Meet your fellow disclose.io community!

New to the disclose.io community? Welcome!

This forum exists for three things:

  • Sharing sweet, sweet hacks and creating connections for collaboration,
  • Crowdsourcing the task of getting important security reports into the right hands when formal intake channels fail, or don’t exist, and
  • Providing updates and a place for conversation on the disclose.io project, and the state of vulnerability disclosure and hacker safe harbor.

Introduce yourself to everyone so that we all know how awesome you are, how you can help, and how we can help you! Don’t forget your Twitter or Github handle!

Some ideas:

  • What are you working on at the moment?
  • Where can we find you on social media? Are you blogging or creating content?
  • What type of security research do you love the most?
  • What’s the craziest [suitably redacted] vuln you’ve been involved with on the sending or receiving side?
  • Who’s your favourite hacker right now, and why?
4 Likes

Hi I am Lennie, I am a software developer and security researcher/analyst, my focus so far has been on performing web security auditing related tasks and wireless protocol based security research.

To aid in my research and enable my peers and employers to perform similar security audits I have built automation tools to find well-known vulnerabilities and exploits and to assist in wireless based intelligence gathering. The tools were built with a consumer-facing mindset where relationships between surfaces, vulnerabilities, and exploits were clearly laid out and presented in an easily understandable format. From this and related work I am also knowledgeable on methodologies and techniques relating to penetration testing assessments and reporting.

I have experience in software development using Golang, Python, Bash, PHP, Javascript/Jquery/HTML, C#, Java and PostgresSQL/MySQL/Neo4J

5 Likes

Nice to meet you Lennie!

Hello :slight_smile: - My name is John Carroll, I’ve been working in the infosec space for about 15 years 6 of those self-employed, over in the U.K.

Hmm what am I working on at the moment, well, Casey and I recently spun up https://dnssecuritytxt.org - it started as a ‘you know, you could just do this…’ type conversation and it’s expanded into a thing, I enjoyed some of the internet-wide research to back up some of the answers we gave, you can join in if you like (here GitHub - disclose/dnssecuritytxt: A standard allowing organizations to nominate security contact points and policies via DNS TXT records. ) I hope it grows legs, it’s quite a clean idea… after doing some digging around it’s clear this idea has been posted/thought before and dismissed in other circles, but I guess with DoH it becomes more viable, here we are … happy to chat about this until one of us passes out

erm, what else, I’m on the BlackHat EU Review Board that was a privilege (thanks Dan) I get to see a lot of great work and talent, and have the painstakingly sucky task of having to pick the best - get those submissions in the CFP just landed.

Research wise… mmm, I’ve been so busy with work for the past year but this is a nice trick I recently realised - ExpLoading – CTUS.IO stick it in your arsenal for when you’re pulling windows binaries apart

I can’t really say I have a specific love in this space, I appreciate the creativity of criminals and professionals both allow us to identify what needs work, doing this with a nice UX is the flex.

A question I ask myself with each problem I face: am I building a solution for a cause or for the effect. - huge timesaver … most of the time.

I tend to post more bad jokes and awful memes more than tips, but if you catch me in a professional setting you’ll see why I’ve been busy for 15 years.

3 Likes

Heyo! :wave:

My name is Ben also known as Pry // Pry0cc. I like to hack things, scan the world, automate things and generally create and help where I can.

I invented axiom, the distributed scanning framework / dynamic infrastructure framework. Also the founder of 0x00sec.org :slight_smile:

Favourite hacker: Samy Kamkar

Projects: Im currently working on numerous threat Intel projects I can’t talk about :slight_smile: but it’s cool…. trust me… :stuck_out_tongue_winking_eye:

Nice to be here, looking forward to seeing every bodies introduction!

5 Likes

Hi all! I’m Allan Friedman, a failed prof who got talked into joining government, where I try to herd cats to think about a more secure ecosystem. I ran the first public US government initiative on vulnerability disclosure back in 2015-6, where we brought together researchers, product security teams, and other people who cared. The community did one of the first surveys on the needs and concerns of researchers, and developed an “early stages” vulnerability disclosure policy template aimed at safety-critical industries. More information is at https://www.ntia.doc.gov/other-publication/2016/multistakeholder-process-cybersecurity-vulnerabilities

These days, I’m known as the guy who won’t shut up about SBOM, but I still stay active in CVD issues, and offer advice to other CVD efforts in the US and around the world.

3 Likes

Hi everyone,

I’m Luke Stephens (hakluke) - Up until recently I have been working for Bugcrowd, I’ve recently founded a cyber security firm called Haksec (https://haksec.io).

