3
HITCON 2016 投影片 - Bug Bounty 獎金獵人甘苦談 那些年我回報過的漏洞
source link: http://blog.orange.tw/2016/07/hitcon-2016-slides-bug-bounty-hunter.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
HITCON 2016 投影片 - Bug Bounty 獎金獵人甘苦談 那些年我回報過的漏洞
This is my talk about being a Bug Bounty Hunter at HITCON Community 2016
It shared some of my views on finding bugs and some case studies, such as
-----
很榮幸成為 HITCON 2016 CMT 的 Keynote,下面是這次演講的投影片跟介紹XD
分享當個獎金獵人在參加各大廠商 Bug Bounty 計畫與尋找漏洞上的心得談, 以及那些回報中那些成功或被拒絕的案例與漏洞細節!
廠商包括 Google, Facebook, Apple, Yahoo, Uber 及 eBay,弱點則從 Remote Code Execution, SQL Injection, Logical Flaws 到特殊姿勢的 XSS 不等。
一起來看看大公司會有什麼樣的漏洞吧!
It shared some of my views on finding bugs and some case studies, such as
- Facebook Remote Code Execution... more details
- Uber Remote Code Execution... more details
- developer.apple.com Remote Code Execution
- abs.apple.com Remote Code Execution
- b.login.yahoo.com Remote Code Execution... more details
- eBay SQL Injection
- www.google.com XSS
- Apple XSS
- Facebook Onavo XSS
- Uber XSS
-----
很榮幸成為 HITCON 2016 CMT 的 Keynote,下面是這次演講的投影片跟介紹XD
分享當個獎金獵人在參加各大廠商 Bug Bounty 計畫與尋找漏洞上的心得談, 以及那些回報中那些成功或被拒絕的案例與漏洞細節!
廠商包括 Google, Facebook, Apple, Yahoo, Uber 及 eBay,弱點則從 Remote Code Execution, SQL Injection, Logical Flaws 到特殊姿勢的 XSS 不等。
一起來看看大公司會有什麼樣的漏洞吧!
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK