- 7,240
- 2,534
- Joined
- Jul 26, 2006
Im not in the mindset to grind out leetcode but i do want to get a job at FAANG just to say that i could.
Follow along with the video below to see how to install our site as a web app on your home screen.
Note: this_feature_currently_requires_accessing_site_using_safari
Do you guys have any advice on whether or how to bring up discovering and reporting exploits? I've heard very opposite answers from employers.
I once discovered and reported a 0day exploit on Twitch that allowed me to log in on almost any account, including Twitch staff, without having to know their email or password but my communications with Twitch about it were essentially a non-prosecution agreement.
I definitely didn't go about it in the best way I logged in on the account of the staff member I reported it to, a person who has since been fired in a sexual harrassment scandalMost companies will have a vulnerability disclosure program (vdp) or responsible disclosure program, looks like they have one as well; ``--twitch.tv/p/en/security/`` form is at bottom looks like they are using bugcrowd. Looks like its a point based program only so you wont get financially compensated.
Some companies actually have a bug bounty program where they will pay you for the report, based on the severity.
However, always read these /security programs first before you just start trying to find exploits on entities, that is not legal, and I would also recommend evaluating if they have safe harbor in place.
I would agree, but where else will you pull in. $225k + stock and not but a C suite employee?nah
buncha yuppies for the most part
Did they pay you a bug bounty? If you look on hackerone[.]con you can see what companies participate. If you’re a decent pen tester, it’s an easy way to make some extra cash.Do you guys have any advice on whether or how to bring up discovering and reporting exploits? I've heard very opposite answers from employers.
I once discovered and reported a 0day exploit on Twitch that allowed me to log in on almost any account, including Twitch staff, without having to know their email or password but my communications with Twitch about it were essentially a non-prosecution agreement.
This is solid work. They def shoulda paid you a bounty lolI definitely didn't go about it in the best way I logged in on the account of the staff member I reported it to, a person who has since been fired in a sexual harrassment scandal
The agreement was basically that I would get unbanned on Twitch and get to keep an account of my choosing in exchange for not mentioning the exploit to anyone as it was during their Amazon deal
Edit: In case anyone’s curious, here’s how it worked.
Before/during the Amazon deal, Twitch had a predecessor called ********* (JTV).
For well over a year, mostly while the Amazon deal was being worked out, both Twitch and JTV co-existed. Their login systems were connected but the JTV website, which started in 2007 or something, had different security systems.
What could go wrong?
One thing I started noticing was that an email verification link when received through JTV didn’t seem so random. In fact it seemed like the exact same link no matter how many different emails I tried to verify. So I set out on decrypting it the encrypted email verification and eventually found that it was just SHA-2. The email verification link basically just consisted of a SHA-2 encryption of your username and user ID. That’s all there was to it, and like many email verification links, these also logged you in automatically.
It didn’t work on every account, probably about 70% and all Twitch admins I tried, but the shorter the username, the higher the odds of getting logged in seemed to be
The only prerequisite was that the selfmade email verification link had to done on JTV
Normally they at least put you on a "security hall of fame" but I was seen as a sort of notorious figure amongst Twitch's security team so I was kept off of it.This is solid work. They def shoulda paid you a bounty lol
Normally they at least put you on a "security hall of fame" but I was seen as a sort of notorious figure amongst Twitch's security team so I was kept off of it.
I mainly just wanted my permanent ip ban to be wiped so I wouldn't have to keep using a VPN and a new account every other day. As you can probably guess, I initially got a permanent ip ban for account theft.
In a way they did pay me. Aside from getting my suspensions wiped, I was also allowed to keep an inactive stolen account of my choosing. Because it's effectively the 'rarest' username on the platform, in the past year or so I've gotten legitimate offers for it ranging from $6k to $10k.
Used to have switches and a bunch of diff devices but essentially they took up too much room for something I could do virtually or cloud based. Still got my cheese grater Mac Pro though, probably get rid of it unless I figure out a project to do with it.I used to have a rack, routers and switch. But I generally just use VMWare workstation…
Cisco has dCloud. You can get a free Azure account. VMWare player is free. Microsoft gives evaluation copies of their software. Kali Linux is free. Most Linuxes are too (not named Red Hat which is really for the support but you can also get that for free). Cisco Packet Tracer is free if you get a Netacad account. GNS3 and EVE-NG are free. Developer libraries are free.
damn thats fire bruh! congrats to youI definitely didn't go about it in the best way I logged in on the account of the staff member I reported it to, a person who has since been fired in a sexual harrassment scandal
The agreement was basically that I would get unbanned on Twitch and get to keep an account of my choosing in exchange for not mentioning the exploit to anyone as it was during their Amazon deal
Edit: In case anyone’s curious, here’s how it worked.
Before/during the Amazon deal, Twitch had a predecessor called ********* (JTV).
For well over a year, mostly while the Amazon deal was being worked out, both Twitch and JTV co-existed. Their login systems were connected but the JTV website, which started in 2007 or something, had different security systems.
What could go wrong?
One thing I started noticing was that an email verification link when received through JTV didn’t seem so random. In fact it seemed like the exact same link no matter how many different emails I tried to verify. So I set out on decrypting it the encrypted email verification and eventually found that it was just SHA-2. The email verification link basically just consisted of a SHA-2 encryption of your username and user ID. That’s all there was to it, and like many email verification links, these also logged you in automatically.
It didn’t work on every account, probably about 70% and all Twitch admins I tried, but the shorter the username, the higher the odds of getting logged in seemed to be
The only prerequisite was that the selfmade email verification link had to done on JTV
I would agree, but where else will you pull in. $225k + stock and not but a C suite employee?
It’s a diff vibe for sure but on the positive side imo. Once you get away from customer support roles, it straight “get your sh** done”.
No one is clock watching you, making sure you get you hours in etc.
There may be some Pocket watching lol
“How was their bonus bigger than mine”
But where don’t they pocket watch
congrats guy1!!
CCNA HAS BEEN ACHIEVED!!!!!!!!!!!!!
I’m telling y’all loldamn thats fire bruh! congrats to you
idk where else, thats what im tryna figure out
What kinda non management titles are hitting that 225k at FAANG?I’m telling y’all lol
I would agree, but where else will you pull in. $225k + stock and not but a C suite employee?
It’s a diff vibe for sure but on the positive side imo. Once you get away from customer support roles, it straight “get your sh** done”.
No one is clock watching you, making sure you get you hours in etc.
There may be some Pocket watching lol
“How was their bonus bigger than mine”
But where don’t they pocket watch
SWEsWhat kinda non management titles are hitting that 225k at FAANG?
So were there any labs on it
CCNA HAS BEEN ACHIEVED!!!!!!!!!!!!!
So were there any labs on it