Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #173 from Hacker0x01/djwy-design-revamp
@tomdev and I reviewed all the changes. We rebased the master into this, and by closing this PR, we can close all the open pull requests for this repository. Thanks to everyone for their contributions 🥳
- Loading branch information
Showing
10 changed files
with
97 additions
and
59 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
--- | ||
layout: page | ||
title: How I got from 0 to MVH | ||
video_src: https://www.youtube-nocookie.com/embed/M48hOtExUII | ||
--- | ||
|
||
Speaker | ||
----------------- | ||
STÖK is a hacker, content creator, and creative with 25 years as a professional in Information Technology. STÖK is not only dedicated to bring excellent content and share new techniques to the red-team and bounty community but also strives to inspire the next generation of hackers to enter the infosec space. | ||
|
||
Abstract | ||
----------------- | ||
STÖK gets asked "How do I get started in bug bounties?" every day, and it's been like that since the first day he began his own bounty journey about 2 years ago. In 2020, there are so many different paths to choose, and it can be really overwhelming for someone that wants to break into the hacking space. Should you focus on VDPs? Should you do CTFs? Should you spend your time doing recon? Should you automate stuff? Or should you go app deep? There is no right or wrong way to do it, but the most important thing is to simply take action, and simply just start hacking. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
--- | ||
layout: page | ||
title: Graphing Out Internal Networks with CVE-2020-13379 (Unauthed Grafana SSRF) | ||
video_src: https://www.youtube-nocookie.com/embed/NWHOmYbLrZ0 | ||
--- | ||
|
||
Speaker | ||
----------------- | ||
Justin Gardner is a full-time bug bounty hunter based near Tokyo, Japan. His focus in the security space is on web vulnerabilities and automated reconnaissance as pertains to bug bounty hunting. Before bug bounty hunting full-time, Justin was held various roles in IT ranging from software developer to IT architect, as well as consulting as a penetration tester with SynerComm for 2 years. Outside of security, Justin loves Jesus, spending time with his wife Mariah, volleyball, learning languages, and Brazilian jiu-jitsu. | ||
|
||
Abstract | ||
----------------- | ||
This talk outlines the experience of discovering a full-read unauthed SSRF vulnerability in a product used by thousands of companies in their DMZs. There will be 3 main sections of this talk: the discovery, the exploitation, and the results. | ||
|
||
Starting with the discovery of this bug, we'll discuss some methodology of looking at open-source software for security vulnerabilities and how this led to the discovery of CVE-2020-13379. Included in this section will be defining your goals for what kind of impact you wish to achieve, identifying areas of interest, and perseverance (also known as going down the rabbit hole). | ||
|
||
From there, we'll dive into a demo of the bug. This will include a working PoC for CVE-2020-13379, an exploitation kit that will assist in full exploitation, and a summary of some useful escalation techniques. We will also discuss what it looks like to use this bug against companies who host Grafana instances in the DMZ or in the internal network. | ||
|
||
To bring it all around, we'll talk about the experience of reporting this bug to different vendors and mass-exploitation across bug bounty programs. This will include some lessons learned from mass-exploitation, some awesome collaboration with very skilled hackers, and some great interactions with programs. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters