OffSec Update (15 - 19 June)

Progress

Project Horus

Created the dashboard
Finished fingerprinting script

Bug bounty report

Email

Open redirect to XSS in Tera (Out of Scope)
Clickjacking on payment.traveloka.com (Out of Scope)
Bypass phone number verification (False Positive)
Password limit is not set (Out of Scope)
No rate limit on email verification (Out of Scope)
Credential in public Traveloka Github repo (False Positive)

Bugcrowd

None

Misc

Created various test cases for malicious email tests to help SecOps Team
Tested Axes for potential IDOR. No issues found.
Created a page for past red team exercises https://29022131.atlassian.net/wiki/spaces/Sec/pages/1405454295/Past+Red+Team+Exercises

Summary for Q4 2019 exercise https://29022131.atlassian.net/wiki/spaces/Sec/pages/1406667841/Red+Team+Exercise+-+Q4+2019

Plan

Continue all works as usual
Horus v0.1 75% done
Prepare performance review

Blockers

People