I’m pretty passionate about disclosure and I’m loving what discloseio has done so far. Great to be a part of the community!

All the best,
hakluke

4 Likes

Hi, I’m Kayne. I’m a security researcher and threat intelligence guy from Australia. I’m the Managing Director at Cosive, a AU/NZ consultancy.

While I mainly play offense now I’ve been the initial reporter on a few of the top 10 disastrous breaches in recent memory (some were buried for years, alas) and I can often tap someone on the shoulder in the right places due to a history in threat intel, anti spam, training and national CERTs.

4 Likes

Hello hello, here to help and lurk and hang out and share what I can, you can find me on twitter @fancy_flare.

5 Likes

Hi, I’m on the blue side and currently leading a team in NSW Govt (Australia). I’m also @shipw on twitter but not for work purposes. As for awesome, that’s my team rather than me, and I hope to have them joining up soon. Most of my life runs between frustrating detail and the beautiful big picture. And I’m happy to help with whatever you need there - proof reading, strategy, or the beers that make both of those work more smoothly. :beers:

6 Likes

Hi All,

I’m Sean Wright (@SeanWrightSec on Twitter). I’m based in the land of fantastic weather and sunshine… Scotland. I focus mostly on web apps, but occasionally look at some other things (depending what rabbit hole I find myself down). I really enjoy trying to tinker and reverse things.

Research wise I’ve been a bit quiet at the moment, trying to recharge my batteries but also been crazy busy with work. But hoping to get back into a couple of things which I started last year. Craziest vuln I’ve come across? That would have to be the Logitech vuln which I found. They were using JavaScript to switch between HTTP and HTTPS (for the login page), which didn’t make much sense to me.

4 Likes

Hi everyone,
I’m Shaun Nichols (@shaundnichols) a reporter currently writing for TechTarget. If anyone has research or writeups they would like to share, I’m happy to have a look and maybe even turn it into an article. Also, if you’re having trouble getting a company to respond to a bug or breach you’ve found, I might be able to help. For some reason companies tend to pay more attention when the press catches wind of things.

3 Likes

Hi (#gday) I’m Michelle Price (@Mich11775 twitter @michaanther insta silent/ wish absent FB). I’ve worked across cyber security for almost 10 years and areas of national security for 10 years before that, in Australian industry, academia and govt. Currently head of AustCyber, a non profit whose job it is to grow amazing AU cyber sec companies through whatever means we can. Am known to speak publicly. A lot.

I’m currently working on scaling our efforts on reg reform (you can look up my statements on AU’s encryption legislation and NSW sovereign procurement as eg), pushing through some good stuff on actual quantum + cyber through WEF and a couple of global research consortias plus disrupting the convo on digital identity, and changing the mega misperceptions of cyber sec researchers and the grey zone. I’m a massive fan of Bugcrowd, disclose and related. Massive.

I’m clearly not a technical cyber but love dabbling; vulns of old have helped me convince Prime Ministers that offensive capability and active defence are a thing and how disclosure - in the right ways supports trust (see 2016 AU cyber sec strategy for BOM disclosure - so advanced for it’s time eeek)

Great to be here. I have a view…on everything

4 Likes

hi folks, great to meet you.

I have an interest in health and care technology, researching security and privacy aspects automagically.

recently found myself embroiled in a legal tussle after advising an org of secret info on Github. @caseyjohnellis and @sickcodes got in touch :wave: and welcomed me here.

3 Likes

Hi all,

I’m here to support the community. Though I’m a blue teamer at heart, I lurk around to learn from the offensive side. Plus I strongly support vuln disclosures. I randomly post in Twitter as @GyledC.

Cheers!

4 Likes

Hey @Ms.G! Welcome :slight_smile:

1 Like

Hello!

I work as a Threat Research/Hunter, currently trying to tackle macOS/*nix for some fun. I’m not a content creator, but I’ve done a couple conference talks… No CVE’s yet, might come in the future? Favorite hacker? Shit I dunno, anyone who puts out research that benefits the community. Crap answer, no one specific. :metal:

Can be reached at @is_henderson on the tweeters.

4 Likes

Welcome Heath from https://tcm-sec.com/!

2 Likes

Hi Everyone. I am a late comer to InfoSec. I’ve been in the side of Software Developer (business applications), Networking (corporate & architecture design-enterprise global WAN), technical/pre-sales of telecom, ux & service design, and in the process now in attempting to blend this knowledge to support our InfoSec community.

Currently working on adding cloud services which is simply amazing. Areas that I deep dive in are blockchain technology, user privacy and single sign-on. Very focused on accessibility.

Twitter: @tcpipx

There are soooo many great bounty hunters and hackers… too many to list.

4 Likes