Wanna be a hacker then Read This ! ! !

Ah! so read the following:-
1. Learn TCP/IP, Basic Information gathering, Proxies, Socks, SSL, VPN, VPS, RDP, FTP, POP3, SMTP, Telnet, SSH.
2. Learn Linux, Unix, Windows – You can do this using vmware or any virtual desktop utility.
3. Learn a programming language that’s compatible with all OS – Perl, Python, C, ASM
4. Learn HTML, PHP, Javascript, ASP, XML, SQL, XSS, SQLI, RFI, LFI
5. Learn Reverse engineering and crack some programs for serials easy ones like mirc, winzip, winrar or old games.
6. Code a fuzzer for common protocols – ftp, pop3, 80, 8080 –
Pick some free software like ftp server, mail server, apache or iis webserver or a webserver all-in-one pack, or teamspeak, ventrilo, mumble.
7. Code a tool that uses grep to sort out unique code in source codes.
8. Make a custom IPtable, IPsec firewall that blocks all incoming traffic and out going traffic and add filters to accept certain ports that your software or scripts use.
9. Pick a kernel in linux or unix, also pick a Microsoft OS version
lets say Winxp pro sp2 put them on the virtual desktops (vmware) and find and code a new local exploit in those versions,
then install a Apache webserver on the Linux/Unix and a IIS webserver on the winxp pro and attempt to find and code a new local reverse_tcp_shell exploit.
10. Learn Cisco Router and Switch configuration and setup.
11. Learn Checkpoint Setup and Config
12. Learn Wifi scanning, cracking, sniffing.
13. Pick a person in you phonebook for the area code you live in or city then ring the person on a anonymous line like skype or a payphone or a carded sim and attempt to social engineer the person for his name, address, data of birth, city born, country born, ISP connected with, Phone company connected with, What bank he/she uses and anything else you can get.
Then Attempt to ring using a spoof caller ID software with the person’s phone number – call the ISP and try reset the password to his/her internet connection/web-mail, get access to bank account or ask them to send out a new *** to a new address (drop) with a new pin, reset of phone company passwords.
14. Use your information gathering skills to get all the information off a website like a shop then use the spoof caller-id software or hack your phone to show a new number of the Webserver’s Tech Support number then ring the shop owner and try get the shop site password.
15. Do the same thing but attempt to use a web attack against a site or shop to gain admin access.
16. Once got access upload a shell and attempt to exploit the server to gain root using a exploit you coded not someone else s exploit.
17. Make your own Linux Distro
18. Use your own Linux Distro or use a vanilla Linux gnome (not kde) keep it with not much graphics so you can learn how to depend on the terminal and start from scratch install applications that you will only need for a blackbox (Security test box), make folders for fuzzers, exploits, scanners..etc Then load them up with your own scripts and other tools ( By this stage you shouldn’t need to depend on other peoples scripts).
19. Learn macosx and attempt to gain access to a Macosx box whether it be your own or someone’s else.
20. Create a secure home network and secure your own systems with your own Security policies and firewall settings.
All this isn’t a over night learning it will take a nice 1 – 2 years to learn a bit of this 3+ years to learn most of it and even then you may need time to keep learn as IT keeps changing ever day.
As long as your dedicated to learning you won’t have any problems to become a hacker

What is hash ?

When we open an account with any service provider, we are first of all giving them the password to our data. What happens then if it gets exposed in case of software vulnerability.

The problem with password is that you need to store the damn thing so you can access it later on to authenticate a login attempt.If the file is stored somewhere on the disk there will be a way to access it and the game is over.You might be thinking that such a file could be encrypted ,but then you just have another password to save somewhere.

This is where hash came in.

A hash is comparable to a persons fingerprint.A hash of any data is a fixed size "fingerprint" of that data.If we convert a piece of data say a password into hash, then it is not possible to get back the original data. How then such a password will help in securing passwords or even exposing them?

If a data is converted into hash, the computed hash will always be same for that data.Therefore is an application chooses to save password it saves its hash instead of plain text. And whenever user enters password it checks that it matches with the stored hash or not.A weak analogy case would be, you cannot get milk from curd, but you can check if a whit fluid is milk by seeing if it curdles.

