Webinar: Tips on Building a World Class Bug Bounty Program From Senior Red Team Expert, Mack Staples

There’s nothing more important than protecting the lifeblood of your business: customer data. No one takes this more seriously than Zenefits, the All-in-One HR Platform. Zenefits holds sensitive personal and financial data for over 10,000 small and medium businesses. That’s a lot of high risk customer data, including Personally Identifiable Information (PII) and Protected Health Information (PHI). Thankfully, Zenefits has a world-class security program and a Red Team that knows, like many other companies with similarly sensitive data, they must be on their game 24/7. Mack Staples, Senior Manager of Zenefits' Red Team, walks through some best practices they use to enable bug bounties as a core product security strategy. He discusses tips, practical advice, and insights into how they’ve built their world-class bug bounty program into one of the top program’s on the HackerOne platform.

https://www.youtube.com/watch?v=USRi1M2mlm8

🕴 @Phantasm_Lab

Official Black Hat Arsenal Tools Github Repository

https://github.com/toolswatch/blackhat-arsenal-tools

🕴 @Phantasm_Lab

awesome-reversing

A curated list of awesome reversing resources

https://github.com/fdivrp/awesome-reversing

🕴🏼 @H3XL0VER
🕴🏼 @PhantasmLab

Misconfiguration of Demographics Privacy in a Page
https://medium.com/@markchristiandeduyo/misconfiguration-of-demographics-privacy-in-a-page-682feb1179f2

QRLJacking - A New Social Engineering Attack Vector

QRLJacking or Quick Response Code Login Jacking is a simple social engineering attack vector capable of session hijacking affecting all applications that rely on the “Login with QR code” feature as a secure way to login into accounts. In a nutshell, the victim scans the attacker’s QR code which results in session hijacking.

https://github.com/OWASP/QRLJacking

🕴🏼 @PhantasmLab

GitHub Enterprise - Remote Code Execution

GitHub Enterprise smaller than 2.8.7 Remote Code Execution A demo video of Black Hat USA 2017

https://www.youtube.com/watch?v=GoO7_lCOfic&feature=youtu.be

🕴🏼 @PhantasmLab

OSCP Prep - SLmail Buffer Overflow Exploit Development with Kali Linux

https://www.youtube.com/watch?v=OOkU7to0Ty4

🕴🏽 @Phantasm_Lab

OSCP Prep - Vulnserver Buffer Overflow Exploit Development with Kali Linux

https://www.youtube.com/watch?v=qjWs___hQcE

🕴🏽 @Phantasm_Lab

Mais do que nunca é hora de falar da importância da CryptoRave. Mais do que nunca é hora de compartilhar em todos os grupos que você faz parte.

A CryptoRave é um evento de muita resistência: voluntário, sem publicidade, sem terno, gravata e pão de queijo murcho. Financiada por todos nós. Construída por nós, com uma programação coletiva.

Ano passado 600 pessoas acreditaram e ajudaram a realizar o evento. Esse é um evento único no Brasil e que precisa continuar existindo.

É por esse motivo que nós agradecemos a cada um de vocês que, de alguma forma, em algum momento desses cinco anos apoiou a CryptoRave. Nem sempre dá para apoiar com dinheiro, mas divulgar para os/as amigos/as é sempre possível e muito importante.

Divulguem! <3

https://www.catarse.me/cryptorave2018

How to Install apktool In Android: Decompile & Re-compile any Apk – Kali Nethunter [Reverse Engineering]

In this article i will show you how to Install apktool in android and also show you how to decompile & recompile any android apk app with using android kali nethunter.

https://exploithub.info/install-apktool-in-android/

🕴 @Phantasm_Lab

#Perfil #HackerOne #Series

Dr.Jones (sp1d3rs)

Reputation: 3875 Rank: 78th

Spiders are the only web developers that enjoy finding bugs

https://hackerone.com/sp1d3rs

Hacking Prank

https://www.youtube.com/watch?v=GLyaqXaSsCA