lcamtuf.blogspot.com

lcamtuf's blog

This is a personal blog. My other stuff: book. March 03, 2018. Setting up bug bounties for success. Bug bounties end up in the news with some regularity, usually for the wrong reasons. I've been itching to write about that for a while - but instead of dwelling on the mistakes of the bygone days, I figured it may be better to talk about some of the ways to get vulnerability rewards right. What do you get out of bug bounties? Improved ability to detect bugs in production before they become major incidents.

http://lcamtuf.blogspot.com/

OVERVIEW OF lcamtuf.blogspot.com

TRAFFIC RANK

>1,000,000

REVIEWS

0

PAGES IN THIS WEBSITE

21

LINKS TO THIS WEBSITE

CONTACTS

ADDRESSES

SOCIAL LINKS

ONLINE SINCE

WEBSITE DETAILS

SEO

PAGES

SIMILAR SITES

TRAFFIC RANK FOR LCAMTUF.BLOGSPOT.COM

TODAY'S RATING

>1,000,000

TRAFFIC RANK - AVERAGE PER MONTH

BEST MONTH

December

AVERAGE PER DAY Of THE WEEK

HIGHEST TRAFFIC ON

Sunday

TRAFFIC BY CITY

Sign up

CUSTOMER REVIEWS

Average Rating: 4.3 out of 5 with 14 reviews

5 star

8

4 star

2

3 star

4

2 star

0

1 star

0

Hey there! Start your review of lcamtuf.blogspot.com

AVERAGE USER RATING

Write a Review

WEBSITE PREVIEW

LOAD TIME

0.4 seconds

FAVICON PREVIEW

16x16
32x32

CONTACTS AT LCAMTUF.BLOGSPOT.COM

ADD CONTACT

Login

TO VIEW CONTACTS

Remove Contacts

FOR PRIVACY ISSUES

CONTENT

PAGES IN
THIS WEBSITE

21

SSL

EXTERNAL LINKS

197

SITE IP

172.217.9.225

LOAD TIME

0.393 sec

SCORE

6.2

PAGE TITLE

lcamtuf's blog | lcamtuf.blogspot.com Reviews

<META> DESCRIPTION

This is a personal blog. My other stuff: book. March 03, 2018. Setting up bug bounties for success. Bug bounties end up in the news with some regularity, usually for the wrong reasons. I've been itching to write about that for a while - but instead of dwelling on the mistakes of the bygone days, I figured it may be better to talk about some of the ways to get vulnerability rewards right. What do you get out of bug bounties? Improved ability to detect bugs in production before they become major incidents.

<META> KEYWORDS

1 twitter

2 prepping

3 cnc robotics

4 electronics

5 lcamtuf's blog

6 what about extortion

7 1 comments

8 0 comments

9 or making furniture

10 death by planning

CONTENT

Page content here

KEYWORDS ON PAGE

twitter,prepping,cnc robotics,electronics,lcamtuf's blog,what about extortion,1 comments,0 comments,or making furniture,death by planning,the human factor,7 comments,or electronics,have fun,2 comments,12 comments,meta http aaa ideaaaa,to electronics

SERVER

GSE

CONTENT-TYPE

utf-8

GOOGLE PREVIEW

lcamtuf's blog | lcamtuf.blogspot.com Reviews

https://lcamtuf.blogspot.com

This is a personal blog. My other stuff: book. March 03, 2018. Setting up bug bounties for success. Bug bounties end up in the news with some regularity, usually for the wrong reasons. I've been itching to write about that for a while - but instead of dwelling on the mistakes of the bygone days, I figured it may be better to talk about some of the ways to get vulnerability rewards right. What do you get out of bug bounties? Improved ability to detect bugs in production before they become major incidents.

