YesWeHack

The latest hunter interview on our blog stars the amiable and talented Swedish hacker HakuPiku! 😎 In this video and writeup, HakuPiku – real name Eldar Zeynalli – charts his route into a hacking career, reflects on the value of programming experience to finding vulnerabilities, and compares #BugBounty to pentesting. 🐞 The full-time hunter, who competes in CTF competitions for the Kalmarunionen team, also talks about his preference for Android apps, his most critical find so far, and which (non-IT related) profession bug hunting most resembles. 📱 Read the writeup 👇

🔧 #OpenSource #BugBounty Spotlight: CycloneDX Rust Cargo (OWASP CycloneDX SBOM/xBOM Standard) – generates software bills of materials (SBOMs) in order to track dependencies and improve software security. A game-changer for Rust developers. Two scopes and max €10k rewards, via Sovereign Tech Fund. 🫀 𝐂𝐨𝐫𝐞 𝐅𝐮𝐧𝐜𝐭𝐢𝐨𝐧𝐚𝐥𝐢𝐭𝐲: Helps to create and manage SBOMs, which detail the components an application comprises and their versions. Project includes a library and tool for generating these lists for Rust projects, making it easier to track and manage software components. 🌎 𝐑𝐞𝐚𝐥-𝐖𝐨𝐫𝐥𝐝 𝐀𝐩𝐩𝐥𝐢𝐜𝐚𝐭𝐢𝐨𝐧𝐬: By inventorying all software components, SBOMs enable security teams to identify and patch vulnerabilities, mitigate risks from third-party components and fulfil compliance requirements. ⚠ 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐑𝐢𝐬𝐤𝐬: The security benefits of CycloneDX Rust Cargo means that vulnerabilities, such as those that compromise SBOM integrity, could have serious consequences. Hunters, help us harden cyclonedx-bom and cargo-cyclonedx 👉 https://lnkd.in/eN4J6UTK

The wait is over ⏰ HeroCTF is on until Sunday 👉 https://ctf.heroctf.fr/ Seize the opportunity to showcase your skills through a series of challenges and compete for exciting prizes. Good luck to all participants 🍀 #YesWeRHackers

YesWeHack is proud to join forces with BZHunt, DIATEAM and La Cantine numérique Brest to organise 'Celtic Cyber Crusade', a Live #BugBounty event dedicated to students, on November 8! ✊   For our third time teaming up with BZHunt to challenge cybersecurity students, we've chosen to hold the competition during the Brest-based infosec conference #UYBHYS2024. Participants will have 8 hours to test their skills by probing partner companies’ systems for bugs. 👾 Stay tuned for more info! #UnlockYourBrain #YesWeRHackers

☁️ #OpenSource #BugBounty Spotlight: ownCloud – secure file storage and sharing solution serving as a private cloud alternative to Google Drive. Offers 18 scopes and $5k max rewards! 🔒️ 🫀 𝐂𝐨𝐫𝐞 𝐅𝐮𝐧𝐜𝐭𝐢𝐨𝐧𝐚𝐥𝐢𝐭𝐲: Storing, syncing and sharing files securely across devices. As a private cloud storage solution, ownCloud gives individuals and organisations full control over their data, which is stored securely on their own servers. 🌎 𝐑𝐞𝐚𝐥-𝐖𝐨𝐫𝐥𝐝 𝐀𝐩𝐩𝐥𝐢𝐜𝐚𝐭𝐢𝐨𝐧𝐬: Preferred by organisations and individuals who want the convenience of cloud storage without storing their data on the servers of tech giants like Google or Dropbox. Enables workplace collaboration while maintaining data privacy and security. ⚠ 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐑𝐢𝐬𝐤𝐬: File storage and sharing applications have a critical role in data security and privacy. Malware distribution or exploitation of data leak or access control flaws can have serious adverse impacts. Hunters, help us harden ownCloud! 👉 https://lnkd.in/eD6rHrMB

⏳ Just 3 weeks left until our #LiveHackingEvent at Ekoparty ⏳ The countdown is on, and we can't wait to see you on November 14-15 in Buenos Aires 🇦🇷   Prepare to dive into an unexplored target, chase down juicy bounties, and grab some exclusive swag. 😎 This thrilling session, in collaboration with Ekoparty and Bug Bounty Argentina, is open to all onsite attendees - don't miss out!   Get all the info here 👉 https://lnkd.in/e4hQqJ2Y PS: Make sure to catch our team at booth 10! 📌   #YesWeRHackers #BugBounty

Have you missed the news? From now on, uncovering valid bugs in our open-source programs will earn you exclusive swag! 🎁 🔓 𝐎𝐏𝐄𝐍 𝐭𝐡𝐞 𝐜𝐨𝐝𝐞 💻 𝐒𝐎𝐔𝐑𝐂𝐄 𝐭𝐡𝐞 𝐛𝐨𝐮𝐧𝐭𝐲 🔎 Start your search today! We’ve got plenty of open-source programs to hunt on 👉 Log4j, OWASP CycloneDX SBOM/xBOM Standard, Dovecot, GNOME Foundation, OpenPGP, ownCloud, OX App Suite, PowerDNS, Sequoia PGP, SystemD and Ntpd-rs. #BugBounty #OpenSource #YesWeRHackers

“Bug Bounty is like a continuous, never-ending pentest with a large number of resources” 🕵️ That’s the view of Michael Gillig, senior project manager for security at TeamViewer, whose remote access/control software has been installed on more than 2.5 billion devices worldwide 🌍 TeamViewer has run a #BugBounty Program with YesWeHack since 2022 🐞 Read our new interview with Michael Gillig, who also reflects on lessons learned during the launch phase and the benefits of outsourcing triage to our in-house triage team 👇

We’re excited to announce that YesWeHack will be attending the European Cyber Security Organisation (ECSO) Annual CISO Meetup in Vienna on November 4-5! 🇦🇹 Don't miss the chance to connect with our team, Rodolphe Harand and José Mengot, and explore how our #BugBounty and vulnerability management solutions can boost your #cybersecurity strategy. See you at booth 13! ✅

📧 #OpenSource #BugBounty Spotlight: Dovecot – Handling millions of emails securely each day, Dovecot is an open-source email server relied on by businesses worldwide. Dovecot IMAP Server and Pigeonhole SIEVE in scope for max €5k rewards via Open-Xchange! 🫀 𝐂𝐨𝐫𝐞 𝐅𝐮𝐧𝐜𝐭𝐢𝐨𝐧𝐚𝐥𝐢𝐭𝐲: IMAP/POP3 email server. Users can access emails on multiple devices through cross-platform synching. Designed for security and performance, Dovecot provides SMTP authentication, automated self-fixes, extensibility and clustered filesystems compatibility. 🌎 𝐑𝐞𝐚𝐥-𝐖𝐨𝐫𝐥𝐝 𝐀𝐩𝐩𝐥𝐢𝐜𝐚𝐭𝐢𝐨𝐧𝐬: Used by businesses, enterprises, ISPs and web hosting services to manage large volumes of email accounts. Suited to variety of contexts thanks to both IMAP and POP3 support and two-way replication support for high availability. ⚠ 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐑𝐢𝐬𝐤𝐬: Misconfigurations, mishandling of links and input validation flaws in email servers can enable malicious access to sensitive information, malware distribution and one-click RCE attacks. Hunters, help us harden Dovecot 👉 https://lnkd.in/gT7_SS5a