⁃ Exposed Private Key Committed to Public Repository (same)
⁃ BIND9 Version Disclosure via CHAOS TXT version.bind (doh, yes, sure…)
⁃ BIND 9 Integer Overflow Vulnerability Report (Bullshit AI Slop; looked genuine until I dismantled it to pieces; PoC was nonsense)
⁃ 9 issues about gitlab.isc.org (#wtf)
To be fair, #YesWeHack is doing great job filtering the issues for us, and I did help with three of these issues proactively before they ended their Review just for fun. (2/2)
@bagder But Wait!
Anyway, BIND 9 now also has Bug Bounty program via #YesWeHack (https://fosstodon.org/@iscdotorg/115763743040529757) and we got exactly one genuine issue out of 15 (and that's issue that has been previously independently reported). The rest was:
⁃ Cryptographic Weakness in BIND 9.20.15 PRNG Enabling DNS Cache Poisoning (Bullshit AI Slop; it just proved lack of randomness in provided PoC :facepalm:)
⁃ Multiple EC/TLS Private Keys Committed to Public Bind9 Repository (yeah, in system tests) (1/2)
"Basic Insecure direct object references (IDOR) in cookie"? #Pwned! It was a blast on #YesWeHack!
Think you can take it on? 🌟
https://dojo-yeswehack.com/challenge/play/53edede7-bf27-478e-8976-e203f778fb4e?pwned
#ChallengeAccepted
// YesWeHack rejoint les autorités CVE
👏 La startup française YesWeHack devient autorité CNA et peut désormais attribuer des identifiants CVE. Une belle reconnaissance pour l'écosystème français du bug bounty.
🔗 https://www.datasecuritybreach.fr/yeswehack-rejoint-les-autorites-cve/
Le Français YesWeHack, dénicheur de vulnérabilités informatiques, entre dans la cour des grands ! #YesWeHack a officiellement obtenu le statut d'autorité de numérotation CVE. Une excellente nouvelle pour la plateforme française de #bug bounty, qui peut désormais attribuer des identifiants de #vulnérabilités de #sécurité.
https://www.clubic.com/actualite-580342-le-francais-yeswehack-denicheur-de-vulnerabilites-informatiques-entre-dans-la-cour-des-grands.html
Gotta love how the bug bounty site YesWeHack keeps rejecting my KYC as they want a full photo of my ID even though I have the right to redact certain information... (they seem to even have an automatic black bar detector lol)
Kinda annoying when all you want to do is report a security issue through the proper channels -.-
🇬🇧🐞 The live Bug Bounty by YesWeHack kicks off in 5 minutes!
🗓️ June 28 | ⏰ 10:00 → 03:00 (29th)
📌 Loft Area
🧠 Program revealed at the last minute — open to all leHACK attendees registered on https://yeswehack.com
#leHACK #BugBounty #YesWeHack
🇫🇷🐞 Le Bug Bounty live de @yeswehack démarre dans 5 minutes !
🗓️ 28 juin | ⏰ 10h → 3h (29)
📌 Loft Area
🧠 Programme révélé à la dernière minute — accessible à tous les inscrit·es sur yeswehack.com présents à leHACK
#leHACK #BugBounty #YesWeHack
🇬🇧✨ Real-time hacking. Real bounties. Real community.
YesWeHack is hosting a Live Bug Bounty at leHACK 2025!
🗓️ June 28, 10:00 → June 29, 03:00
📍Le Loft, Cité des Sciences – Paris
Whether you're new to bug bounty or a seasoned hunter, this is your chance to dive into a live, in-scope target, collaborate with peers, and claim rewards.
🎯 Targets revealed live
🛠️ Open to all leHACK attendees
🕹️ Details: https://www.yeswehack.com/page/yeswehack-at-lehack-2025
🇫🇷✨ Du hacking en temps réel. Des failles réelles. Des récompenses concrètes.
YesWeHack organise son Live Bug Bounty pendant leHACK 2025 !
