

When the scale of a company has grown large, there are tens of thousands of routers, servers, computers for the MIS to handle, it’s impossible to build up a perfect mechanism of protection. For most enterprises, “ Network Boundary” is a rather difficult part to take care of.Here I’d like to explain some common security problems found in large corporations during pentesting by giving an example. By comparing your findings with the permitted actions set forth by Bug Bounty, the overlapping part will be the part worth trying. Of course, Bug Bounty is nothing about firing random attacks without restrictions.

What are their preferred techniques and equipment vendors?.What domain names are used? What are their internal domain names? Then proceed with enumerating sub-domains.How many B Class IP addresses are used? How many C Class IPs?.First, I’ll determine how large is the “territory” of the company on the internet, then…try to find a nice entrance to get in, for example: Luckily, in 2012, Facebook launched the Bug Bounty Program, which even motivated me to give it a shot.įrom a pentester’s view, I tend to start from recon and do some research. With the growing popularity of Facebook around the world, I’ve always been interested in testing the security of Facebook. But speaking of finding vulnerabilities, I prefer to find server-side vulnerabilities first. Sometimes, in order to take over the server more elegantly, it also need some client-side vulnerabilities to do the trick. Of course, both vulnerabilities from the server-side and the client-side are indispensable in a perfect penetration test. Why? Because it’s way much cooler to take over the server directly and gain system SHELL privileges. How I Hacked Facebook, and Found Someone’s Backdoor Script (English Version)Īs a pentester, I love server-side vulnerabilities more than client-side ones.
