From b944d20b4e9b602045d0c1fed5b4e7d9ec91c4a9 Mon Sep 17 00:00:00 2001 From: djwy Date: Thu, 25 Apr 2024 16:35:34 -0700 Subject: [PATCH] fix: remove duplicated pages --- conferences/hacktivitycon/0tomvh.md | 13 ------------- conferences/hacktivitycon/grafanassrf.md | 19 ------------------- 2 files changed, 32 deletions(-) delete mode 100644 conferences/hacktivitycon/0tomvh.md delete mode 100644 conferences/hacktivitycon/grafanassrf.md diff --git a/conferences/hacktivitycon/0tomvh.md b/conferences/hacktivitycon/0tomvh.md deleted file mode 100644 index a2806aa6..00000000 --- a/conferences/hacktivitycon/0tomvh.md +++ /dev/null @@ -1,13 +0,0 @@ ---- -layout: page -title: How I got from 0 to MVH -video_src: https://www.youtube-nocookie.com/embed/M48hOtExUII ---- - -Speaker ------------------ -STÖK is a hacker, content creator, and creative with 25 years as a professional in Information Technology. STÖK is not only dedicated to bring excellent content and share new techniques to the red-team and bounty community but also strives to inspire the next generation of hackers to enter the infosec space. - -Abstract ------------------ -STÖK gets asked "How do I get started in bug bounties?" every day, and it's been like that since the first day he began his own bounty journey about 2 years ago. In 2020, there are so many different paths to choose, and it can be really overwhelming for someone that wants to break into the hacking space. Should you focus on VDPs? Should you do CTFs? Should you spend your time doing recon? Should you automate stuff? Or should you go app deep? There is no right or wrong way to do it, but the most important thing is to simply take action, and simply just start hacking. diff --git a/conferences/hacktivitycon/grafanassrf.md b/conferences/hacktivitycon/grafanassrf.md deleted file mode 100644 index 381dbcdc..00000000 --- a/conferences/hacktivitycon/grafanassrf.md +++ /dev/null @@ -1,19 +0,0 @@ ---- -layout: page -title: Graphing Out Internal Networks with CVE-2020-13379 (Unauthed Grafana SSRF) -video_src: https://www.youtube-nocookie.com/embed/NWHOmYbLrZ0 ---- - -Speaker ------------------ -Justin Gardner is a full-time bug bounty hunter based near Tokyo, Japan. His focus in the security space is on web vulnerabilities and automated reconnaissance as pertains to bug bounty hunting. Before bug bounty hunting full-time, Justin was held various roles in IT ranging from software developer to IT architect, as well as consulting as a penetration tester with SynerComm for 2 years. Outside of security, Justin loves Jesus, spending time with his wife Mariah, volleyball, learning languages, and Brazilian jiu-jitsu. - -Abstract ------------------ -This talk outlines the experience of discovering a full-read unauthed SSRF vulnerability in a product used by thousands of companies in their DMZs. There will be 3 main sections of this talk: the discovery, the exploitation, and the results. - -Starting with the discovery of this bug, we'll discuss some methodology of looking at open-source software for security vulnerabilities and how this led to the discovery of CVE-2020-13379. Included in this section will be defining your goals for what kind of impact you wish to achieve, identifying areas of interest, and perseverance (also known as going down the rabbit hole). - -From there, we'll dive into a demo of the bug. This will include a working PoC for CVE-2020-13379, an exploitation kit that will assist in full exploitation, and a summary of some useful escalation techniques. We will also discuss what it looks like to use this bug against companies who host Grafana instances in the DMZ or in the internal network. - -To bring it all around, we'll talk about the experience of reporting this bug to different vendors and mass-exploitation across bug bounty programs. This will include some lessons learned from mass-exploitation, some awesome collaboration with very skilled hackers, and some great interactions with programs.