Neurohazard
暮雲煙月,皓首窮經;森羅萬象,如是我聞。

关于 HackerOne : 你需要知道的

wpadmin~May 25, 2018 /InfoSec

HackerOne 众测平台

额外阅读

https://github.com/1hack0/bug-bounty-101

HITCON 2016 投影片 – Bug Bounty 獎金獵人甘苦談 那些年我回報過的漏洞
http://blog.orange.tw/2016/07/hitcon-2016-slides-bug-bounty-hunter.html

https://hackerone.com/reports/342978
https://hackerone.com/hackathons/h1-4420/live

https://pentester.land/list-of-bug-bounty-writeups.html

JDSRC 京东 安全小课堂

https://www.symbo1.com/articles/2019/01/25/fb-change-product-availability-as-pageanalyst.html
https://www.symbo1.com/articles/2019/01/11/fb-pageanalyst-could-add-oneself-as-moderator-on-group.html

值得 follow 的 bug hunter

orange tsai (蔡政達) facebook shell/rce
pnig0s (Zhang Tianqi) bugcrowd 2018 五月 MVP,facebook 2018 排行前十 twitter
@onehackzero
symbo1】 团队成员 / 【Facebook 2018 No.21
@CongRong. hackerone_id: tr3jer

https://ngailong.wordpress.com/page/1/

基本功能

HackerOne , BugCrowd, hackxor.net

HackerOne Leaderboard (排行榜)

https://hackerone.com/leaderboard/all-time

LIVE-HACKING EVENTS (Las Vegas)

Las Vegas h1-702 2017 | HackerOne’s Largest Live-Hacking Event Ever

一些学习资料

Report

Step by Step: How to write a good vulnerability report

Step by Step: How to write a good vulnerability report
https://support.hackerone.com/hc/en-us/articles/211538803-Step-by-Step-How-to-write-a-good-vulnerability-report

What does a quality report look like ?

What does a quality report look like ?
https://support.hackerone.com/hc/en-us/articles/205072249-What-does-a-quality-report-look-like-

Resources for New Hackers

USEFUL ONLINE RESOURCES FOR NEW HACKERS
https://www.hackerone.com/blog/resources-for-new-hackers

How to become a successful bug bounty hunter

HOW TO BECOME A SUCCESSFUL BUG BOUNTY HUNTER
https://www.hackerone.com/blog/become-a-successful-bug-bounty-hunter

5 things top bounty hunters do differently

5 THINGS TOP BUG BOUNTY HUNTERS DO DIFFERENTLY
https://www.hackerone.com/blog/5-things-top-bug-bounty-hunters-do-differently

Hacker 101 (课程与电子书)

Hacker101

Hacker101 is a free class for web security.
https://www.hacker101.com/

Burpsuite 合作

We’ve teamed up with Burp Suite to offer promising hackers the full capabilities that Burp Suite Pro offers. When you reach at least a 500 reputation and maintain a positive signal, you are eligible for 3-months free of Burp Suite Professional, the premier offensive hacking solution.

Web Hacking 101 E-Book

HACK, LEARN, EARN, WITH A FREE E-BOOK

https://www.hackerone.com/blog/Hack-Learn-Earn-with-a-Free-E-Book

Hacktivity (正式项目)

https://hackerone.com/hacktivity

Internet Bug Bounty (IBB)

对于某些通用漏洞和基础组件,IBB 会部分提供资助。

https://internetbugbounty.org/

A bug bounty program for core internet infrastructure and free open source software.

The Panel (类似委员会)

Alex Rice, HackerOne
Chris Evans
Katie Moussouris
Zane Lackey, Signal Sciences
Jesse Burns, NCC Group
Collin Greene, Facebook
Roman Porter, Microsoft
Neal Poole, Facebook
Peleus Uhley, Adobe
Ryan McGeehan
Adam Bacchus, HackerOne
Shawn Davenport, GitHub
Reed Loden, HackerOne

Q&A

What is HackerOne Managed ?

https://support.hackerone.com/hc/en-us/articles/205632395-What-is-HackerOne-Managed-

HackerOne Managed is a premium service from HackerOne for customers who want reports reviewed and triaged before seeing them. HackerOne partners with world-class security consulting firms to help you run a world-class program. You select the partner, the level of triage service (Lite or Full), and the length of engagement that best fits your needs. No long term contracts are necessary. Once HackerOne Managed is running, you receive a pre-filtered list of potential security holes to confirm and close, ensuring your Security team is only spending their time on potentially valid reports.

Sound like this could be a great option for your team? Take a look at the HackerOne Managed page for more information, then send us a request.

Can I choose what types of programs I’m invited to?

https://support.hackerone.com/hc/en-us/articles/208213103-Can-I-choose-what-types-of-programs-I-m-invited-to-

HackerOne knows that some hackers may want to get invites from any Private program, while others only want invites from those offering bounties or don’t want invites at all. You can indicate your invitation preferences by navigating to your account Settings > Invitation Preferences.

Leave a Reply

Your email address will not be published. Required fields are marked *