– Can I use your websites materials such as your notes, articles, and so on please?
Yes, sure, I’m writing for this reason. But I have a request: if you would like to use my blog materials (such as documents, articles, ideas, and so on) , please write my name “Soroush Dalili” and my website address “soroush.secproject.com” clearly on it.
– Why do you use WordPress? Is it the most secure web application?
I do not think that WordPress is completely secure. However, it has an awesome team who cares about it and constantly supports it.
– Why do you want to publish the vulnerabilities?
I like to share my knowledge with the security researchers and the developers, and I also want to show off my skills too!?!!
– When do you publish a vulnerability as an advisory? Do you release them as 0-dayz?
Well, it depends on the vulnerability. If the impact is high, I will post it to the vendor first and usually a week after the hotfix I will publish it.
– Do you also publish the exploits?
I might submit a proof of concept (PoC ) with an advisory but not an exploit that can harm others. Sometimes a PoC is very similar to an exploit code, but it’s not the same always!
– Can I send you a vulnerability?
I love to have some 0-dayz as long as you do not exploit me! I like to see your methods and I will keep it secret if you want me to.
– Do you have any 0-day vulnerability which you don’t want to publish or share?
Everybody has some secrets in his/her life. I like responsible disclosure though. And, your question is not clear!
– Do you sell your vulnerabilities?
No. But, upon your request, I can find your web application (you should be its owner) vulnerabilities for this reason. Please send me an email for more information.
– Can I send you my web application for the security testing?
Yes, but it cannot be free unless I can receive credit for it.
– Breaker or a builder?
It is more fun to be a breaker. I try to be constructive though.