This is my talk about being a Bug Bounty Hunter at HITCON Community 2016
It shared some of my views on finding bugs and some case studies, such as
- Facebook Remote Code Execution... more details
- Uber Remote Code Execution... more details
- developer.apple.com Remote Code Execution
- abs.apple.com Remote Code Execution
- b.login.yahoo.com Remote Code Execution... more details
- eBay SQL Injection
- www.google.com XSS
- Apple XSS
- Facebook Onavo XSS
- Uber XSS
Sorry for it's only in Chinese. Wishing you would like it.
-----
很榮幸成為 HITCON 2016 CMT 的 Keynote,下面是這次演講的投影片跟介紹XD
分享當個獎金獵人在參加各大廠商 Bug Bounty 計畫與尋找漏洞上的心得談, 以及那些回報中那些成功或被拒絕的案例與漏洞細節!
廠商包括 Google, Facebook, Apple, Yahoo, Uber 及 eBay,弱點則從 Remote Code Execution, SQL Injection, Logical Flaws 到特殊姿勢的 XSS 不等。
一起來看看大公司會有什麼樣的漏洞吧!
real hacker!
回覆刪除感謝對於思路上的分類! 有學到東西
回覆刪除