Presenting at DEF CON 26 - Bug Bounty Hunting on Steroids | /dev/alias – Hack. Dev. Transcend.
(Update: The talk recording is now up on YouTube, latest links to related content in this tweet)| /dev/alias – Hack. Dev. Transcend.
(Update: The talk recording is now up on YouTube, latest links to related content in this tweet)| /dev/alias – Hack. Dev. Transcend.
Imagine a world driven by the strive for progress, improvement and innovation, rather than fuelled by corporate greed. Ideas and breakthroughs are shared freely and openly. Where instead of multiple separate entities having to expend the same effort to unlock the same benefits time and time again, locking them away inside their own corporate silos to ration out to the masses at overly inflated costs; we co-create that benefit, shared freely, and greatly accelerate the pace of innovation for e...| /dev/alias – Hack. Dev. Transcend.
I tend to dive down rabbit holes a lot, and given the cost of context switching and memory deteriorating over time, sometimes the state I build up in my mind gets lost between the chances I get to dive in. These 'linkdump' posts are an attempt to collate at least some of that state in a way that I can hopefully restore to my brain at a later point.| /dev/alias – Hack. Dev. Transcend.
Time for another Bulletproof Biohacked.com quarterly box.| /dev/alias – Hack. Dev. Transcend.
Earlier this year I spent some time delving into Atlassian Confluence to see if I could dig up any bugs that had slipped through the cracks. I wasn't really expecting to turn up much, but I was super excited and surprised when I managed to find an issue within the RSS feed plugin leading to Cross-Site Scripting (XSS) (Twitter: 1, 2; LinkedIn: 1, 2; BugCrowd: 1, 2).| /dev/alias – Hack. Dev. Transcend.
Recently I had the opportunity to present at a few local security meetups, and one international security conference.| /dev/alias – Hack. Dev. Transcend.
Earlier this year I had an opportunity to spend some time looking at Squiz Matrix, a Content Management System (CMS) used across a number of sectors including higher eduction, media and publishing, goverment, finance, health, and utilities. With a huge number of features, a massive PHP codebase, and a numbr of high profile sectors as clients, I set out to see if I could find any interesting little bugs hidden away.| /dev/alias – Hack. Dev. Transcend.
