all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

How to do account takeover? Case study of 146 bug bounty reports

Add to bookmarks
June 13, 2023, 3:21 p.m. | Bug Bounty Reports Explained

Bug Bounty Reports Explained www.youtube.com

📕 The full case study: https://bbre.dev/atocs
📧 Subscribe to BBRE Premium: https://bbre.dev/premium
✉️ Sign up for the mailing list: https://bbre.dev/nl
📣 Follow me on Twitter: https://bbre.dev/tw

I studied 146 disclosed bug bounty reports and in this video, I'm showing you what techniques for taking over an account are most common.

Videos mentioned:
https://youtu.be/HnI0w156rtw
https://youtu.be/MXH1HqTFNm0
https://youtu.be/ZFst3-r-9Lg
https://youtu.be/pk7oYuz4x0Q
https://youtu.be/JiMzpjgAXv8

Timestamps:

00:00 Intro
00:30 Clickjacking
3:14 Pre-account takeover
5:36 Direct authentication bypass
13:22 SSO takeover
23:11 Reset victim's password

account account takeover authentication authentication bypass bounty bug bug bounty bypass clickjacking password reports reset sso takeover techniques victim video videos

Visit resource

More from www.youtube.com / Bug Bounty Reports Explained

Minimising user interaction for OAuth account takeovers 2 days, 15 hours ago | www.youtube.com
account account takeovers oauth takeovers
Do not use the script tag when testing for XSS 3 days, 15 hours ago | www.youtube.com
script tag testing xss
Leaking GitHub's 1220 env variables #BBRENewsletter75 1 week, 1 day ago | www.youtube.com
env github
Always check this when bypassing SSRF filters #BBRENewsletter75 1 week, 3 days ago | www.youtube.com
bypassing check ssrf
HTTP Multiline headers #bugbounty #bugbountytips #bugbountyhunter 3 weeks, 4 days ago | www.youtube.com
bug characters class down +12
Browser-powered desync #bugbounty #bugbountytips #bugbountyhunter 3 weeks, 5 days ago | www.youtube.com
bug characters class down +12
Trailer - HTTP feature you did not know about #bugbounty #bugbountytips #bugbountyhunter 4 weeks ago | www.youtube.com
bug characters class down +12
Node.js’ strange behaviour leads to request smuggling #bugbounty #bugbountytips #bugbountyhunter 4 weeks, 1 day ago | www.youtube.com
bug characters class down +12
Request smuggling - do more than running tools! HTTP Request smuggling bug bounty case study 1 month ago | www.youtube.com
bug characters class down +12

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada
View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA
View on infosec-jobs.com

Consultant Sécurité SI Gouvernance - Risques - Conformité H/F - Strasbourg

@ Hifield | Strasbourg, France
View on infosec-jobs.com

Lead Security Specialist

@ KBR, Inc. | USA, Dallas, 8121 Lemmon Ave, Suite 550, Texas
View on infosec-jobs.com

Consultant SOC / CERT H/F

@ Hifield | Sèvres, France
View on infosec-jobs.com