Nicolas Grégoire - Hunting for Top Bounties





The interactive transcript could not be loaded.


Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Nov 16, 2014

After one of these stupid bets, I had to look at bug bounty programmes.

I first tried to apply a typical OWASP Top 10 methodology during the Deutsche Telekom programme. Not very efficient... So I decided to participate in other programmes with a focus on two narrow fields, XML and SSRF. As expected, few people had a look at this area. As a result, I totally pwned Prezi and Yahoo.

For both of them, I was quickly able to read non-privileged files
like /etc/passwd. I later accessed the private key of Prezi's cloud
deployment system (using a EC2/OpenStack trick) and got root privileges on every outbound Yahoo proxy (with a vulnerability previously closed as WONTFIX).

Big compromises implying big rewards, I earned the top rewards from both programs. Around 25k$ in a few days, for pwning production networks, that's a hobby that most sane people should enjoy!



to add this to Watch Later

Add to

Loading playlists...