Archives

YesWeHack is a Global Bug Bounty and VDP Platform. Founded in 2013, YesWeHack was created by hackers, for hackers. We are committed to provide quality programs for our community and we are working very hard to be the best and fairest crowdsourced security platform out there. YesWeHack is not just a Bug Bounty platform. We also provide community tools and […]

Our new HITB Studio track where we’ll keep you updated on what’s happening throughout the event including pre and post interviews with speakers and friends of HITB

Our new HITB Studio track where we’ll keep you updated on what’s happening throughout the event including pre and post interviews with speakers and friends of HITB

In this talk, we present a novel class of Hybrid Application vulnerabilities associated with “Javascript bridges”.  Hybrid apps combine the features of Web applications and “native” mobile apps. First, it provides an embedded Web browser (for example, WebView on Android) that execute the app’s Web code. Second, it supplies “bridges” that allow Web code to access […]

Closing Note by Dhillon ‘L33tdawg’ Kannabhiran  

The Panasonic Cyber Security Lab has developed a bug bounty platform called Chimera to proactively discover vulnerabilities in Panasonic products. The Chimera platform enables Panasonic to place various home appliances into a special box, and hackers are provided with a special mechanism to operate on the available appliances. After a year of trial implementation in […]

North Korea is regarded as the menace to the whole world not only by holding nuclear weapons in reality but bringing damages to cyberspace. For instance, the USD$101 million lost in Bangladesh Bank Heist, or Operation DarkSeoul that paralyzed banks and broadcasters’ network systems in 2013. In late 2020, the Cybersecurity & Security Infrastructure Agency […]

In this keynote presentation we’ll focus on Mobile Security, and discuss recent smartphones related events, signs of compromise on mobile devices, review of recent attacks, review of mobile EDR / DFIR with a deeper dive into mobile investigations. We will also explore the state of self-defense on mobile devices, vendors reactions to attacks, the FreeTheSandbox […]

In this talk, I want to share the story of how I discovered 17 Microsoft Office Excel vulnerabilities in half a year. I find these vulnerabilities by fuzzing. I will share why I pick up Microsoft Office Excel as my fuzzing target, and how to build an effective fuzzing framework step by step. In this […]

Privilege escalation is a required step for an attacker in order to get full control of a system starting from a lower privileged access. In Windows there are many ways to reach this goal. The first part of the talk will be focused on showing all the recent techniques used to do privilege escalation starting […]