Organised within a separate section at PHDays for the first time, leading security researchers and bug hunters will share the results of their work, and owners of bug bounty programs can attract bug hunters by making an announcement. During the event, our sponsors and partners will announce the highest bounties for their vulnerability disclosure programs, and the most active bug hunters will be additionally awarded by organisers.
Once bug hunting becomes a race of known misconfigurations and CVE detection, automation is required:
- monitor daily #BugBountyTips and CVEs;
- filter results with trendy potential;
- get alerts on time (13:37 UTC +0).
“Bug Hunting Hub” is a Telegram channel with my notes and bot notifications.
Earlier, I’ve already published information about the critical vulnerabilities and backdoors in D-Link DIR-620 (RevG), that I’ve discovered and submitted to the vendor. The D-Link DIR-620 routers is a model of router, that popular in Russia and CIS countries (most home routers are located behind their ISP’s NAT, which is why these routers don’t appear in the statistics) due to one of the ISPs delivered to its customers (this conclusion is based on the fact that the router is provided as part of the standard customer contract and the hardcoded credentials contain the name of the ISP in the login string).