Happy Friday hackers! Nitesh @ideaengine007 found a critical RCE vulnerability in Jenkins that led us to discover a Bitcoin mining service running on a DoD website 
. Head over to the disclosed report to see all the details! Thanks for being 
Niteshhttps://hackerone.com/reports/768266
You need to be US citizen for the DOD bounty program right? Ive stumbled upon either a honeypot or axx to internal Active Directory info with usernames for contractors and stuff years ago. Tried contacting them, but gave up... maybe its closed now?
-
-
Not saying I require a bounty for the information :) Back then it was just impossible to discover who to contact... tried contacting the vendor that was responsible, but no answer. I have one demand though- I am not going through configuring PGP, nothing is worth that.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
I'm not sure of the bounty, but you do can report via
@Hacker0x01 . And it's irrespective of country afaik. Here's the direct link: https://hackerone.com/deptofdefense Cheers!Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Haha! You can easily file a report and it's all streamlined; from triaging to resolution.
-
things have changed....thats for sure... Ill try and power on my old phone with relevant screenshots. If it is not a honeypot it is quite bad and the way I discovered it makes me think it is not. I was worried of incoming hellfire missiles when I realised what I was seeing
End of conversation
New conversation -
-
-
You do not need to be a US citizen to participate in the DoD VPD program. Full program guidelines are here: http://HackerOne.com/deptofdefense
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.