How to do account takeover? Case study of 146 bug bounty reports

Рет қаралды 11,209

Күн бұрын

Пікірлер: 30

@BugBountyReportsExplained Жыл бұрын

Welcome to the comment section! I hope you enjoyed the video about one chapter of this case study. Remember that the full article along with the checklist and report database is avaiable in BBRE Premium: bbre.dev/atocs

@BugBountyReportsExplained Жыл бұрын

@@shanks2906 In none. I've never been a developer so I'm not an expert in any but I can code stuff in Python, JavaScript and recently Golang

@waleedbutt885 Жыл бұрын

Sir Will you tell from where you get all these reports and how you manage to make a perfect table of thats in notion

@BugBountyReportsExplained Жыл бұрын

@@waleedbutt885 I described the methodology here: www.bugbountyexplained.com/what-functionalities-are-most-often-vulnerable-to-ssrfs-case-study-of-124-bug-bounty-reports/

@_CryptoCat Жыл бұрын

Love these case studies! 🔥

@neiltsakatsa Жыл бұрын

AMAZING RESEARCH! 🤯🤯🤯

@KarahannAe Жыл бұрын

29:30 There are mail filters that auto follow links. So if the user has this set up they won't have to click the link. This is usually done to protect user against phising attacks but in this case it works for the attacker.

@BugBountyReportsExplained Жыл бұрын

Thank you for letting me know! I started to wonder about this very thing when creating the video because whenever I send a mass email, I run it through mail-tester which follows all the links. I started wondering if eg Gmail does the same

@KarahannAe Жыл бұрын

@@BugBountyReportsExplained I believe Office 365's ATP has an option to watch over links. I think it auto clicks them.

@joefawcett2191 Жыл бұрын

Loving all the content, thanks again

@yuvi_white_hat1942 Жыл бұрын

Just awsome case study man🔥🔥 May i know what kind of platform are you using to log all the items?

@BugBountyReportsExplained Жыл бұрын

I use Notion

@alissonbezerra7 Жыл бұрын

Great! Thank you.

@pr0xy_ Жыл бұрын

hello, greg. Thank you for these kind of videos. Always look forward to them. I was wodnering, since you study sooo many writeups do you feel like you learn a lot from them or they help in your hunting/methodology. Asking since everyone is always suggesting to read write ups and all as a great resource for bug hunters.

@BugBountyReportsExplained Жыл бұрын

Yes, absolutely!

@uttarkhandcooltech1237 Жыл бұрын

can u give me the name of the website where all bug has been public

@BugBountyReportsExplained Жыл бұрын

it's in the description

@eyephpmyadmin6988 Жыл бұрын

@@BugBountyReportsExplained it ain't very public if you have to pay for it, at least make some free or make the site exploitable so the ones who have the skill and want it don't gotta pay, something like that. Im gonna find out if that's not already the case I hope your API is secure, actually no I dont

@thinkingonyx847 Жыл бұрын

Anyone know any decent CTF's inspired by real would bug bounty reports which exploit account takeover bugs?

@nanonano-k2u Жыл бұрын

can you tell us in vidéo how you begin in bug bounty and whats the best road map to learn bug bounty on your opinion please

@rxtechandtrading Жыл бұрын

bro where do you live?? I assume u r french??? Anyway, I like ur accent, better than most people who do tutorials on KZbin- or what i like to call scam tube

@BugBountyReportsExplained Жыл бұрын

In Poland ;)

@SharanG73 Жыл бұрын

What are the book u have please tell....

@BugBountyReportsExplained Жыл бұрын

the one just in front is Read-World bug hunting by Pete Yaworski and that's just about the only bug bounty related bug there. The test is about business and personal growth.

@SharanG73 Жыл бұрын

@@BugBountyReportsExplained put a seperate a video for what are the book using that is useful for us...

@SharanG73 Жыл бұрын

@Bug Bounty Reports Explained i recently watch your is nice and useful in 3:25 is software or a web site and name is?....please reply