How to do account takeover? Case study of 146 bug bounty reports

  Рет қаралды 11,211

Bug Bounty Reports Explained

Bug Bounty Reports Explained

Күн бұрын

Пікірлер: 30
@BugBountyReportsExplained
@BugBountyReportsExplained Жыл бұрын
Welcome to the comment section! I hope you enjoyed the video about one chapter of this case study. Remember that the full article along with the checklist and report database is avaiable in BBRE Premium: bbre.dev/atocs
@BugBountyReportsExplained
@BugBountyReportsExplained Жыл бұрын
@@shanks2906 In none. I've never been a developer so I'm not an expert in any but I can code stuff in Python, JavaScript and recently Golang
@waleedbutt885
@waleedbutt885 Жыл бұрын
Sir Will you tell from where you get all these reports and how you manage to make a perfect table of thats in notion
@BugBountyReportsExplained
@BugBountyReportsExplained Жыл бұрын
@@waleedbutt885 I described the methodology here: www.bugbountyexplained.com/what-functionalities-are-most-often-vulnerable-to-ssrfs-case-study-of-124-bug-bounty-reports/
@_CryptoCat
@_CryptoCat Жыл бұрын
Love these case studies! 🔥
@neiltsakatsa
@neiltsakatsa Жыл бұрын
AMAZING RESEARCH! 🤯🤯🤯
@KarahannAe
@KarahannAe Жыл бұрын
29:30 There are mail filters that auto follow links. So if the user has this set up they won't have to click the link. This is usually done to protect user against phising attacks but in this case it works for the attacker.
@BugBountyReportsExplained
@BugBountyReportsExplained Жыл бұрын
Thank you for letting me know! I started to wonder about this very thing when creating the video because whenever I send a mass email, I run it through mail-tester which follows all the links. I started wondering if eg Gmail does the same
@KarahannAe
@KarahannAe Жыл бұрын
@@BugBountyReportsExplained I believe Office 365's ATP has an option to watch over links. I think it auto clicks them.
@joefawcett2191
@joefawcett2191 Жыл бұрын
Loving all the content, thanks again
@yuvi_white_hat1942
@yuvi_white_hat1942 Жыл бұрын
Just awsome case study man🔥🔥 May i know what kind of platform are you using to log all the items?
@BugBountyReportsExplained
@BugBountyReportsExplained Жыл бұрын
I use Notion
@alissonbezerra7
@alissonbezerra7 Жыл бұрын
Great! Thank you.
@pr0xy_
@pr0xy_ Жыл бұрын
hello, greg. Thank you for these kind of videos. Always look forward to them. I was wodnering, since you study sooo many writeups do you feel like you learn a lot from them or they help in your hunting/methodology. Asking since everyone is always suggesting to read write ups and all as a great resource for bug hunters.
@BugBountyReportsExplained
@BugBountyReportsExplained Жыл бұрын
Yes, absolutely!
@uttarkhandcooltech1237
@uttarkhandcooltech1237 Жыл бұрын
can u give me the name of the website where all bug has been public
@BugBountyReportsExplained
@BugBountyReportsExplained Жыл бұрын
it's in the description
@eyephpmyadmin6988
@eyephpmyadmin6988 Жыл бұрын
@@BugBountyReportsExplained it ain't very public if you have to pay for it, at least make some free or make the site exploitable so the ones who have the skill and want it don't gotta pay, something like that. Im gonna find out if that's not already the case I hope your API is secure, actually no I dont
@thinkingonyx847
@thinkingonyx847 Жыл бұрын
Anyone know any decent CTF's inspired by real would bug bounty reports which exploit account takeover bugs?
@nanonano-k2u
@nanonano-k2u Жыл бұрын
can you tell us in vidéo how you begin in bug bounty and whats the best road map to learn bug bounty on your opinion please
@rxtechandtrading
@rxtechandtrading Жыл бұрын
bro where do you live?? I assume u r french??? Anyway, I like ur accent, better than most people who do tutorials on KZbin- or what i like to call scam tube
@BugBountyReportsExplained
@BugBountyReportsExplained Жыл бұрын
In Poland ;)
@SharanG73
@SharanG73 Жыл бұрын
What are the book u have please tell....
@BugBountyReportsExplained
@BugBountyReportsExplained Жыл бұрын
the one just in front is Read-World bug hunting by Pete Yaworski and that's just about the only bug bounty related bug there. The test is about business and personal growth.
@SharanG73
@SharanG73 Жыл бұрын
@@BugBountyReportsExplained put a seperate a video for what are the book using that is useful for us...
@SharanG73
@SharanG73 Жыл бұрын
@Bug Bounty Reports Explained i recently watch your is nice and useful in 3:25 is software or a web site and name is?....please reply
@mohammedeldawody...6165
@mohammedeldawody...6165 Жыл бұрын
Thank you
@saurabhbhardwaj3427
@saurabhbhardwaj3427 Жыл бұрын
Osm content
@jayute4956
@jayute4956 3 ай бұрын
Wow AI
@windwest720
@windwest720 Жыл бұрын
Joke: "Closed: No impact."
IDOR - how to predict an identifier? Bug bounty case study
23:55
Bug Bounty Reports Explained
Рет қаралды 16 М.
Top privilege escalation techniques - bug bounty case study
22:41
Bug Bounty Reports Explained
Рет қаралды 2,2 М.
HELP!!!
00:46
Natan por Aí
Рет қаралды 76 МЛН
How To Choose Mac N Cheese Date Night.. 🧀
00:58
Jojo Sim
Рет қаралды 86 МЛН
Where are all the RCEs? RCE case study
25:12
Bug Bounty Reports Explained
Рет қаралды 8 М.
BSidesBUD2022: Bug Bounty Recon The Right Way
25:00
BSides Budapest IT Security Conference
Рет қаралды 11 М.
DEF CON 32 - The Darkest Side of Bug Bounty - Jason Haddix
32:30
DEFCONConference
Рет қаралды 45 М.
The Circle of Unfixable Security Issues
22:13
LiveOverflow
Рет қаралды 116 М.
Turning unexploitable XSS into an account takeover with Matan Berson
23:46
Bug Bounty Reports Explained
Рет қаралды 14 М.
WHY YOU SUCK AT HACKING // How To Bug Bounty
10:05
NahamSec
Рет қаралды 22 М.
What functionalities are vulnerable to SSRFs? Case study of 124 bug bounty reports
19:58
Bug Bounty Reports Explained
Рет қаралды 16 М.
How to get greater bounties for MEDIUM and LOW risk reports? Account takeover - Stripe
12:55
What types of DoS bugs will get you a bounty? Case study of 138 DoS bug bounty reports
19:36
HELP!!!
00:46
Natan por Aí
Рет қаралды 76 МЛН