How Pros Use CVEs to Find New Bugs (before anyone else! ft CVE-2020-5902)

Рет қаралды 20,592

Күн бұрын

Пікірлер: 58

@nathangriffiths8809 4 жыл бұрын

Your next assignment Katie, if you decide to take it: Teach us to reverse engineer. :) (Great explanation on CVE's, thank you!)

@InsiderPhD 4 жыл бұрын

This is DEFINITELY something I want to cover but I am still learning myself! As soon as I understand the topic well enough it will for sure be a video on my channel!

@LaurentLaborde 3 жыл бұрын

@@InsiderPhD Reverse Engineering is extremely difficult to explain in short video. I gave up trying and write tech diary instead and publish it on GitHub. The problem is that videos either spend hours and hours explaining the most basic sh*t OR end up doing some kind of "it's magic, I ain't gotta explain sh*t".

@prathameshmahamulkar6533 4 жыл бұрын

Thank you so much Katie for explaining a very important concept in a to the point and objective way. Wish you a very happy, fulfilled and satisfying career.

@prathameshmahamulkar6533 4 жыл бұрын

Big Fan of you, TCM, Tomnomnom and Stok

@InsiderPhD 4 жыл бұрын

Thank you! You too!

@offlife77 4 жыл бұрын

I got my first bounty after watching your IDOR video....thanks a lot:)

@InsiderPhD 4 жыл бұрын

Amazing! I hope it was a good one! Very proud of you getting your first bounty!

@sabyasachimitra9644 3 жыл бұрын

Can you please share the report, so I can learn from it? And was it an idor or somethiing else?

@mertdas6794 4 жыл бұрын

katie gives value as always.. Love your content

@InsiderPhD 4 жыл бұрын

❤️ thank you for watching!!

@fritzeyok 4 жыл бұрын

This is what a call DIAMOND CONTENT! Thanks for the lessons.

@InsiderPhD 4 жыл бұрын

Wow, thanks!!!

@ВиталийОвчаренко-и1н 9 ай бұрын

The stages involved in addressing the issues caused by CVE-2020-5902 include: 1. Identifying the Vulnerability: Scan the network using specific tools to identify the presence of the Remote Code Execution (RCE) vulnerability (CVE-2020-5902). 2. Applying Patches: Apply the patches released by F5 Networks to fix the critical RCE vulnerability in the affected versions of BIG-IP. 3. Monitoring for Exploitation: Keep monitoring for any active attempts to exploit the vulnerability in the wild and stay updated on mitigation details provided by F5. 4. Implementing Security Measures: Design and implement a comprehensive security policy based on insights from the CVE database to prevent exploitation and enhance overall security posture.

@tokyorockstarVALORANT 7 ай бұрын

ty for the video. wanted to ask what languages i should learn to reverse engineer.

@sudha2373 4 жыл бұрын

Mam I my Xss payload blocked by waf how to Bypass waf

@daviscl22 2 жыл бұрын

Excellent info.

@wisdomfreak 4 жыл бұрын

Finally video that i asked you thank you

@InsiderPhD 4 жыл бұрын

I do get round to requests! Eventually!

@wisdomfreak 4 жыл бұрын

@@InsiderPhD 🙂

@MFoster392 Жыл бұрын

Great information :)

@sirhaya363 4 жыл бұрын

thank you your video are the best on the subject !

@InsiderPhD 4 жыл бұрын

Aww thank you so much for such a kind comment!

@sirhaya363 4 жыл бұрын

@@InsiderPhD sooo my first bug is a CVE thank you !!

@6cylbmw 4 жыл бұрын

Thanks a lot for putting up this video although Im still confused. From what I know/ heard a lot of companies dont pay for vulns found bassed on CVEs (last 3 / 6 months). Is there any bug bounty hunter which actually uses this approach and makes profit? It this approach legit?

@InsiderPhD 4 жыл бұрын

That's totally true, you're right! A lot of companies will consider CVE related bugs internal dupes for the first 30 days. But this is a strategy and you can totally make money, if you check out twitter for CVE-2020-5902 and the Citrix CVE from around December? So it's definitely a risk, but probably worth it for a bug like this one where it's a very simple exploit. It is legit, but you're totally right that it might be considered a dupe or out of scope.

