NEW FROM ME: so i guess i hacked samsung?!

a short bug bounty write up on how i randomly stumbled onto samsung cloud infrastructure

(not an april fools bit)

I did my first-ever CTF today :] it’s not much, but it was a lot of fun for me! And fuck it, it’s Friday - not every day needs to be a big accomplishment. That said, it took a lot for me to work up the courage and the requisite knowledge to even be able to really try. I ended up needing to use a Hint, only for it to tell me that the answer was what I already thought it might be and then immediately discarded the idea as wrong without even trying because “it must be wrong”. And then I used a Hint, and then I felt like an idiot. Lesson learned: Try!!! For fuck’s sake, actually TRY out your ideas before you write them off!!! Don’t just give up and assume you're too stupid to figure it out!!!!!

Anyways. It feels like all that learning I did about how the internet works is actually starting to pay off :] At the very least, it’s given me more confidence. I feel bad, because I completely stopped writing about that in my tumblr posts, even though it’s probably the most interesting thing I could talk about. Seriously, this stuff is fucking awesome and a LOT of fun if you can get past how intimidating it is, and get through the endurance test that is all of the prerequisite learning you have to do first.

Oh boy. I am not pitching this well.

I promise it's way cooler and more fun than I'm making it sound. I highly recommend trying something like this out if you're more interested in the networking & sysadmin side of things!

Plus, it’s not exactly like COMPUTER HACKING needs any more hype. You already know how fucking awesome it is. It’s the coolest fucking thing EVER.

I’M DOING MR. ROBOT SHIT!!!!!! AHHHH!!!!! IT'S SO FUCKING AWESOME OH MY GOD!! 🤩🤯🥳😆😄😁

Day 47: 100 Days of Infosec

My New Position as a Web Application Pentester

I was able to obtain this position through the power of LinkedIn. In The Ultimate Guide for Getting into Cybersecurity for Beginners, I explain how utilizing your LinkedIn account as a portfolio and network can help you get recognized. In my case, I took my advice, and it allowed me to win this position. I was in Louisiana visiting for Christmas, and I had set my Linkedin profile to be open for networking. During my last week there, a recruiter reached out to me about a position that involved hacking, knowing OWASP Top 10, and remediating security holes; I was all in. Luckily, I completed my remote six-month internship with Safer Internet Project while also working. Safer Internet Project taught me about penetration testing, exploiting different vulnerabilities, using various hacking tools, etc. As a result, I scored a remote opportunity with a reputable company within four months of their training. I highly recommend anyone interested in transitioning into an ethical hacking career check out Safer Internet Project. You won't regret it! Massive shoutout to David and Gareth for being incredible mentors and having the best live pentesting calls.

Chapter 1 & 2 Bug Bounty Bootcamp: Picking a Bug Bounty Program and Sustaining Your Success

I've been interested in bug bounty hunting for a few years now, and I wasn't sure where to start. It seemed like a taboo subject before receiving Bug Bounty Bootcamp by Vickie Li from No Starch Press. The book begins in chapter one, detailing the different bug bounty programs and helping you pick the right one. A bug bounty program is program companies can run that allows hackers to hack on potentially vulnerable products or services they offer to the public. If the hackers find a legitimate vulnerability, they can get paid a bounty or receive reputation points. Hackerone, Bugcrowd, and Intigriti are three different types of bug bounty platforms on which hackers can find various bug programs. To successfully find bugs on these platforms, most hackers utilize Burp Suite. This web application pentesting tool analyzes the overall functionality of websites. I have been completing labs on PortSwigger academy, a resource offered by Burp Suite, to become certified in web app hacking. It also helps to know about web vulnerabilities, how different programming languages work, and web development to find bugs.

I've decided to participate in a VDP (Vulnerability Disclosure Program) to start. You don't get a bounty for VDP programs but reputation points instead to get access to more private programs the more skilled you get. These programs are also less competitive and can be used as a learning experience to talk to security engineers about improving your hacking skills. After picking a program and getting my first approved security bug, I'm going to continue to sustain my success so I can continue to become a better hacker. Chapter two gives an excellent outline for beginner hackers to maintain their success in bug bounty and how to build a great relationship with the security team. Supporting your success as a bug bounty hunter involves writing great security reports. A security report is a business document helping companies keep their assets secure and potentially provides you payment for assisting them. It's best to make sure you have all of the recommended components of a security report and to make sure it's clear and concise for your reader. Anyone can sustain success in bug bounty by knowing how to deal with conflict during payout disagreements and being professional throughout the entire process. Building relationships with security engineers, keeping your skills fresh and new, and knowing when to take breaks when needed can help you continue to be successful as well. Participating in bug bounty is hard, and it may take me some time to find my first legitimate bug. However, nothing can stop me if I continue studying and applying what I'm learning. I have also been getting first-hand experience with a famous bug bounty hunter on Twitter. I have been providing help and insight on programs he's hacking in to get my hands wet while also learning new tools and hunting techniques. Soon I'll have enough knowledge to share with you guys.

Where is the Digital Empress Brand Going?

The Digital Empress is still here to stay. Instead of focusing so much of my energy outward and across different platforms to inspire and educate, I'll solely be here and on Youtube. I've decided to make my content more journey-focused rather than service-based. I've come to a point where I've gotten bored, and it's not enjoyable anymore. I want to go back to my roots and show you all what new skills I'm learning and the latest projects I create. I also want to own my content and not have a third party taking out a percentage just for hosting my products and content. One day I'll eventually move away from Youtube as well. The Discord and Buy Me a Coffee service is no longer accessible or active, and I'm back to #100DaysofInfosec. Having a baby also changed my perspective heavily on making this decision. Now that I'm a mother, I want to teach him everything I know and give him all the attention in the world. Hopefully, he'll be saying bug bounty and SQL injection by age two. Thank you all for sticking around this long to see me and my brand grow, and I plan to continue growing and reaching new heights. I'm so excited to share this new journey with all of you!

More Information:

100 Days of Infosec Twitter Thread:

Twitter Thread Associated With this Material

Start Your Career In Cybersecurity with my Ebook:

The Ultimate Guide for Getting Into Cybersecurity for Beginners Ebook

Cover Your Macbook and other webcams with my Cute Webcam Covers

Webcam Cover with Penholder (for Macbooks)

Regular Webcam Cover 

Get Cute While Hacking with The Digital Empress Beauty

Digital Empress Ethanet La$hes

Digital Empress Innanet La$hes

Please note: Some of the links in this blog post are affiliate links. If you decide to purchase from any of the sites, I may earn a small commission at no extra cost to you. Any commissions will go towards The Digital Empress platform. Thank you so much for your support.

Multiple new CVEs discovered and disclosed! XSS, DoS and a weak password policy!

5 Nền tảng Bug Bounty tốt nhất dành cho Hacker Mũ Trắng – 2024

Nền tảng tiền thưởng lỗi hay Bug Bounty đóng một vai trò quan trọng trong hệ sinh thái an ninh mạng bằng cách cho phép các tổ chức tận dụng chuyên môn của các nhà nghiên cứu bảo mật bên ngoài (hacker mũ trắng và cả hacker mũ đen) để xác định và báo cáo các lỗ hổng trong hệ thống của họ. Sau đây là tổng quan toàn diện về một số nền tảng tiền thưởng lỗi Bug Bounty nổi bật: Lưu ý , đây cũng là một…

View On WordPress

Web3 bug bounty programs are vital resources for boosting security and trust in the Web3 landscape. In this article, learn more about bug bounty in detail.

OpenAI, công ty tạo ra ChatGPT mang tính cách mạng, đã khởi chạy một chương trình Bug Bounty (săn lỗ hổng kiếm tiền thưởng) khổng lồ.

Authentication is proving a person is whom they suggest the are, whereas authorization involves verifying whether a user is allowed to do something.

Meta Paid Out $16 Million in Bug Bounties Since 2011

Meta Paid Out $16 Million in Bug Bounties Since 2011

Home › Vulnerabilities Meta Paid Out $16 Million in Bug Bounties Since 2011 By Ionut Arghire on December 16, 2022 Tweet Facebook parent company Meta on Thursday announced that it has paid out over $16 million in bug bounties since 2011, with $2 million awarded in 2022 alone. To date, the company has received more than 170,000 vulnerability reports from security researchers, but only 8,500 of them…

View On WordPress

DHS Marks Expansion Of Bug Bounty Efforts With Impending Contract Awards

DHS Marks Expansion Of Bug Bounty Efforts With Impending Contract Awards

“FEDERAL NEWS NETWORK” by Justin Doubleday “The Department of Homeland Security is planning to award up to four contracts as early as next month for vetted security researchers to find software bugs in DHS systems, including at live hacking events. “DHS plans to award at least three, but potentially four indefinite-delivery, indefinite-quantity contracts, according to the RFP documents. The…

View On WordPress

Day 48: 100 Days of Infosec

I finally got to feel like Mr. Robot and hack into a Windows machine by using Metasploit to gain initial access and then switching over to Powershell to escalate privileges. Along with learning how to perform privilege escalation, I learned how to gain Administrator access without the help of Metasploit. Completing the Steel Mountain room will be my first walkthrough with TryHackMe, and I want to write many more for other rooms. 

CVE-2022-34613, CVE-2022-34618, CVE-2022-34619 – Multiple XSS (And more) in Mealie

Multiple new CVEs discovered and disclosed! XSS, file uploads and more!