EdOverflow

As an ex-triager, what advice would you give other triagers?

I would like to preface this answer with an observation of mine. Please keep in mind, I do not have any conclusive evidence to back this assertion: this is purely an observation.

Based on my involvement and what I have heard from fellow triagers, I believe that triagers experience an unintentional form of „exposure therapy“ the more they evaluate incoming reports. In other words, triagers become desensitised to the impact and significance of a report due to previously-reviewed reports with significant impact. This phenomenon is better known as a Negative Contrast Effect in psychology.

When a triager reviews an insanely impactful bug — say remote code execution on google.com — they subconsciously set the bar so high for what they deem to be a critical issue. The triager develops a natural tendency to downplay future reports.

This is why I advocate for Google‘s approach to cycle through triagers weekly as a potential solution. The triager mi

EdOverflow

$ curl -s "https://crawler.ninja/files/security-txt-values.txt" | grep -i "hiring: http" | sed 's/^#//g' | awk '{print $2}'
https://www.tumblr.com/jobs
https://kariera.shoptet.cz/
https://g.co/SecurityPrivacyEngJobs
https://www.shopify.com/careers
https://solarwinds.jobs
https://www.chcidozootu.cz/it-devel/
https://careerssearch.bbc.co.uk/jobs/search
https://www.npmjs.com/jobs
https://grab.careers/

EdOverflow

include:
- .well-known

EdOverflow

#!/bin/bash

GREEN='\033[0;32m'
RED='\033[0;31m'
END='\033[0m'

request=$(curl -s -u "hehe:$1" https://api.github.com/user)
name=$(echo "$request" | jq -r ".login" 2> /dev/null)
if [[ $name == "null" ]]; then
	echo -e "${RED}Not a GitHub access token.${END}"

EdOverflow

• https://scans.io/
• https://commoncrawl.org/
• https://web.archive.org/ (For JS snippets this can be extremely handy. See killbox.sh below that was written for a HackerOne event.)
• https://www.shodan.io/
• https://opendata.rapid7.com/
• https://www.virustotal.com/en/documentation/public-api/ (You can fetch previously-scanned URLs via the API.)
• https://securitytrails.com/
• https://threatcrowd.org/
• https://dnsdumpster.com/
• https://crt.sh/

EdOverflow

#!/bin/bash

# Written by Frans Rosén (twitter.com/fransrosen)
_debug="$2" #turn on debug
_timeout="20"
#you need a valid key, since the errors happens after it validates that the key exist. we do not need the secret key, only access key
_aws_key="AKIA..."
H_ACCEPT="accept-language: en-US,en;q=0.9,sv;q=0.8,zh-TW;q=0.7,zh;q=0.6,fi;q=0.5,it;q=0.4,de;q=0.3"
H_AGENT="user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36"

EdOverflow

#!/bin/bash

# Variables
BOLD='\033[1m'
END='\033[0m'

# Queries
site_results=$(curl -Ls "https://www.reddit.com/search?q=site%3A$1" -H "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0" | tidy -q  2> /dev/null | grep "search-link")
url_results=$(curl -Ls "https://www.reddit.com/search?q=url%3A$1" -H "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0" | tidy -q  2> /dev/null | grep "search-link")
self_results=$(curl -Ls "https://www.reddit.com/search?q=selftext%3A$1" -H "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0" | grep "search-title")

EdOverflow

#!/bin/bash

echo "*** Running..."

keywords=(
	"password"
	"key"
	"passwd"
	"secret"
)

EdOverflow

#!/bin/bash

# Find a public Google group for a particular host. 
# Some of these groups contain sensitive information. 
# The tool runs against a list of hosts and returns all public groups.

while read domain; do
    if curl -LIs "https://groups.google.com/a/$domain" | grep "overview" > /dev/null; then
        echo "[+] https://groups.google.com/a/$domain/forum/#!overview"
    fi

EdOverflow

javascript:var%20report=prompt("Report%20ID:","");window.location.href="https://hackerone.com/reports/"+report;