A hash is different from encryption, since encryption by its very nature has to be reversible, which hash is not.

During registration system password hash is stored in its database and not the password.

And during login when user enters password its hash is computed and checked with the stored hash and if it matches the user is authenticated.

A popular hashing algorithm is MD5 (Message Digest algorithm 5) which always produces a hash of 128-bit.So for any input, whether is a 3-character or if it is a video file of a few gigabyte,the hash which MD5 will produce will be just 128-bit long.

Another hashing algorithm is SHA-1 (Secure Hash Algorithm) which produces 160-bit hashes.SHA-1 has been superseded by SHA-2, which has has four function that produces hashes of 224bit,256bit,384bit or 512bit.

Hashes can be used for other purposes than just securing passwords.You might be familiar with their usage by download sites for verifying the integrity of download.A download site may provide the MD5 and SHA-1 hash which is used to verify that download is error free,complete and intact. Any difference in hash will mean that the download is corrupted or malicious.Torrent file uses SHA-1 hashes for each piece of content you are downloading. In torrent downloading is done by dividing files is many packets and each packet has its hash. So if there is any type of error only that piece can be re-downloaded.

How to Hack Wi Fi Using Android

Do you want to test your network security? It used to be that you needed a desktop OS such as Windows or Linux installed on a computer with a specific wireless network card. Now, however, you can also use certain Android devices to scan and crack wireless networks. These tools are available for free as long as your device is compatible. Hacking routers without permission is illegal. These steps are provided to test the security of your own network.

Method 1 of 2: WPA2 WPS Routers

1

Root a compatible device. Not every Android phone or tablet will be able to crack a WPS PIN. The device must have a Broadcom bcm4329 or bcm4330 wireless chipset, and must be rooted. The Cyanogen ROM will provide the best chance of success. Some of the known supported devices include:

• Nexus 7
• Galaxy Ace/S1/S2/S3
• Nexus One
• Desire HD

2

Download and install bcmon. This tool enables Monitor Mode on your Broadcom chipset, which is essential for being able to crack the PIN. The bcmon APK file is available for free from the bcmon page on the Google Code website.

• To install an APK file, you will need to allow installation from unknown sources in your Security menu. Step 2 of this article goes into more detail.

3

Run bcmon. After installing the APK file, run the app. If prompted, install the firmware and tools. Tap the "Enable Monitor Mode" option. If the app crashes, open it and try again. If it fails for a third time, your device is most likely not supported.

• Your device must be rooted in order to run bcmon.

4

Download and install Reaver. Reaver is a program developed to crack the WPS PIN in order to retrieve the WPA2 passphrase. The Reaver APK can be downloaded from the developers' thread on the XDA-developers forums.

5

Launch Reaver. Tap the Reaver for Android icon in your App drawer. After confirming that you are not using it for illegal purposes, Reaver will scan for available access points. Tap the access point you want to crack to continue.

• You may need to verify Monitor Mode before proceeding. If this is the case, bcmon will open again.
• The access point you select must accept WPS authentication. Not all routers support this.

6

Verify your settings. In most cases you can leave the settings that appear at their default. Make sure that the "Automatic advanced settings" box is checked.

7

Start the cracking process. Tap the "Start attack" button at the bottom of the Reaver Settings menu. The monitor will open and you will see the results of the ongoing crack displayed.

• Cracking WPS can take anywhere from 2-10+ hours to complete, and it is not always successful.^[1]

Method 2 of 2: WEP Routers

Method 2 of 2: WEP Routers

Method 2 of 2: WEP Routers

1

Root a compatible device. Not every Android phone or tablet will be able to crack

 a WPS PIN. The device must have a Broadcom bcm4329 or bcm4330 wireless chipset, and must be rooted. The Cyanogen ROM will provide the best chance of success. Some of the known supported devices include:

• Nexus 7
• Galaxy S1/S2/S3/S4/S5
• Galaxy y
• Nexus One
• Desire HD
• Micromax A67

2

Download and install bcmon. This tool enables Monitor Mode on your Broadcom chipset, which is essential for being able to crack the PIN. The bcmon APK file is available for free from the bcmon page on the Google Code website.

