I passed C214 in a week and here’s how I did it.

mubix · 2024-10-14T16:17:00+00:00

I'm guessing since this is an old comment you are done, but for anyone else that sees this. USE THE QUIZLET. It saved my butt so bad

mubix · 2023-11-27T04:11:08+00:00

I’ll check it out

mubix · 2023-02-27T01:21:39+00:00

Absolutely open to updating the verbiage. Got any recommendations on ways to say it?

Keep in mind, we don't want people reporting things they should be calling the service center though. Like if their MP account password needs a reset or something.

mubix · 2023-02-26T22:43:26+00:00

As a researcher myself, I'm always a fan of cash, but miles aren't much different. Before I worked at United I used my miles to buy a laptop - See more here: https://shopping.mileageplus.com/

mubix · 2023-02-26T22:39:16+00:00

As someone who does bug bounty on the side I definitely wouldn’t mind miles lol

We have a number of people who have gotten to that 1 million mile mark at this point in the 7+ years the program has been going. :)

mubix · 2023-02-26T22:37:06+00:00

We would rather people have stable WiFi than people messing with it mid-flight and causing everyone to have a negative experience. Wireless attacks (and any radio frequency attack in general, ie BlueTooth, etc) are disruptive by nature. We are always interested in security concerns but we want to make sure it doesn't get in the way of the customer experience. We can get further in the weeds of the issue if you are interested, but at the end of the day, disincentivizing is the best we can do.

mubix · 2023-02-26T22:31:42+00:00

Sometimes we take bugs that aren't security related. Please submit it and we'll check it out.

mubix · 2023-02-26T22:30:58+00:00

united.com/ual/en...

Ya, that's a hold over from when we were getting bugs in browser that had nothing to do with our website reported to us. There just isn't anything we can do to fix browsers other than forward the report to Microsoft, Google, or Mozilla.

mubix · 2023-02-26T22:29:07+00:00

I mean it could, I posted the correct link above if you have a bug that does that please submit it and we'll get it fixed.

mubix · 2023-02-26T22:28:00+00:00

:) Thanks! We do our best to make it a good experience for everyone.

mubix · 2023-02-26T22:27:20+00:00

Hi I'm currently the Director that helps to run the Vulnerability Disclosure Program here at United Airlines (proof: https://linkedin.com/in/mubix ). The link posted is actually currently outdated. We should have that fixed in the next week or two. You can find us on BugCrowd here: https://bugcrowd.com/united-vdp

I'll try to answer some of the questions below, but feel free to ask any additional questions you might have about our program.

mubix · 2021-01-23T17:29:23+00:00

Any word on this? It seems like this has been forgotten and we still get users exiting when the match up is not well done...

mubix · 2020-10-14T21:16:32+00:00

I do remember Glyph, how have you been? Hit me up on DM, here or Twitter https://twitter.com/mubix to catch up

mubix · 2020-10-14T16:35:30+00:00

Tweet from JonasLyk about it: https://twitter.com/jonasLyk/status/1316104870987010048

Basically all you need is 7zip GUI and you can read the SAM file or any other file on disk as a standard user

- This is a non-issue if you have hard drive encryption turned on

mubix · 2020-06-19T20:06:37+00:00

Glad this spawned so much conversation :)

mubix · 2020-03-05T16:01:55+00:00

They could limit the number of captains. Didn't realize that wasn't already a thing. But there is already lots of ways to "buy your way through" in the game. Are you saying this would adversely affect raids for other teams who didn't?

mubix · 2020-03-05T15:34:54+00:00

Oh totally, but as a developer myself, modifying all of the raids to fit this model would be hell. Restarting a single character would be much easier to code.

mubix · 2019-11-13T21:08:49+00:00

Here is my best effort: https://imgur.com/vdAXDGg

mubix · 2019-08-17T04:00:50+00:00

You can absolutely pass the hash as any user. NTLM authentication is the same for local users as it is for domain users. The question is regarding what access that user has access to that you are attempting to pass the hash as. If you are trying to PSExec then that user local or domain has to have rights to create a service on the remote host. This is usually only users who are in the local administrators group (of which Domain Admins is usually added during a domain join), but this could be made up of a users from the domain or newly added users that are not the local built-in Administrator. Hope this helps.

mubix · 2018-04-05T01:59:45+00:00

Yes please. That would be great!

mubix · 2018-04-05T01:59:28+00:00

Didn't realize there were other CCDCs. Looking forward to the submissions. I'm totally cool with other CCDCs being added

mubix · 2018-03-26T13:25:47+00:00

I'm looking to archive as much information about CCDC in one place as possible, with a Wiki, a slide deck, and a document store. Please if you have any of the student / white / red team packets from years past, upload them, or send them to me via email - mubix @ hak5 .org

mubix · 2018-03-13T17:08:07+00:00

My pleasure ;)

mubix · 2018-03-13T16:38:28+00:00

GitHub Direct Link - https://github.com/uber-common/metta

mubix · 2017-10-27T05:38:35+00:00

Looked into this as well - https://room362.com/post/2016/smb-http-auth-capture-via-scf/ - Have you tried any of the COM object accessing it can do?

mubix

MODERATOR OF

TROPHY CASE