Yes, as we were able to download the database for CoCCA's web application (from the box.com backups) for any of the ccTLDs managed by CoCCA, we could decrypt the admin hash and then login to the CoCCA administration panel and modify/transfer any domain inside a ccTLD's zone.
The scale of possibilities with this hack are enormous. You could easily redirect entire domains, generate valid SSL certs for those domains, then capture all the data including all login credentials for all users on those domains.
With exploitation of the right domains you would probably be able to extend this hack using stolen authentication information to take over basically the entire Internet.
Funny hack of my own once: a major web hosting company had a forum which failed to check uploaded profile pics were images, so I used it to upload a script so I could browse their entire filesystem. I eventually came across their root password stored in plaintext in a configuration file. The password? "internet" - all lowercase, just like that.
I kinda think these vulnerabilities were long exploited but no one made the move to actually make any harm is because 1) not profitable for private parties 2) state actors are waiting for a proper time to execute
> We spent a significant amount of time on Google's registry software and discovered an endpoint that we believe are not supposed to be accessed without authentication
Can you send me info on this to mcilwain@google.com ? Thanks.
Out of curiosity, at what point is this considered hacking? Aren't you afraid of getting into trouble with the law by accessing servers like this, downloading data, etc?
There is also https://chunk.io/ in the https://transfer.sh category. It requires free registration by emailing the owner. It has some interesting features, like uploading multiple files in one HTTP request and syntax highlighting for source code. Files are associated with your account, so you can delete them without a per-file token and list them.
Came here just to sing the praises of croc myself. To be fair, it and Magic Wormhole are for different use-cases than 0x0 seems to be, one-time transfers of files between friends, basically. For posting things that should be available for multiple downloads by multiple people, it seems like torrents or IPFS would be reasonable choices.
I switched from a self-hosted transfer.sh instance to a selfhosted ffsend instance with r2 backend. Quality is much higher, easy to run on docker and its end-to-end encrypted. With the cli tools you can easily upload files from command line.
I thought of self-hosting this (it's fantastic, by the way), but why do that when there are public instances? Feels like too much work for little benefit.
transfer.sh looks amazing (i was recently looking into self hosting a wetransfer alternative) - how can such a service be free and unlimited? I may cancel my WeTransfer subscription right away, unless there is anything else to consider? 2 weeks is fine for my purposes.
I wish some magic-wormhole implementation came pre-installed on every major platform. When sharing files with others, getting the other side to install it is still a hurdle.
By joining our growing engineering team at Assetnote as a Backend Engineer, you will be responsible for extending the capabilities of our Continuous Security Platform through developing our security engine.
In this role, you will be required to build and maintain our distributed scanning engine, improve scalability, performance, and reliability. This role requires that you are confident with distributed systems and software architecture.
Day to day you will be interfacing directly with our API development team and security researchers.
Assetnote is a remote-first company. This position is remote with a preference for candidates located in Australia, however, we will consider strong applicants located outside of Australia.
Assetnote | Site Reliability Engineer | Remote Australia
By joining our growing engineering team at Assetnote as a Site Reliability Engineer, you will be responsible for managing the infrastructure for our Continuous Security Platform.
In this role, you will be required to deploy, design, scale and maintain our infrastructure, alerting and metrics. This role requires that you are confident with modern infrastructure tooling and concepts such as AWS, Kubernetes and Terraform.
Occasionally, this role will require you to work outside regular work hours in case of emergencies.
The solutions we develop on the SRE & DevOps side are dependent on our API, Security and Discovery Engines. Day to day you will be interfacing directly with our Engine development team, API engineers, and security researchers.
Assetnote is a remote-first company. This position is remote with a preference for candidates located in Australia, however, we will consider strong applicants located outside of Australia.
By joining our growing engineering team at Assetnote as a DevOps Engineer, you will be responsible for managing the infrastructure for our Continuous Security Platform.
In this role, you will be required to deploy, manage and maintain our infrastructure, alerting and metrics. This role requires that you are confident with modern infrastructure tooling and concepts such as AWS, Kubernetes and Terraform.
Occasionally, this role will require you to work outside regular work hours in case of emergencies.
The solutions we develop on the DevOps side are dependent on our API, Security and Discovery Engines. Day to day you will be interfacing directly with our Engine development team, API engineers, and security researchers.
Assetnote is a remote-first company. This position is remote with a preference for candidates located in Australia, however, we will consider strong applicants located outside of Australia.
At Assetnote, we are building the world's best Attack Surface Management platform. Used by companies all around the world, from innovative startups to Fortune 100 companies, the platform you will be building is helping protect hundreds of thousands of assets from compromise.
Assetnote | Frontend Engineer | Remote Australia
By joining our growing engineering team at Assetnote as a Frontend Engineer, you will be responsible for designing and engineering our React based frontend for our Continuous Security Platform.