INTERNAL PAGES

lcamtuf.blogspot.com

1

lcamtuf's blog: Oh, the places you won't go: The politics of Poland

http://lcamtuf.blogspot.com/2015/05/oh-places-you-wont-go-politics-of-poland.html

This is a personal blog. My other stuff: book. May 13, 2015. Oh, the places you won't go: The politics of Poland. This is the second article in a short series about Poland, Europe, and the United States. To explore the entire series, start here. For the next article in the series, click here. May 13, 2015 10:12 AM. Are you looking for an excuse for accepting foreign citizenship? It certainly should like. May 13, 2015 12:36 PM. May 13, 2015 3:31 PM. It certainly *sounds* like- damn auto-correction. 15 yea...

2

lcamtuf's blog: Quick notes about the bash bug, its impact, and the fixes so far

http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html

This is a personal blog. My other stuff: book. September 25, 2014. Quick notes about the bash bug, its impact, and the fixes so far. We spent a good chunk of the day investigating the now-famous bash bug. CVE-2014-6271), so I had no time to make too many jokes about it on Twitter - but I wanted to jot down several things that have been getting drowned out in the noise earlier in the day. Function foo { echo "hi mom"; } $ export -f foo $ bash -c 'foo' # Spawn nested shell, call 'foo' hi mom. The concept o...

3

lcamtuf's blog: Yes, you can have fun with downloads

http://lcamtuf.blogspot.com/2012/05/yes-you-can-have-fun-with-downloads.html

This is a personal blog. My other stuff: book. May 30, 2012. Yes, you can have fun with downloads. It is an important and little-known property of web browsers that one document can always navigate other, non-same-origin windows to arbitrary URLs; in more limited circumstances, even individual frames can be targeted. I discuss the consequences of this behavior in The Tangled Web. And several months ago. I shared this amusing proof-of-concept illustrating the perils of this logic:. What's the issue, then?

4

lcamtuf's blog: A note on an MHTML vulnerability

http://lcamtuf.blogspot.com/2011/03/note-on-mhtml-vulnerability.html

This is a personal blog. My other stuff: book. March 11, 2011. A note on an MHTML vulnerability. There is an ongoing discussion about a recently disclosed, public vulnerability. In Microsoft Internet Explorer, and its significance to web application developers. Several of my colleagues investigated this problem in the past few weeks, and so, I wanted to share our findings. As some of you may be aware, Microsoft Internet Explorer supports MHTML. Delimiter; and the name of the target resource inside the co...

5

lcamtuf's blog: Vulnerability databases and pie charts don't mix

http://lcamtuf.blogspot.com/2010/05/vulnerability-databases-and-pie-charts.html

This is a personal blog. My other stuff: book. May 06, 2010. Vulnerability databases and pie charts don't mix. Are good examples of this. Which vendor is the most responsive? Who has the highest number of high-risk vulnerabilities? These and many other questions are just begging to be objectively answered with a clean-looking pie chart. Well, not necessarily so. The most important problem is that today, for quite a few software projects, the majority. Of vulnerabilities is discovered through in-house tes...

UPGRADE TO PREMIUM TO VIEW 16 MORE

TOTAL PAGES IN THIS WEBSITE

21

LINKS TO THIS WEBSITE

informaticoysegurata.blogspot.com

Informático y "Segurata": noviembre 2010

http://informaticoysegurata.blogspot.com/2010_11_01_archive.html

Blog sobre seguridad informática:. Y asuntos de traje y corbata. Todos de interés en este campo profesional. Domingo, 14 de noviembre de 2010. La especificación de las cookies. A cuento del post de hace un mes y algo sobre las cookies. Os dejo un post rapidito. Para mencionar un artículo muy bueno sobre las debilidades en la especificación de las cookies. En el blog de lcamtuf. Nos cuenta sobre los orígenes de las cookies. Más conocidos, y una serie de problemillas. O seguirlo en Twitter.

