4 matches found
h1-ctf: [H1-2006 2020] From multiple vulnerabilities to complete ATO on any customer account and staff admin
First of all, thanks for the awesome CTF. I enjoyed it very much : Summary The CTF was about helping HackerOne's beloved CEO, @martenmickos, to approve May bug bounty payments after he has lost his login details for BountyPay. It all started with this tweet: F860982 And as you all know, I had to...
h1-ctf: [H1-2006 2020] Writeup
^FLAG^736c635d8842751b8aafa556154eb9f3$FLAG$ Prologue The CTF was announced in a Hacker0x01 tweet. The goal is to make payments from Marten Mickos' account on BountyPayHQ. The announcement tweet was followed shortly by a retweet of BountypayHQ, an account made for the event. BountypayHQ has one...
h1-ctf: [H1-2006 2020] Solution for the h1-2006 CTF challenge
Hi, The flag is ^FLAG^736c635d8842751b8aafa556154eb9f3$FLAG$. I didn't know I can send it prior to the report until I saw some disclosed solutions from the previous challenges. The report will follow later today. Regards @thehackerish Impact Multiple vulnerabilities on .bountypay.h1ctf.com allow ...
Newsmaker Interview: Marten Mickos the Future of Bug Bounty
Since the launch of the Hack the Pentagon program in 2016, bug bounty programs have quickly grown in popularity. The program was bolstered by HackerOne, a bug bounty security crowdsourcing platform led by CEO Marten Mickos. “The numbers have exploded,” Mickos told Threatpost. “There’s a larger...