• To install an APK file, you will need to allow installation from unknown sources in your Security menu. Step 2 of this article goes into more detail.

3

Run bcmon. After installing the APK file, run the app. If prompted, install the firmware and tools. Tap the "Enable Monitor Mode" option. If the app crashes, open it and try again. If it fails for a third time, your device is most likely not supported.

• Your device must be rooted in order to run bcmon.

4

Tap "Run bcmon terminal". This will launch a terminal similar to most Linux terminals.Type airodump-ng and tap the Enter button. AIrdump will load, and you will be taken to the command prompt again. Type airodump-ng wlan0 and tap the Enter button.

5

Identify the access point you want to crack. You will see a list of available access points. You must select am access point that is using WEP encryption.

6

Note the MAC address that appears. This is the MAC address for the router. Make sure that you have the right one if there are multiple routers listed. Jot this MAC address down.

• Also note the Channel that the access point is broadcasting on.

7

Start scanning the channel. You will need to collect information from the access point for several hours before you can attempt to crack the password. Typeairodump-ng -c channel# --bssid MAC address -w output ath0and tap Enter. Airodump will begin scanning. You can leave the device for a while as it scans for information. Be sure to plug it in if you are running low on battery.

• Replace channel# with the channel number the access point is broadcasting on (e.g. 6).
• Replace MAC address with the MAC address of the router (e.g 00:0a:95:9d:68:16)
• Keep scanning until you reach at least 20,000-30,000 packets.

8

Crack the password. Once you have a suitable number of packets, you can start attempting to crack the password . Return to the terminal and type aircrack-ng output*.cap and tap Enter.

9

Note the hexadecimal password when finished. After the cracking process is complete (which could take several hours), the message Key Found! will appear, followed by the key in hexadecimal form. Make sure that "Probability" is 100% or the key 

will not work.^[2]

• When you enter the key, enter it without the ":". For example, if the key was 12:34:56:78:90, you would enter 1234567890.

Keylogger Tutorial

Keylogger is a software program or hardware device that is used to monitor and log each of the keys a user types into a computer keyboard. The user who installed the program or hardware device can then view all keys typed in by that user. Because these programs and hardware devices monitor the keys typed in a user can easily find user passwords and other information a user may not wish others to know about.
Keyloggers, as a surveillance tool, are often used by employers to ensure employees use work computers for business purposes only. Unfortunately, keyloggers can also be embedded in spyware allowing your information to be transmitted to an unknown third party.


 About keyloggers

key loggersA keylogger is a program that runs in the background, recording all the keystrokes. Once keystrokes are logged, they are hidden in the machine for later retrieval, or shipped raw to the attacker. The attacker then peruses them carefully in the hopes of either finding passwords, or possibly other useful information that could be used to compromise the system or be used in a social engineering attack. For example, a keylogger will reveal the contents of all e-mail composed by the user. Keylogger is commonly included in rootkits.

A keylogger normally consists of two files: a DLL which does all the work and an EXE which loads the DLL and sets the hook. Therefore when you deploy the hooker on a system, two such files must be present in the same directory.

There are other approaches to capturing info about what you are doing.

    * Some keyloggers capture screens, rather than keystrokes.
    * Other keyloggers will secretly turn on video or audio recorders, and transmit what they capture over your internet connection. 

A keyloggers might be as simple as an exe and a dll that are placed on a machine and invoked at boot via an entry in the registry. Or a keyloggers could be which boasts these features:

    * Stealth: invisible in process list
    * Includes kernel keylogger driver that captures keystrokes even when user is logged off (Windows 2000 / XP)
    * ProBot program files and registry entries are hidden (Windows 2000 / XP)
    * Includes Remote Deployment wizard
    * Active window titles and process names logging
    * Keystroke / password logging
    * Regional keyboard support
    * Keylogging in NT console windows
    * Launched applications list
    * Text snapshots of active applications.
    * Visited Internet URL logger
    * Capture HTTP POST data (including logins/passwords)
    * File and Folder creation/removal logging
    * Mouse activities
    * Workstation user and timestamp recording
    * Log file archiving, separate log files for each user
    * Log file secure encryption
    * Password authentication
    * Invisible operation
    * Native GUI session log presentation
    * Easy log file reports with Instant Viewer 2 Web interface
    * HTML and Text log file export
    * Automatic E-mail log file delivery
    * Easy setup & uninstall wizards
    * Support for Windows (R) 95/98/ME and Windows (R) NT/2000/XP 