@SantoshKShah 4 жыл бұрын

Great ,Thank You !

@danielazulay4936 4 жыл бұрын

That's great, thanks! I have a question about using OS X in bug hunting. Do you think it's a good idea? Should I use a virtual machine(ex. ubuntu) cause I found that most of the recon tools just work better on linux.

@InsiderPhD 4 жыл бұрын

I use OSX personally with no issues, but if you do a lot of recon maybe consider a virtual machine or something like digital ocean if the tools perform better for you. I should say I have no issues myself!

@thefunnychannel647 3 жыл бұрын

Can you please add a video on how to use nuclei

@leghdaf 10 ай бұрын

Thanks InsiderPhD ...

@snookieNaija 7 ай бұрын

Thanks love

@itsm3dud39 2 жыл бұрын

what about exploit-db?

@maakthon5551 Жыл бұрын

Great!

@josephgosling9593 4 жыл бұрын

Awesome !!

@InsiderPhD 4 жыл бұрын

Thanks!!

@mirhat9330 4 жыл бұрын

It would be great if you can make a video about reverse engineering! :)

@Sanjayyadav-hb2jc 4 жыл бұрын

🤣🤣

@InsiderPhD 4 жыл бұрын

Yeah it’s for sure something I want to cover but that I’m still learning myself, I’ve really been enjoying some of Liveoverflows older videos on the topic!

@hackerproxy19 4 жыл бұрын

good teaching

@ismailramzan8927 4 жыл бұрын

Thanks Again 😊.

@InsiderPhD 4 жыл бұрын

You're welcome 😊

@prashanthravichandhran5688 4 жыл бұрын

thank you

@ricardotech 4 жыл бұрын

love from brazil

@cloufish7790 4 жыл бұрын

[Q] Aren't you risking getting a lot of duplicates and so lose much reputation on h1 or any other bug bounty website? I mean, you'll eventually be racing other people just like you said (And I understand that you're racing with them anyway, but I get a feeling that in those CVE's there's a lot more racing). Or Am I just overrating the value of reputation on these websites? Is the money the most important? Being flooded with duplicates also relates to fuzzing many domains and subdomains with the same exploit. Although I think It's great video, motivates to do more research on your own

@InsiderPhD 4 жыл бұрын

So dupes now don't impact rep on h1, but you're right, you are just racing people! Even those who do find this bug might find that they are duped because they internally know about it and are patching it anyway. The core advantage is if you are able to figure out a 0 day exploit before anyone else you have the entire internet. For people who make their income on just bug bounties being able to catch this before anyone else is a huge huge advantage cause even if they get a few dupes they can make 2-3 months wages from the non-dupes. But I just thought this topic was an interesting look into how the pros approach to bug bounty is really quite different to people starting out and especially shows how 0 days can motivate the best bug hunters!

@coderx56 4 жыл бұрын

I love you very very much ❤

@ca7986 4 жыл бұрын

❤️

@ChrisLeftBlank 11 ай бұрын

12:45 lol, what? I think this is incorrect. I understand the expressed sentiment for usage all of these things aside however - illegal in not the right word. I am almost 100% sure for almost any kind of cyber activity that occurs in any other country than where it was committed from that never in even a million years would result with police showing up to arrest someone. Even based from knowing almost nothing about computer forensics and law I would argue (from a field I have very much experience with) that laziness combined with civil right prevent legalities. So to iterate - not only is big business private and disclosure to convict a 'hacker' so difficult accumulate and attribute to any individual but even the reason cyber security evolved was these same entities were liable for loss originally. Even then between countries illegal is not a thing. Like if they(Foreign) charged someone we(domestic) wouldn't care - we wouldn't care because this have always been and even if i'm incorrect about those still nobody(domestic) cares. But i might be wrong .

@InsiderPhD 10 ай бұрын

github.com/disclose/research-threats