I have found a zero day on a server that the local hacking league uses for most of their scenarios during competitions. It isn't huge or anything but it does help me get in and I am hoping to get it working with some MSF payload. My question is, is it ethical for me to keep this zero day a secret so I can use it during my competition or should I report it now?
Forum Thread: Is It Ethical to Keep a Zero Day for a Competition?
- Hot
- Active
-
Forum Thread:
An Idea for Wifi Password Hacking
0
Replies
3 hrs ago -
Forum Thread:
Blue Screen Kali
5
Replies
15 hrs ago -
Forum Thread:
Persistent Backdoor Payload in an Original .Apk File??
6
Replies
18 hrs ago -
Forum Thread:
Kali Linux WiFi Problem?
40
Replies
1 day ago -
Forum Thread:
How to Hack Wifi Network with CMD
81
Replies
4 days ago -
Forum Thread:
How to Make an Anonymous Purchase Online Using a Stolen Credit Card?
0
Replies
4 days ago -
Forum Thread:
how did elliot hacked white rose phone?? is it possible to really do this?
0
Replies
4 days ago -
Forum Thread:
Show ' Stopped Working ' Error in Android PAYLOAD Meterpreter Session Is Not Created .. How to Solve This ?
2
Replies
5 days ago -
Forum Thread:
Cannot Add New Packages in Kali on Android
1
Replies
5 days ago -
Forum Thread:
Android Unlimited Access.
1
Replies
5 days ago -
Metasploit:
Handler Failed to Bind
3
Replies
5 days ago -
stdapi_fs_stat:
Operation Failed: 1 || Error on Creating Android/Meterpreter/reverse_tcp Session
1
Replies
5 days ago -
How to:
HACK Android Device with TermuX on Android | Part #2 - Over WLAN Hotspot [Ultimate Guide]
18
Replies
5 days ago -
Forum Thread:
Fluxion Not Working
5
Replies
5 days ago -
Forum Thread:
When I Dual-Boot Kali Linux on My USB to My Windows 10 Laptop, All the Stuff I Downloaded Goes Away
0
Replies
1 wk ago -
Forum Thread:
Looking for Someone Knowledgeable in BeEF
0
Replies
1 wk ago -
Forum Thread:
Can I Install Kali on My Hdd and Keep My Windows on My Sdd
0
Replies
1 wk ago -
Forum Thread:
PenTesting "Framework"
0
Replies
1 wk ago -
How to:
Crack Instagram Passwords Using Instainsane
15
Replies
1 wk ago -
Forum Thread:
How to Gain Access to an Android Over WAN
20
Replies
1 wk ago
-
BT Recon:
How to Snoop on Bluetooth Devices Using Kali Linux
-
How To:
Break into Router Gateways with Patator
-
How To:
Brute-Force SSH, FTP, VNC & More with BruteDum
-
How To:
Crack Any Master Combination Lock in 8 Tries or Less Using This Calculator
-
How To:
4 Ways to Crack a Facebook Password & How to Protect Yourself from Them
-
How To:
Get Unlimited Free Trials Using a "Real" Fake Credit Card Number
-
How To:
Top 10 Things to Do After Installing Kali Linux
-
How To:
Buy the Best Wireless Network Adapter for Wi-Fi Hacking in 2019
-
Hack Like a Pro:
How to Hack Facebook (Facebook Password Extractor)
-
Android for Hackers:
How to Turn an Android Phone into a Hacking Device Without Root
-
How To:
Crack Wi-Fi Passwords with Your Android Phone and Get Free Internet!
-
How To:
Steal Ubuntu & MacOS Sudo Passwords Without Any Cracking
-
How to Hack Wi-Fi:
Stealing Wi-Fi Passwords with an Evil Twin Attack
-
How To:
Check if Your Wireless Network Adapter Supports Monitor Mode & Packet Injection
-
Hacking Windows 10:
How to Create an Undetectable Payload, Part 1 (Bypassing Antivirus Software)
-
How to Hack Wi-Fi:
Cracking WPA2 Passwords Using the New PMKID Hashcat Attack
-
How To:
Find Passwords in Exposed Log Files with Google Dorks
-
Mac for Hackers:
How to Get Your Mac Ready for Hacking
-
How to Hack Wi-Fi:
Get Anyone's Wi-Fi Password Without Cracking Using Wifiphisher
-
How To:
Load Kali Linux on the Raspberry Pi 4 for the Ultimate Miniature Hacking Station
3 Responses
Ethical hackers keep their 0day to themselves all the time. Check out this killer "0day" that a hacker saved until Blackhat this year: "Funtenna"
I would say the benefits of keeping it to yourself for a convention is more "fame or fortune" motivation but there are plenty of ethical reasons to keep 0 day to yourself.
Namely, even if you aren't the first to know about it, it isn't widely known so it isn't being widely exploited. Maybe you want to keep it to yourself or a small group to develop a patch first and then release the exploit. Maybe you release the exploit to persuade (coerce) the vendor to release a patch for their software.
Bottom line is, it's up to you and your own definition of right or wrong. When yo do release it, please write a tutorial.
It is still in the early stages, I haven't even done more than manually do the exploit. If I get it good enough I can post it here.
it might not be a zero day anymore when the competition comes.
Share Your Thoughts