Eduardo Vela
7,196 posts
Eduardo Vela
@sirdarckcat
not mad. mentally divergent.
personal profile, opinions my own. everything I say is probably wrong.
@Google
Zurich, Switzerland
Joined January 2008
- We just opensourced the Google CTF challenges from last year!
- Ever wondered what makes a CTF challenge good? I've asked myself that many times. I wrote this to help me answer that question based on discussions with others in the community
- Put public key in. Get private key out.
- Hey folks. You know, on @GoogleVRP we actually want to pay you xD. If we tell you something is not meeting the bar, it's a dupe or so, it's because we want to be consistent and fair. The rewards don't come out of our salaries, and we have no quotas to fill. Budget is not an issue
- Anyone knows someone called Singh? They found an XSS, but we don't know who to pay for it! If this was you, respond to this tweet with the address you used to verify your identity!
- Open source needs everyones help. Starting today Google will be issuing rewards to OSS contributors that help with vulnerability response. Even for bugs found by Google. Read more:
- So... we'll give out 100k USD in Grants for Google Cloud vulnerability research and we'll pay the best report we get in 2019 another 100k
- Calling all CTF Authors! Do you love building CTF tasks? New competition to find the best CTF Tasks, both original (never seen before) and of the past year (Hall of Fame) forum.defcon.org/node/233145
- Pro tip: if you send an email with ${jndi:dns://foo.com} and you get a DNS callback to foo.com - consider that maybe (just maybe), the thing that did the DNS resolution is checking the domain for SPAM.
- Anyone likes open redirects? If hostname is checked, but not the scheme you can use evilwebsite.com/xss.php?redir_… (note that the target url isn't sent to the server)
- For those that might have missed it. @Google issues monetary payments to the top Google bug hunters, even when no vulnerabilities are found (and before research is started). You can apply for Google's Vulnerability Research Grants here:
