Friend of mine is looking for a new people to join to his company as a Suppor Team Member.
I don't know the details but if You want, let me know (via e-mail) and I will contact You directrly.
Enjoy! ;)
o/
Showing posts with label contest now. Show all posts
Showing posts with label contest now. Show all posts
Friday, 11 May 2012
Friday, 27 April 2012
[EN] Work to win 0day ;)
Yeah, yeah...;]
"Work"... like this:
currently I have few "notes" about "possible" rce bugs in few top10 webapps.
If You're interested to check it out, You know where You can find me... ;)
Regards
o/
[EN] Wanna 0day for Your webapp? ;)
Ok. It's simple:
mail me with request for webapp (name and version) and I will tell You
what I have for it. Simple? ;)
Details we will discuss privately.
Cheers! ;)
mail me with request for webapp (name and version) and I will tell You
what I have for it. Simple? ;)
Details we will discuss privately.
Cheers! ;)
Thursday, 26 April 2012
[EN] Update for April! - finally (part 3)
As You can see below, I paste it few news. Check it out! ;)
Comments / questions are welcome!
Cheers o/
[EN] Hire Pentester $$
What I'm doing:
It is mostly "black box" testing for companies, e-shops, or some intranet web-stuff, etc. Just ask ;)
This is something I have been doing for several years from now.
We can cooperate remotely ("contracts") or permament. Again: just ask.
How to start:
Send me an e-mail with question(s).
We will pick a time frame for me to start the tests.
After my job, You will get detailed report (vulnerabilities + 'how to remove them')
The Cost:
For You, $200 USD for the test and report (1 WWW).
If you want me to implement the security changes, charge will change. ;)
For those who want to do "server monitoring" for some periods of time
we can discuss payment more specific to your requirements.
If You have any questions, feel free to ask.
My resume is available for request.
Of course, Customers must sign a contract legally. :)
More here:
hauntit.blog@gmail.com
It is mostly "black box" testing for companies, e-shops, or some intranet web-stuff, etc. Just ask ;)
This is something I have been doing for several years from now.
We can cooperate remotely ("contracts") or permament. Again: just ask.
How to start:
Send me an e-mail with question(s).
We will pick a time frame for me to start the tests.
After my job, You will get detailed report (vulnerabilities + 'how to remove them')
The Cost:
For You, $200 USD for the test and report (1 WWW).
If you want me to implement the security changes, charge will change. ;)
For those who want to do "server monitoring" for some periods of time
we can discuss payment more specific to your requirements.
If You have any questions, feel free to ask.
My resume is available for request.
Of course, Customers must sign a contract legally. :)
More here:
hauntit.blog@gmail.com
Thursday, 15 March 2012
[EN] April: Projects
As You know I'm always looking for a new projects.
So if You want to update my resume...;)
Let me know, how can I help You.
Tuesday, 13 March 2012
[EN] Drupal 7.12 user-enumeration
Yep, another day of testing Drupal code, and today I found user-enumeration bug.
Drupal seems to be vulnerable to user enumeration but this vulnerability is dedicated to logged-in users only:)
If You want to check it at Your installation, let me know ... ;)
Just like it was with Wordpress bugs.
I will present more technical details in April.
Maybe this one today:
;)
Questions? Priv.
Drupal seems to be vulnerable to user enumeration but this vulnerability is dedicated to logged-in users only:)
If You want to check it at Your installation, let me know ... ;)
Just like it was with Wordpress bugs.
I will present more technical details in April.
Maybe this one today:
;)
Questions? Priv.
Sunday, 11 March 2012
[EN] Drupal 7.12 bug - Updated 9:0
I'm working on exploit for latest Drupal (7.12).
Now there is "next part of fuzzing" started, so post will be updated soon (maybe today/*tommorow).
Anyway: I need some help with writing patch.
If You are interested, let me know! ;)
*... today ;) *
Fuzzing still in progress (with a lot of "reading";))
But for now we can say:
* 12.03.2012 - 8:30 - Updated *
After 2 days, I have 3 different bugs for latest Drupal.
So, if You're still interested in exploit/patch process development, let me know! ;)
* 12.03.2012 - 9:52 - Updated *
Wow, it will be a very busy Monday ;)
I found another bug in Drupal, this time is in admin panel, (but in case when 'normal user' will do sql-injection from bugs I described at the top of this post, there is a risk of be-0wned ;P)
From 'simple' fuzzing of my 'simple' tools, there is simple 'total score':
- 3 sql-injection (or will be extended to something more/less)
- 5 information disclosure bugs
*13.03.2012 - 3:36 - Updated*
Ok. So for now there is 9 vulnerabilities. :)
Possible both situations:
- sql injection / information disclosure from normal/registered user
- like before, but for admin...
To be continued... ;)
*... today ;) *
Fuzzing still in progress (with a lot of "reading";))
But for now we can say:
- for not logged : there is information disclosure (or I will extend it if possible to something more useful)
- for logged-in as a normal/registered/authenticated user: ... ;)
* 12.03.2012 - 8:30 - Updated *
After 2 days, I have 3 different bugs for latest Drupal.
So, if You're still interested in exploit/patch process development, let me know! ;)
* 12.03.2012 - 9:52 - Updated *
Wow, it will be a very busy Monday ;)
I found another bug in Drupal, this time is in admin panel, (but in case when 'normal user' will do sql-injection from bugs I described at the top of this post, there is a risk of be-0wned ;P)
From 'simple' fuzzing of my 'simple' tools, there is simple 'total score':
- 3 sql-injection (or will be extended to something more/less)
- 5 information disclosure bugs
*13.03.2012 - 3:36 - Updated*
Ok. So for now there is 9 vulnerabilities. :)
Possible both situations:
- sql injection / information disclosure from normal/registered user
- like before, but for admin...
To be continued... ;)
Friday, 2 March 2012
[EN] Wordpress 3.3.1 no-0day exploits - Updated - 12.03!
Quick note from Friday ;)
As I mentioned here in March I decided to post some "more technical" details, but...
only for the first 6 of You who send me message about why I should send 'details' to him ;>
Still no free-days :< :*
From now to Monday 23:59 Central UE time...
Enjoy Your weekend! ;)
Cheers!
* Update 5.03 - 21:20 *
I promised myself, that I don't check my e-mail, until there won't be "hour 0".
But something tempted me...
It's amazing, that there is so many answers/requests! ;D I understand that all of You installed WP? ;]
Like I sad "first come first served", so You should check Your mail's now. ;)
Also... :) There is a little "modification - surprise":
Because there was so many requests of code and/or info, I will send it to all people,
who asked me about it. For now. ;)
Have fun, any legally! ;)
o/
*Update 12.03.2012*
If You want more information about WordPress vulnerabilities, check this tag!;)
Subscribe to:
Posts (Atom)