Hacking

Undetected E02, Fredrik Almroth - Are Bug Bounties a buzzword?

One could argue that bug bounties are a buzzword in security today, but what are they and what are they good for? In this episode, Laura is joined by the talented security researcher and detectify co-founder Fredrik N. Almroth (@almroot on twitter). If you can name it, Fredrik has probably hacked them including companies like Facebook, Tesla, Dropbox and Uber. Tune in for a dive deep into Fredrik's past as a bug bounty hunter and discuss how both companies and bug bounty hunters can get started in the field of Crowdsourced Security, as well as where the bug bounty industry is headed.
detectify

Undetected podcast e.01 recap: The evolution of web security and hacking

In the pilot episode, Laura is joined by Detectify co-founder Johan Edholm. He co-founded the company back in 2013, and is still involved with the organization today by managing the technical infrastructure in the clouds. We don’t want to give away too much, but there are some things said that are just too good to not be highlighted and we’ve summarized of some of the conversation.

Undetected | E01 Johan Edholm - Evolution of hacking; Web Security to companies of all sizes.

Do you remember when you first connected to the Internet? Security nerds Laura and Johan go back to the Internet in the 90's, the evolution of hacking and the transformation of IT security into an industry where hackers are now allies to companies.
detectify

Guest blog: streaak - my recon techniques from 2019

Detectify Crowdsource hacker Akhil George, aka streaak, is a full-time student who chases bug bounties during his free time. His hacking interests started with CTF competitions and eventually shifted to bug bounties, gaining him recognition abroad including this report from NBC. Our Crowdsource guest blogs give readers an inside look into the mind of an ethical hacker, this month’s contribution goes on to discuss the recon techniques streaak used in 2019.

rapidspike

The 7 Stages of the Client-Side Hacking Lifecycle

The threat of your customers being attacked directly on the client-side is more real today than ever before. Magecart are knocking on everybody’s door – you, your 3rd parties, and even their 4th parties. This is happening continuously, with Magecart looking for opportunities to steal your valuable data for sale on the dark web. It’s a complex and ever-changing problem. So what stage are you at in the customer hacking lifecycle?

alienvault

Workplace design tips to help deter hackers

31 percent of companies in the USA have been subjected to cyber attacks and 43 percent of those attacks were aimed at small businesses. When workplaces are designed with cybersecurity in mind, the odds of breaches will decrease. This is good news, because some breaches have the capacity to put companies out of business. These workplace design tips will make it simpler to keep hackers out of workplace networks.

splunk

The Blindspot No One is Talking About...But Hackers Are Targeting

Security is a chess game. The power to predict an opponent's next move is invaluable. To know your opponent’s strategy requires insight and intelligence. Cyber-security teams work endlessly to protect their business with firewalls, endpoint security, network security and more, just as a chess player works to protect their King. However, the protection is useless if an attacker makes their way to the core of your business.

detectify

How to Get a Finger on the Pulse of Corporate Networks via the SSL VPN

Detectify Crowdsource hacker, Alyssa Herrera, is a full-time bug bounty hacker and web application security researcher who works to protect organizations. She was one of several Crowdsource hackers to submit a working proof of concept for File Disclosure in Pulse Secure Connect (CVE-2019-11510). This guest blog post will walk through how she developed an exploitable-payload for this vulnerability.

alienvault

Hacker prevention: tips to reduce your attack surface

These days it seems that every time you open your favorite news source there is another data breach related headline. Victimized companies of all sizes, cities, counties, and even government agencies have all been the subject of the “headline of shame” over the past several months or years.