Tools: 

Ardamax Keylogger is a keystroke recorder that captures user's activity and saves it to an encrypted log file. The log file can be viewed with the powerful Log Viewer. Use this tool to find out what is happening on your computer while you are away, maintain a backup of your typed data automatically or use it to monitor your kids. Also you can use it as a monitoring device for detecting unauthorised access. Logs can be automatically sent to your e-mail address, access to the keylogger is password protected. Besides, Ardamax Keylogger logs information about the Internet addresses the user has visited.

This invisible spy application is designed for 2000, XP, 2003, Vista and Windows 7.

• Security - allows you to protect program settings, Hidden Mode and Log file.
• Application monitoring - keylogger will record the application that was in use that received the keystroke!
• Time/Date tracking - it allows you to pinpoint the exact time a window received a keystroke!
• Powerful Log Viewer - you can view and save the log as a HTML page or plain text with keylogger Log Viewer.
• Small size – Ardamax Keylogger is several times smaller than other programs with the same features. It has no additional modules and libraries, so its size is smaller and the performance is higher.
• Ardamax Keylogger fully supports Unicode characters which makes it possible to record keystrokes that include characters from Japanese, Chinese, Arabic and many other character sets.
• It records every keystroke. Captures passwords and all other invisible text.

Other Features:

• Windows 2000/2003/XP/Vista/Windows 7 support
• Monitors multi-user machines
• Automatic startup
• Friendly interface
• Easy to install

  
Download Ardamax Keylogger (1.94Mb)

---

Perfect Keylogger for Windows 98/2000/XP/Vista and Windows 7 

The latest, improved and most stealth version of Perfect Keylogger is now available only after purchase. To protect the product from abuse and improve its quality for the registered users, we no longer offer the trial version of the latest builds. The localized versions of Perfect Keyloger and 64-bit version are also available after purchase. The last public version is still available, but keep in mind that it's not the latest and may be flagged by security software.

Download Perfect keylogger

Intrusion Detection System (IDS)

                                   

>>Intrusion Detection System (IDS):
A system that tries to identify attempts to hack or break into a computer system or to misuse it. IDSs may monitor packets passing over the network, mo
nitor system files, monitor log files, or set up deception systems that attempt to trap hackers.

Computer systems have become more vulnerable to intrusions than ever. Intrusion Detection is a security technology that allows not only the detection of attacks, but
 also attempts to provide notification of new attacks unforeseen by other
 components. Intrusion detection is an important component of a security system,
and it complements other security technologies.

>>How does an IDS work?

While there are several types of IDSs, the most common types work the same.
They analyze network traffic and log files for certain patterns. What kind of
patterns you may ask? While a firewall will continually block a hacker from connecting to a network, most firewalls never alert an administrator.

The administrator may notice if he/she checks the access log of the firewall, but
that could be weeks or even months after the attack. This is where an IDS comes
into play. The attempts to pass through the firewall are logged, and IDS will analyze its log. At some point in the log there will be a large number of request-reject
entries. An IDS will flag the events and alert an administrator. The administrator
can then see what is happening right after or even while the attacks are still taking place. This gives an administrator the advantage of being able to analyze the techniques being used, source of attacks, and methods used by the hacker.

>>Following are the types of intrusion detection systems :-

1)Host-Based Intrusion Detection System (HIDS): Host-based intrusion detection
systems or HIDS are installed as agents on a host. These intrusion detection systems can look into system and application log files to detect any intruder activity.

2)Network-Based Intrusion Detection System (NIDS): These IDSs detect attacks by capturing and analyzing network packets. Listening on a network segment or
switch, one network-based IDS can monitor the network traffic affecting multiple
hosts that are connected to the network segment, thereby protecting those hosts. Network-based IDSs often consist of a set of single-purpose sensors or hosts placed
at various points in a network. These units monitor network traffic, performing local analysis of that traffic and reporting attacks to a central management console.

