all InfoSec news
My $20,000 S3 bug that leaked everyone’s attachments - S3 bucket misconfig of pre-signed URLs
Oct. 5, 2023, 1:52 p.m. | Bug Bounty Reports Explained
Bug Bounty Reports Explained www.youtube.com
✉️ Sign up for the mailing list: https://bbre.dev/nl
📣 Follow me on Twitter: https://bbre.dev/tw
This video is an explanation of a $20,000 vulnerability in S3 integration that I discovered in a private bug bounty program.
The @criticalthinkingpodcast episode with Alex Champan: https://youtu.be/zYjbItyOoRY?si=lv6-PIXQK5DdxQlF
The video from 2021: https://www.youtube.com/watch?v=G7Pre3Y46Fs
🖥 Get $100 in credits for Digital Ocean: https://bbre.dev/do
Timestamps:
00:00 Intro
00:28 How did I approach my target?
01:50 How do S3 pre-signed URLs work?
04:36 …
bounty bug bug bounty bug bounty program impact integration private program target timestamps urls video vulnerability work
More from www.youtube.com / Bug Bounty Reports Explained
HTTP Multiline headers #bugbounty #bugbountytips #bugbountyhunter
1 week, 3 days ago |
www.youtube.com
Browser-powered desync #bugbounty #bugbountytips #bugbountyhunter
1 week, 4 days ago |
www.youtube.com
Client-side path traversal #bugbounty #bugbountytips #bugbountyhunter
1 month, 1 week ago |
www.youtube.com
Jobs in InfoSec / Cybersecurity
Social Engineer For Reverse Engineering Exploit Study
@ Independent study | Remote
SITEC- Systems Security Administrator- Camp HM Smith
@ Peraton | Camp H.M. Smith, HI, United States
Cyberspace Intelligence Analyst
@ Peraton | Fort Meade, MD, United States
General Manager, Cybersecurity, Google Public Sector
@ Google | Virginia, USA; United States
Cyber Security Advisor
@ H&M Group | Stockholm, Sweden
Engineering Team Manager – Security Controls
@ H&M Group | Stockholm, Sweden