Browse Tag

write-ups

Fastest Fix on Open Bug Bounty Platform

This is a write-up on the Fastest Fix on Open Bug Bounty (OBB) Platform. The security team was extremely prompt in responding and fixing the bug.

I don’t usually write articles related to the bugs that I have reported to organisations through responsible disclosure, however, I have gotten explicit permission from Kevag Telekom GmbH to write a blog post about this report.

Fastest Fix Achievement Badge

To achieve “Fastest Fix” on Open Bug Bounty, it is compulsory to complete all the following within 24 hours:

  1. Reporting a bug through the Open Bug Bounty platform (link)
  2. Contacting the affected organisation (via Twitter, Email, Contact form, etc.)
  3. Providing a Proof of Concept (POC) to demonstrate the vulnerability
  4. Getting the organisation to fix the vulnerability and deploy it to the production environment
  5. Conducting a regression test to verify that the vulnerability has been fixed
  6. Triggering Open Bug Bounty platform to verify the fix and update its tracking status

After successfully completing the above steps within 24 hours, the following simple badge has been earned:

Fastest Fix on Open Bug Bounty
In the name of gamification, OBB provides Security Researchers with Awards and Achievements. They are simple badges that could be earned through fulfilling certain criteria.

Keep Reading

OverTheWire Bandit Write-up

I created a series of detailed step-by-step walkthrough video with explanations.
Check out the playlist here: https://www.youtube.com/watch?v=93PE-kStl34&list=PL2mncq0mb-6ibI02KufoaXnZHgNc6G9dO

A list of write-ups for OverTheWire Bandit, a simple Capture The Flag (CTF) game aimed at beginners.

The objective of the game is to solve the challenges and find the password to proceed to the next level.

To get started, the player needs to know how to connect to the server using a Secure Shell (SSH), which is essentially the bread and butter of any information security professional. Fine, probably something essential for any IT professionals to know how to use. 

For an absolute beginner who has not used SSH before, it is never too late to get started. It is time to put on a learning hat and try out the OverTheWire Bandit challenges!

OverTheWire Bandit

While the website itself did mention that the challenges were designed for beginners, it is still pretty fun for IT professionals to challenge themselves.

https://www.youtube.com/watch?v=93PE-kStl34&list=PL2mncq0mb-6ibI02KufoaXnZHgNc6G9dO

List of Write-ups