remote Code Execution... more details
• eBay SQL Injection
• www.google.com XSS
• Apple XSS
• Facebook Onavo XSS
• Uber XSS

Sorry for it's only in Chinese. Wishing you would like it.

-----

很榮幸成為 HITCON 2016 CMT 的 Keynote，下面是這次演講的投影片跟介紹XD

分享當個獎金獵人在參加各大廠商 Bug Bounty 計畫與尋找漏洞上的心得談， 以及那些回報中那些成功或被拒絕的案例與漏洞細節！

廠商包括 Google, Facebook, Apple, Yahoo, Uber 及 eBay，弱點則從 Remote Code Execution, SQL Injection, Logical Flaws 到特殊姿勢的 XSS 不等。

一起來看看大公司會有什麼樣的漏洞吧！