[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] Bug bounty failure stories to learn from: how we ended up to hack a bank with no reward

To: fulldisclosure@xxxxxxxxxxxx
Subject: [FD] Bug bounty failure stories to learn from: how we ended up to hack a bank with no reward
From: Red Timmy Security <publications@xxxxxxxxxxxx>
Date: Thu, 04 Feb 2021 12:59:17 +0100

Hi,

bug bounty programs are spreading more and more nowadays.We would liketo share our experience in this area but from a different angle thistime: failure stories rather than success stories.

We provide some hints and talk about side effects (for example how onecan end up hacking a bank as happened to us), as well as the reasoningbehind the choices about targets and approaches followed during thebounty campaign.

Full stories here ->https://www.redtimmy.com/bug-bounty-failure-stories-to-learn-from-how-we-ended-up-to-hack-a-bank-with-no-reward/


regards
Red Timmy Security


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] Backdoor.Win32.RemoteManipulator.brr / Insecure Permissions EoP
Next by Date: [FD] KSA-Dev-008: Authenticated XSRF leads to complete account takeover in all UNIBOX WiFi Hotspot Controller
Previous by thread: [FD] Backdoor.Win32.RemoteManipulator.brr / Insecure Permissions EoP
Next by thread: [FD] KSA-Dev-008: Authenticated XSRF leads to complete account takeover in all UNIBOX WiFi Hotspot Controller
Index(es):
- Date
- Thread