- Видео 33
- Просмотров 39 406
Assetnote
Австралия
Добавлен 4 сен 2020
Assetnote continually monitors your external attack surface as it evolves allowing you to identify and triage high impact security issues quickly. Our team at Assetnote have been participating in bug bounties and have been application security enthusiasts for just under ten years, and we aim to share the knowledge we have obtained over the years through this channel.
Maximizing Security Outcomes: The Role of ASM in Bug Bounty Programs
Running an effective bug bounty program requires balancing an attractive scope and payout to hunters with an attack surface that challenges hunters to do more than automated scans. Program managers want to pay for skillful findings, not automated ones. In this episode, we talk about how ASM helps optimize your bug bounty program.
For more details about Assetnote's Attack Surface Management Platform, visit assetnote.io/
For more details about Assetnote's Attack Surface Management Platform, visit assetnote.io/
Просмотров: 366
Видео
Internet-Wide Recon: Moving Past IP-Centric Approaches
Просмотров 832Месяц назад
In this episode, we discuss the blindspots of IP-centric approaches to asset discovery and the importance of understanding the full attack surface of an organization. We unpack the challenges posed by modern cloud architectures, load balancers, and WAFs, and how these can create blind spots in reconnaissance efforts. We also highlight the significance of subdomain data and passive DNS in uncove...
Beyond Shadow IT: Understanding the True Attack Surface of Your Software
Просмотров 3312 месяца назад
This week's episode dives deep into the concept of shadow exposure and how it relates to third-party software, often overlooked in discussions about shadow IT. We explore the historical context of shadow IT, its evolution, and the real risks associated with widely deployed enterprise software that organizations may not fully understand. Join us as we discuss: - The origins and implications of s...
The Art of Recon: Strategies for Modern Asset Discovery
Просмотров 6 тыс.2 месяца назад
Today, we explore the world of asset discovery and reconnaissance, particularly how these practices have evolved over time. Historically, discussions around reconnaissance have been overly simplistic and tool-centric, often focusing solely on the latest tools rather than the underlying principles and methodologies. Join us as we break down our approach to reconnaissance into five key elements: ...
The Unknown Complexities of DNS Resolution
Просмотров 6252 месяца назад
In this episode, we dive into the technical complexities of DNS resolution in the context of ASM asset discovery. Join us as we discuss the challenges, implications, and solutions we have encountered while dealing with DNS resolution at scale. From DNS wildcards to security scanning considerations, we explore the importance of DNS data and its role in comprehensive reconnaissance. Our hosts, Mi...
Confusion in the Attack Surface Management Market - Surfacing Security Ep 6
Просмотров 1 тыс.2 месяца назад
Confusion in the Attack Surface Management Market - Surfacing Security Ep 6
Uncovering Critical Vulnerabilities in Magento: A Deep Dive - Surfacing Security Ep 5
Просмотров 4913 месяца назад
Uncovering Critical Vulnerabilities in Magento: A Deep Dive - Surfacing Security Ep 5
What is "True" Attack Surface Management (ASM)? - Surfacing Security Ep 4
Просмотров 4003 месяца назад
What is "True" Attack Surface Management (ASM)? - Surfacing Security Ep 4
The Untold Story of Assetnote: Origins and Evolution - Surfacing Security Ep 3
Просмотров 3563 месяца назад
The Untold Story of Assetnote: Origins and Evolution - Surfacing Security Ep 3
A Deep Dive into Three ServiceNow Vulnerabilities (with Adam Kues) - Surfacing Security Ep 2
Просмотров 3143 месяца назад
A Deep Dive into Three ServiceNow Vulnerabilities (with Adam Kues) - Surfacing Security Ep 2
Chaining Three Bugs to Access All Your ServiceNow Data (Live Q&A) - Surfacing Security Ep 1
Просмотров 9603 месяца назад
Chaining Three Bugs to Access All Your ServiceNow Data (Live Q&A) - Surfacing Security Ep 1
Bug Bounty Redacted #5: Second Order Subdomain Takeovers & Logic Bug DoS
Просмотров 3,6 тыс.2 года назад
Bug Bounty Redacted #5: Second Order Subdomain Takeovers & Logic Bug DoS
Bug Bounty Redacted #4: Writing to S3 buckets & Insecure JWT Implementation
Просмотров 3,1 тыс.2 года назад
Bug Bounty Redacted #4: Writing to S3 buckets & Insecure JWT Implementation
Bug Bounty Redacted #3: Hacking APIs & XSS, SQLi, WAF Bypass in a regional web application
Просмотров 5 тыс.2 года назад
Bug Bounty Redacted #3: Hacking APIs & XSS, SQLi, WAF Bypass in a regional web application
Bug Bounty Redacted #2: Third Party Subdomain Takeover & Exposed Admin Interfaces
Просмотров 3,6 тыс.2 года назад
Bug Bounty Redacted #2: Third Party Subdomain Takeover & Exposed Admin Interfaces
Bug Bounty Redacted #1: Exposed Redis and HAProxy
Просмотров 6 тыс.2 года назад
Bug Bounty Redacted #1: Exposed Redis and HAProxy