 >>Some important topics comes under intrusion detection are as follows :-

1)Signatures: Signature is the pattern that you look for inside a data packet. A signature is used to detect one or multiple types of attacks. For example, the
presence of “scripts/iisadmin” in a packet going to your web server may indicate
an intruder activity. Signatures may be present in different parts of a data packet depending upon the nature of the attack.

2)Alerts: Alerts are any sort of user notification of an intruder activity. When an IDS detects an intruder, it has to inform security administrator about this using alerts.
Alerts may be in the form of pop-up windows, logging to a console, sending e-mail and so on. Alerts are also stored in log files or databases where they can be viewed later on by security experts.

3)Logs: The log messages are usually saved in file.Log messages can be saved
either in text or binary format.

4)False Alarms: False alarms are alerts generated due to an indication that is not
an intruder activity. For example, misconfigured internal hosts may sometimes broadcast messages that trigger a rule resulting in generation of a false alert.
Some routers, like Linksys home routers, generate lots of UPnP related alerts. To
avoid false alarms, you have to modify and tune different default rules. In some
cases you may need to disable some of the rules to avoid false alarms.

5)Sensor: The machine on which an intrusion detection system is running is also called the sensor in the literature because it is used to “sense” the network.

>>SNORT:  

Snort is a very flexible network intrusion detection system that has a large set of pre-configured rules. Snort also allows you to write your own rule set. There are several mailing lists on the internet where people share new snort rules that can counter the latest attacks.

Snort is a modern security application that can perform the following three functions :

* It can serve as a packet sniffer.
* It can work as a packet logger.

* It can work as a Network-Based Intrusion Detection System (NIDS).

---

TOOLS:

Smooth-Sec 3.0 Intrusion Detection System

Smooth-Sec is a lightweight and fully-ready IDS/IPS (Intrusion Detection/Prevention System) Linux distribution based on Debian 7 (wheezy), available for 32 and 64 bit architecture. The distribution includes the latest version of Snorby, Snort, Suricata, PulledPork and Pigsty. An easy setup process allows to deploy a complete IDS/IPS System within minutes, even for security beginners with minimal Linux experience.

•     Debian 7 Wheezy based
•     32 and 64 bit iso available. Snorby V 2.6.2
•     Snort V 2.9.4.6
•     Suricata V 1.4.3
•     Pigsty V 0.1.0
•     PulledPork V 0.6.1

Download:

32-Bit – smoothsec-3.0-i386.iso
64-Bit – smoothsec-3.0-amd64.iso

Bug Bounty Web List

What is the Bug Bounty Program ?

Bug Bounty program provides recognition and compensation to security researchers practicing responsible disclosure. Company started Bug Bounty programs for improve their security, Cyber security researchers are finding vulnerabilities on top websites and get rewarded. 

Reward Program

• AT&T -http://developer.att.com/developer/apiDetailPage.jsp?passedItemId=10700235 -

(To submit you need to sign up to the free
Developer API program)

• Avast! - http://www.avast.com/bug-bounty
• Barracuda - http://barracudalabs.com/
• Coinbase - https://coinbase.com/whitehat
• Chromium Project - http://www.chromium.org/
• CrowdShield - https://crowdshield.com/

