all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

177 - Web Hackers vs. Cars and a Facebook Account Takeover [Bug Bounty Podcast]

Add to bookmarks
Jan. 10, 2023, 9 p.m. | DAY[0]

DAY[0] www.youtube.com

First episode of the new year, and we've got some cool stuff. Several authentication issues and "class pollution" in Python.

Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/177.html

[00:00:00] Introduction
[00:00:31] ReDoS "vulnerabilities" and misaligned incentives
[00:17:14] Web Hackers vs. The Auto Industry
[00:37:19] Prototype Pollution in Python
- Correction: We discuss a bit of a disagreement regarding calling the issue "Prototype Pollution" in Python, turns out we missed the fact the author calls it "Class Pollution" …

account account takeover authentication author auto auto industry bounty bug bug bounty cars class discuss facebook fact hackers incentives industry introduction issue new year podcast prototype python redos takeover vulnerabilities web

Visit resource

More from www.youtube.com / DAY[0]

253 - A Retrospective and Future Look Into DAY[0] 2 weeks ago | www.youtube.com
air bounty change future +5
252 - Bypassing KASLR and a FortiGate RCE [Binary Exploitation Podcast] 1 month, 1 week ago | www.youtube.com
aslr binary binary exploitation bypass +23
251 - RCE'ing Mailspring and a .NET CRLF Injection [Bug Bounty Podcast] 1 month, 2 weeks ago | www.youtube.com
attack attack chain attacks bounty +16
Future of Exploit Development Follow-up (Episode 250) 1 month, 2 weeks ago | www.youtube.com
corruption development exploit exploit development +9
249 - libXPC to Root and Digital Lockpicking [Bug Bounty Podcast] 1 month, 3 weeks ago | www.youtube.com
android authentication authentication bypass bounty +22
248 - Binary Ninja Free and K-LEAK [Binary Exploitation Podcast] 1 month, 3 weeks ago | www.youtube.com
automated binary binary exploitation binary ninja +13
247 - Hacking Google AI and SAML [Bug Bounty Podcast] 1 month, 4 weeks ago | www.youtube.com
auth authentication authentication bypass automated +25
246 - Rust Memory Corruption??? [Binary Exploitation Podcast] 2 months ago | www.youtube.com
access array binary binary exploitation +21
245 - A PHP and Joomla Bug and some DOM Clobbering [Bug Bounty Podcast] 2 months ago | www.youtube.com
api bounty bug bug bounty +20

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Intern, Cyber Security Vulnerability Management

@ Grab | Petaling Jaya, Malaysia
View on infosec-jobs.com

Compliance - Global Privacy Office - Associate - Bengaluru

@ Goldman Sachs | Bengaluru, Karnataka, India
View on infosec-jobs.com

Cyber Security Engineer (m/w/d) Operational Technology

@ MAN Energy Solutions | Oberhausen, DE, 46145
View on infosec-jobs.com

Armed Security Officer - Hospital

@ Allied Universal | Sun Valley, CA, United States
View on infosec-jobs.com

Governance, Risk and Compliance Officer (Africa)

@ dLocal | Lagos (Remote)
View on infosec-jobs.com

Junior Cloud DevSecOps Network Engineer

@ Accenture Federal Services | Arlington, VA
View on infosec-jobs.com
View more jobs