This is my talk about being a Bug Bounty Hunter at HITCON Community 2016
It shared some of my views on finding bugs and some case studies, such as
- Facebook Remote Code Execution... more details
- Uber Remote Code Execution... more details
- developer.apple.com Remote Code Execution
- abs.apple.com Remote Code Execution
- b.login.yahoo.com Remote Code Execution... more details
- eBay SQL Injection
- www.google.com XSS
- Apple XSS
- Facebook Onavo XSS
- Uber XSS
Sorry for it's only in Chinese. Wishing you would like it.
-----
很榮幸成為 HITCON 2016 CMT 的 Keynote,下面是這次演講的投影片跟介紹XD
分享當個獎金獵人在參加各大廠商 Bug Bounty 計畫與尋找漏洞上的心得談, 以及那些回報中那些成功或被拒絕的案例與漏洞細節!
廠商包括 Google, Facebook, Apple, Yahoo, Uber 及 eBay,弱點則從 Remote Code Execution, SQL Injection, Logical Flaws 到特殊姿勢的 XSS 不等。
一起來看看大公司會有什麼樣的漏洞吧!
real hacker!
回覆刪除感謝對於思路上的分類! 有學到東西
回覆刪除Những Chuyến Đi Cuộc Đời
回覆刪除Du Lich Tu Tuc
Tri Thuc Du Lich
Book Ve Du Lich Gia Re