• Cryptocat - https://crypto.cat/bughunt/
• Facebook - http://www.facebook.com/whitehat/
• Etsy - http://www.etsy.com/help/article/2463
• Gallery - http://codex.gallery2.org/Bounties
• Ghostscript -http://ghostscript.com/Bug_bounty_program.html(Mostly software development, occasional security issues)
• Google -http://www.google.com/about/company/rewardprogram.html
• Hex-Rays - http://www.hex-rays.com/bugbounty.shtml
• IntegraXor (SCADA) -http://www.integraxor.com/blog/integraxor-hmi-scada-bug-bounty-program
• LaunchKey - https://launchkey.com/docs/whitehat
• Marktplaats - http://statisch.marktplaats.nl/help/
• Mega.co.nz -http://thenextweb.com/insider/2013/02/01/kim-dotcom-puts-up-13500-bounty-for-first-person-to-break-megas-security-system/
• Meraki - http://www.meraki.com/trust/#srp
• Microsoft -http://www.microsoft.com/security/msrc/report
• Mozilla - http://www.mozilla.org/security/bug-bounty.html
• Paypal -https://www.paypal.com/us/webapps/mpp/security/reporting-security-issues
• PikaPay - https://www.pikapay.com/pikapay-security-policy/
• Piwik - http://piwik.org/security/
• Ricebridge - http://www.ricebridge.com/bugs.htm(Only available to customers)
• Ripple - https://ripple.com/bug-bounty/
• Samsung - https://samsungtvbounty.com/
• Simple - https://www.simple.com/policies/website-security/
• Tarsnap - https://www.tarsnap.com/bugbounty.html
• Qiwi - https://www.qiwi.ru/page/hack.action
• Qmail - http://cr.yp.to/djbdns/guarantee.html
• Yandex -http://company.yandex.com/security/index.xml
• Zerobrane -http://notebook.kulchenko.com/zerobrane/zerobrane-studio-bug-bounty

Product & Services (Hall Of Fame Only)

