Security

The funniest CVE yet: CVE-2022-38392 - resonant frequency denial of service. Janet Jackson’s song Rhythm Nation as an attack payload.

The HackerOne bug bounty platform is the largest one to have its own researcher API. The ability to retrieve a list of in-scope targets creates the possibility for large scale vulnerability scanning.

DNS exfiltration allows getting data off a compromised machine using DNS lookups to hide the data. During security research, using DNS for exfiltration may help circumvent security restrictions or avoid detection.