Plucking the low hanging fruit of data and security breaches. How to be rewarded even if there's no bug bounty program (hackerhotel2024)

Chaos Computer Club - recent audio-only feed

Inhalt bereitgestellt von CCC media team. Alle Podcast-Inhalte, einschließlich Episoden, Grafiken und Podcast-Beschreibungen, werden direkt von CCC media team oder seinem Podcast-Plattformpartner hochgeladen und bereitgestellt. Wenn Sie glauben, dass jemand Ihr urheberrechtlich geschütztes Werk ohne Ihre Erlaubnis nutzt, können Sie dem hier beschriebenen Verfahren folgen https://de.player.fm/legal.

6M ago 50:21

MP3•Episode-Home

I call myself "The Lamest Hacker You Know". I don 't use Kali, 0days, Burp Suite or any tools besides Curl, A browser, and clients for existing software, combined with (semi) open data sources. Probably 90% of my findings are for companies that don't have a CISO an never even heard the term "Bug Bounty Program", In this talk I will give some tips on how to reach out to a company out-of-the-blue and not have them hate you. I call myself "The Lamest Hacker You Know". I don 't use Kali, 0days, burp suite or any tools besides Curl and some (semi) open data sources. Probably 90% of my findings are for companies that don't even have a CISO and never even heard of a Bug Bounty Program and yet, I have been rewarded for finds that will make you go "yikes". I never once got into trouble because of how I operate: Being radically open. In this talk I will look back on some cases I never made public, show you how I work, the upsides and the downsides, and give some tips on how to reach out to a company out-of-the-blue and not have them hate you. about this event: https://pretalx.hackerhotel.nl/hackerhotel-2024/talk/FPMLCB/

2100 Episoden

#CCC media team #Ccc Congress Hacking Security Netzpolitik #Sicherheit #Technologie #Software-Entwicklung