🗓️ 28 juin, 10h → 29 juin, 03h
📍Le Loft, Cité des Sciences – Paris
Débutant curieux ou hunter confirmé ? Rejoins une session unique : cibles dévoilées en live, bugs à dénicher, bounties à gagner.
🎯 Cibles exclusives
🛠️ Ouvert à tous les participants de leHACK
🕹️ Infos : https://www.yeswehack.com/page/yeswehack-at-lehack-2025
❓ How can bug bounty programs …
1️⃣ Keep hackers engaged in the long term?
2️⃣ Effectively increase the amount of good quality reports that you receive?
3️⃣ Stand out from competition and be the program that hackers choose to hack on?
📽️ In this video, I covered 5 tips that can allow any bug bounty programs to stand out from the rest. If you implement them, you can expect an increased participation from skilled and good hackers (or security researchers) and a consistent stream of valuable vulnerability submissions! Most importantly, are you ready to handle the resulting high quality reports? 😊
🫵 Hackers, if these tips hit the mark, please share them with your favourite bug bounty programs! Your input could lead to improvements like loyalty programs and direct report submissions (skip platform analysts or triage teams). Let's level up the bug bounty landscape together! 😎
⬇️⬇️⬇️
#bugbounty #bugbountytips #togetherwehitharder #hackerone #ittakesacrowd #outhackthemall #bugcrowd #bugcrowdtipjar #hackwithintigriti #intigriti #yeswehack #yeswerhackers #ethicalhacking #whitehat
🔓 Just beat the "Dojo #40 - Hacker profile" challenge on @yeswehack!
Think you can match my skills? 🌟
https://dojo-yeswehack.com/challenge/play/e8fe7318-3b61-4fb3-bd2c-3e741ff62a96?pwned
I just pwned the "Dojo #39 - Phishing" challenge on YesWeHack
Who’s next to join the fun? 🚀
https://dojo-yeswehack.com/challenge/play/d09a5778-77dc-455c-a614-132ba040986d?pwned
#YesWeHack #challengeaccepted
Just completed the "Dojo #37 - Hacker forum" challenge on YesWeHack
Level up with me! 🌟
https://dojo-yeswehack.com/challenge/play/07c69662-c78b-4fab-acfb-843f68a71d4c?pwned
#YesWeHack #ChallengeAccepted
#systemd has joined the @sovtechfund #BugResilienceProgram and we now have a security bugs bounty program up and running on #YesWeHack https://yeswehack.com/programs/systemd-bug-bounty-program
Good hunting!
🚨📢 Insomni'hack 2024
We are delighted to welcome YesWeHack as a Silver sponsor.
🤝 Special thanks to: Guillaume Vassault-Houlière, Romain Lecoeuvre, Rodolphe Harand, Adrien Jeanneau, Marine Magnant & Sarah Gourraud.
👉 Register here: https://www.insomnihack.ch/register/
#INSO24 #Insomnihack #cybersecurity #cybersecurityconference #Cyberdefense #CTF #yeswehack #hacking #training #ethicalhacking
Computing-knowers! Does anyone have any info on Ethical Hacking / Bug Bounties, and the interplay with GDPR and data protection? Has any research or investigation been done on that?
#InfoSec #CyberSecurity #BugBounty #YesWeHack #Hacking #EthicalHacking #GDPR #DataProtection #Privacy
My bag start to look good with all the patches and pins 😎
Next step will be some customization with paracords 😅
Thanks : #ClayGrahamArt #defcon #bird_ov_prey #Stickerum @1dark1
#leHACK #yeswehack #Khaldam
@Medus4 @1dark1 @JeremySCook @adafruit @pimoroni @protonmail
I may have added stickers on the Getac 😂
Small stickers that fit well aren't always easy to find, but one from #yeswehack fits well, and complemented by a few small ones from #pimoroni and #redbubble.
Now I wonder if I add some on the palm rest too…
« Rendez-vous au FIC 2020 avec du LOURD ! #CarHacking #BugBounty #YesWeHack » https://korben.info/rendez-vous-au-fic-2020-avec-du-lourd-carhacking-bugbounty-yeswehack.html #veille #sharedlinks
