Hackers, Hackers, and you other hackers,
This recon+hacking period of H1-702 has been incredible. We have seen so much engagement and activity on our platforms and love for our team and our customers that I am at a loss for words. Thank you so much for everything. When we put the plan together for this event we expected one level of activity and you have already eclipsed that. Keep it coming!
We are Paranoid. We fight for our users, and so do you.
@nahamsec has been running recon summer camp sessions against
*.yahoo.com and publishing his findings and stream recordings, but there’s more data out there that perhaps you missed in the slack chat. We realize
*.yahoo.com is enormous and finding the starting point can be hard. Last week we asked you all how you do recon and if you would share your data, these folks stepped up and will be receiving a small bonus as a thank you from us, but you are really the ones that benefit from this data sharing.
You should all send a special thank you to @nahamsec, @tomnomnom, and @erbbysam for sharing their recon data. Head over to the Policy Page for the files (scroll down, no, farther down).
tar -xvf roots.tgzto extract)
Huffington Post is now in scope for H1-702! This brand previously existed only in our Private program, but we’re bringing it to you now. Hack away!
In case you missed the message in slack on Tuesday….
Identity Challenge ($60,000 bonus) has been achieved! Winners will not be announced yet.
Fret not! All that hard work you've put in so far to try to get those flags is not wasted. We will be offering a 2nd Place award at $30,000 to any report that can achieve the challenge again, in an entirely different way.