In this role, you will be required to design, implement, improve and maintain frontend interfaces in Typescript React. This role requires that you are confident with designing and engineering frontend components with user experience in mind.
The solutions we develop on the UI side are dependent on our API, Security and Discovery Engines. Day to day you will be interfacing directly with our Engine development team, API engineers, and security researchers.
Assetnote is a remote-first company. This position is remote with a preference for candidates located in Australia, however, we will consider strong applicants located outside of Australia.
By joining our growing engineering team at Assetnote as a DevOps Engineer, you will be responsible for managing the infrastructure for our Continuous Security Platform.
In this role, you will be required to deploy, manage and maintain our infrastructure, alerting and metrics. This role requires that you are confident with modern infrastructure tooling and concepts such as AWS, Kubernetes and Terraform.
Occasionally, this role will require you to work outside regular work hours in case of emergencies.
The solutions we develop on the DevOps side are dependent on our API, Security and Discovery Engines. Day to day you will be interfacing directly with our Engine development team, API engineers, and security researchers.
Assetnote is a remote-first company. This position is remote with a preference for candidates located in Australia, however, we will consider strong applicants located outside of Australia.
At Assetnote, we are building the world's best Attack Surface Management platform. Used by companies all around the world, from innovative startups to Fortune 100 companies, the platform you will be building is helping protect hundreds of thousands of assets from compromise.
Assetnote | Frontend Engineer | Remote Australia
By joining our growing engineering team at Assetnote as a Frontend Engineer, you will be responsible for designing and engineering our React based frontend for our Continuous Security Platform.
In this role, you will be required to design, implement, improve and maintain frontend interfaces in Typescript React. This role requires that you are confident with designing and engineering frontend components with user experience in mind.
The solutions we develop on the UI side are dependent on our API, Security and Discovery Engines. Day to day you will be interfacing directly with our Engine development team, API engineers, and security researchers.
Assetnote is a remote-first company. This position is remote with a preference for candidates located in Australia, however, we will consider strong applicants located outside of Australia.
By joining our growing engineering team at Assetnote as a DevOps Engineer, you will be responsible for managing the infrastructure for our Continuous Security Platform.
In this role, you will be required to deploy, manage and maintain our infrastructure, alerting and metrics. This role requires that you are confident with modern infrastructure tooling and concepts such as AWS, Kubernetes and Terraform.
Occasionally, this role will require you to work outside regular work hours in case of emergencies.
The solutions we develop on the DevOps side are dependent on our API, Security and Discovery Engines. Day to day you will be interfacing directly with our Engine development team, API engineers, and security researchers.
Assetnote is a remote-first company. This position is remote with a preference for candidates located in Australia, however, we will consider strong applicants located outside of Australia.
At Assetnote, we are building the world's best Attack Surface Management platform. Used by companies all around the world, from innovative startups to Fortune 100 companies, the platform you will be building is helping protect hundreds of thousands of assets from compromise.
By joining our growing engineering team at Assetnote as a Frontend Engineer, you will be responsible for designing and engineering our React based frontend for our Continuous Security Platform.
In this role, you will be required to design, implement, improve and maintain frontend interfaces in Typescript React. This role requires that you are confident with designing and engineering frontend components with user experience in mind.
The solutions we develop on the UI side are dependent on our API, Security and Discovery Engines. Day to day you will be interfacing directly with our Engine development team, API engineers, and security researchers.
Assetnote is a remote-first company. This position is remote with a preference for candidates located in Australia, however, we will consider strong applicants located outside of Australia.
There's not really much user interaction required. You just have to engage the victims cell phone when sending the OTP. The voicemail hack doesn't require any user interaction.
Assetnote | Engineer (Backend & API) | Remote Australia
At Assetnote, we are building the world's best Attack Surface Management platform. Used by companies all around the world, from innovative startups to Fortune 100 companies, the platform you will be building is helping protect hundreds of thousands of assets from compromise.
By joining our growing engineering team at Assetnote as a Back End & API Engineer, you will be responsible for extending the capabilities of our Continuous Security Platform through developing our Python/Flask back end.
In this role, you will be required to build and maintain our APIs and back-end components, improve scalability, performance, and reliability, and also maintain our APIs and dependencies. This role requires that you are confident with GraphQL, PostgreSQL, using SQLAlchemy as an ORM, and be capable of engineering scalable database models.
The solutions we develop on the API side are dependent on our Security and Discovery Engines. Day to day you will be interfacing directly with our Engine development team, front-end engineers, and security researchers.
Assetnote is a remote-first company. This position is remote with a preference for candidates located in Australia, however, we will consider strong applicants located outside of Australia.