• Acquia - https://www.acquia.com/how-report-security-issue
• ActiveProspect -http://activeprospect.com/activeprospect-security/
• Adobe -http://www.adobe.com/support/security/alertus.html
• Amazon.com (retail) - please email details tosecurity@amazon.com
• Android Free Apps -http://www.androidfreeapp.net/security-researcher-acknowledgments/
• Apple - http://support.apple.com/kb/HT1318
• Blackberry -http://us.blackberry.com/business/topics/security/incident-response-team/collaborations.html
• Braintree -https://www.braintreepayments.com/developers/disclosure
• Card - https://www.card.com/responsible-disclosure-policy
• cPaperless -http://www.cpaperless.com/securitystatement.aspx
• Chargify - https://chargify.com/security/
• DiMartino Entertainment -http://moosikay.dimartinoentertainment.com/site/credits/
• eBay - http://pages.ebay.com/securitycenter
• EVE - http://community.eveonline.com/devblog.asp?a=blog&nbid=2384
• Evernote - http://evernote.com/security/
• Foursquare - https://foursquare.com/about/security
• Freelancer -http://www.freelancer.com/info/vulnerability-submission.php
• Future Of Enforcement -http://futureofenforcement.com/?page_id=695
• Gitlab - http://blog.gitlab.com/responsible-disclosure-policy/
• Gliph - https://gli.ph/s/security.html
• HakSecurity - http://haksecurity.com/special-thanks/
• Harmony - http://get.harmonyapp.com/security/
• Heroku - https://www.heroku.com/policy/security-hall-of-fame
• Iconfinder -http://support.iconfinder.com/customer/portal/articles/1217282-responsible-disclosure-of-security-vulnerabilities
• Kaneva -http://docs.kaneva.com/mediawiki/index.php/Bug_Bounty
• Kayako - https://my.kayako.com/
• Lastpass - https://lastpass.com/support_security.php
• Mahara - https://wiki.mahara.org/index.php
• MailChimp - http://mailchimp.com/about/security-response/
• Microsoft (Online Services) -http://technet.microsoft.com/en-us/security/cc308589
• Netflix -http://support.netflix.com/en/node/6657#gsc.tab=0
• Nokia -http://www.nokia.com/global/security/acknowledgements/
• Nokia Siemens Networks -http://www.nokiasiemensnetworks.com/about-us/responsible-disclosure
• Norada - http://norada.com/crm-software/security_response
• Owncloud - http://owncloud.org/about/security/hall-of-fame/
• Opera - https://bugs.opera.com/wizarddesktop/
• Oracle - http://:oracle.com/technetwork/topics/security
• Puppet Labs -https://puppetlabs.com/security/acknowledgments/
• RedHat -https://access.redhat.com/knowledge/articles/66234
• Risk.io - https://www.risk.io/security
• Security Net - http://www.securitynet.org/security-researcher-acknoledgments/
• Sellfy - https://sellfy.com/security/
• Spotify - https://www.spotify.com/us/about-us/contact/report-security-issues/
• Sprout Social - http://sproutsocial.com/responsible-disclosure-policy
• Telekom - http://www.telekom.com/corporate-responsibility/security/186450
• Thingomatic - http://thingomatic.org/security.html
• 37signals - https://37signals.com/security-response
• Tuenti - http://corporate.tuenti.com/en/dev/hall-of-fame
• Twilio - https://www.twilio.com/docs/security/disclosure
• Twitter - https://twitter.com/about/security
• WizeHive -http://www.wizehive.com/special_thanks.html
• Xmarks - https://buy.xmarks.com/security.php
• Zendesk -http://www.zendesk.com/company/responsible-disclosure-policy
• Zynga - http://company.zynga.com/security/whitehats
• Product & Services (No Reward)
  • Amazon Web Services (AWS) -http://aws.amazon.com/security/vulnerability-reporting
  • Apriva - http://www.apriva.com/security
  • Authy - https://www.authy.com/security-issue
  • Blackboard - http://www.blackboard.com/footer/security-policy.aspx
  • Box - https://www.box.com/about-us/security/
  • Cisco -http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html#roosfassv
  • Cloudnetz - http://cloudnetz.com/Legal/vulnerability-testing-policy.html
  • Contant Contact -http://www.constantcontact.com/about-constant-contact/security/report-vulnerability.jsp
  • Coupa - http://trust.coupa.com/home/security/coupa-vulnerability-reporting-policy
  • Drupal - https://drupal.org/security-team
  • EMC² - http://www.emc.com/contact-us/contact/product-security-response-center.htm
  • Emptrust - http://www.emptrust.com/Security.aspx
  • Heroku - https://www.heroku.com/policy/security-hall-of-fame
  • HTC - http://www.htc.com/us/terms/product-security/
  • Huawei -http://www.huawei.com/en/security/psirt/report-vulnerabilities/index.htm
  • IBM - http://www-03.ibm.com/security/secure-engineering/report.html
  • KPN - http://www.kpn.com/Privacy.htm#tabcontent3
  • Lievensberg Hospital -http://www.lievensbergziekenhuis.nl/paginas/141-disclaimer.html
  • LinkedIn -http://help.linkedin.com/app/answers/detail/a_id/37022
  • Lookout - https://www.lookout.com/responsible-disclosure
  • Millsap Independent School District -http://www.millsapisd.net/BugReport.cfm
  • Modus CSR -http://www.moduscsr.com/security_statement.php
  • PagerDuty -http://www.pagerduty.com/security/disclosure/
  • Panzura - http://panzura.com/support/panzura-security-policy/
  • Pidgin - http://pidgin.im/security/
  • Plone -http://plone.org/products/plone/security/advisories
  • Pop Group -http://www.popgroupglobal.com/security.php
  • Reddit - http://code.reddit.com/wiki/help/whitehat
  • Relaso - http://relaso.com/disclosure
  • Salesforce -http://www.salesforce.com/company/privacy/security.jsp#vulnerability
  • Simplify - http://simplify-llc.com/simplify-security.html
  • Skoodat - http://www.skoodat.com/security
  • Scorpion Software -http://www.scorpionsoft.com/company/disclosurepolicy/
  • Square - https://squareup.com/security/levels
  • Symantec - http://www.symantec.com/security/
  • Team Unify -http://www.teamunify.com/__corp__/security.php
  • Tele2 -http://www.tele2.nl/klantenservice/veiligheid/tele2-en-veiligheid.html
  • T-Mobile (Netherlands) - http://www.t-mobile.nl/Global/media/pdf/privacy_statement_juni_2012.pdf
  • UPC -http://www.upc.nl/internet/veilig_internet/beveiligingsproblemen/
  • Viadeo - http://www.viadeo.com/aide/security/
  • Vodafone (Netherlands) -http://over.vodafone.nl/vodafone-nederland/privacy-veiligheid/beveiliging-en-bescherming/wat-doet-vodafone/meld-een-beveilig
  • VSR - http://www.vsecurity.com/company/disclosure
  • X.commerce - http://www.x.com/security
  • Xen -http://www.xen.org/projects/security_vulnerability_process.html
  • Ziggo -https://www.ziggo.nl/#klantenservice/internet/risicos-op-internet/meldpunt-beveiligingslekken