theorangetulips.com

Cyberphobia

https://www.theorangetulips.com/tag/appengine

Your Random Security Blog. Easy CSRF Protection on AppEngine. Posted by Daniel Filed under security. As mentioned in my previous post, this blog runs on AppEngine, and is based on Nick Johnson's Bloggart. Software. Making a few tweaks to the original application, I noticed that the administration interface does not have CSRF. That is part of the Google OAuth libraries. I present to you: xsrfutil.py. Adding the @xsrfutil.xsrf protect decorator to the handler functions you'd like to protect,.

clevcode.org

January 2015 – ClevCode

http://www.clevcode.org/2015/01

Vulnerability Research, Exploit Development, Reverse-Engineering. Joshua J. Drake. 31C3 CTF: Maze write-up. If I hadn’t been so sleepy/off during large parts of the CTF, I would probably have been able to score a bit more. Greets to capsl for brainstorming about the potential ROP-scenarios btw! To make this write-up more useful for people that want to learn, I have tried to make it quite detailed. The information for the challenge was:. Where do you want to go (today)? Where do you want to go (today)?

blog.blackswansecurity.com

Management | Black Swan Security

http://blog.blackswansecurity.com/category/mgmt

A blog about cybersecurity. Archive for the ‘Management’ Category. Not so basic but definitely essential. Monday, April 3rd, 2017. IT Maintenance (patching, replacing end-of-life platforms, inventories, baseline builds etc),. Network security (internal segmentation),. Access Management (efficient joiners, movers, leavers processes, privileged user management). Security Monitoring (effective visibility),. Incident Response (tested plans, exercised staff). Monday, January 23rd, 2017. Lord Kelvin, 1824-1907.

blog.blackswansecurity.com

analytics | Black Swan Security

http://blog.blackswansecurity.com/tag/analytics

A blog about cybersecurity. Posts Tagged ‘analytics’. Security Analytics Beyond Cyber. Sunday, January 4th, 2015. I presented at 44con. 2014 on moving security analytics on from network defense and rapid response towards supporting data-driven and evidence-driven security management, my presentation is on slideshare below:. Security Analytics Beyond Cyber. Security Analysis for Humans. Tuesday, December 9th, 2014. I was inspired to consider some guiding principles for conducting security analysis. SOC Va...

thegreycorner.com

The Grey Corner: Python gdb Disassembly Extension 1.20

http://www.thegreycorner.com/2014/05/python-gdb-disassembly-extension-120.html

A blog focused on the related subjects of software exploitation, penetration testing and computer incident detection and response. Sunday, May 4, 2014. Python gdb Disassembly Extension 1.20. Ive released version 1.20 of my Python gdb Debugging Extensions, which I have now renamed to pygdbdis. The introductory page for the extensions is here. If you want to refresh your memory on what it does. Heres a screenshot of what the fifodisplay output looks like using iTerm2 on OSX. In the top left pane is the...

thegreycorner.com

The Grey Corner: October 2013

http://www.thegreycorner.com/2013_10_01_archive.html

A blog focused on the related subjects of software exploitation, penetration testing and computer incident detection and response. Thursday, October 31, 2013. When I first heard about omlette egghunter shellcode. I was pretty keen to give it a try, but did not have the opportunity until after I heard that under some unknown circumstances it "doesn't work" (see the note here. Omlette shellcode is essentially a variation on egghunter shellcode. As previously discussed on this blog. Like Matt Millers origin...

UPGRADE TO PREMIUM TO VIEW 190 MORE

TOTAL LINKS TO THIS WEBSITE

197

SOCIAL ENGAGEMENT

lcamtuf

OTHER SITES

lcamtuf.blogspot.com

lcamtuf's blog

This is a personal blog. My other stuff: book. March 03, 2018. Setting up bug bounties for success. Bug bounties end up in the news with some regularity, usually for the wrong reasons. I've been itching to write about that for a while - but instead of dwelling on the mistakes of the bygone days, I figured it may be better to talk about some of the ways to get vulnerability rewards right. What do you get out of bug bounties? Improved ability to detect bugs in production before they become major incidents.