MS Yammer API - Bypass & Persistent Vulnerabilities (PoC Video Demonstration)

After our pentests against the yammer social network we are able to provide a video after a patch has been successful implemented by the msrc team. The video is a live pentest session of the core team researcher ateeq ur rehman kahn in the microsoft yammer service. The demonstration video shows how to bypass the yammer api filter to execute own script codes on the application-side of the vulnerable yammer online-service. The issues has already been patched by the msrc team after a large documentation phase.

15.000$ to safe the Captain - John Draper Healthcare Campaign

During the last months we received several notify mails and messages of John Draper alias Captain Crunch from hospital in the usa. He told us that he have multiple problems with the cost of his healthcare costs. A short time ago the doctor told him that he maybe will lose his leg in the near future.

The core team made some silent calls around him. All what happened to him was with negatively affected by the costs that he wasn't able to cover. Like everybody knows the us healtcare system is not the best, especially to a branded phreaker like john that is in a well connection to the local government since the 80`s.

Oliver S. and Benjamin K.M. came together in a conference and notified several magazine partners and individuals to sahre a campaign that helps john draper to cover the costs.