How to do account takeover? Case study of 146 bug bounty reports
? Subscribe to BBRE Premium: https://bbre.dev/premium
✉️ Sign up for the mailing list: https://bbre.dev/nl
? Follow me on Twitter: https://bbre.dev/tw
I studied 146 disclosed bug bounty reports and in this video, I’m showing you what techniques for taking over an account are most common.
Videos mentioned:
https://youtu.be/HnI0w156rtw
https://youtu.be/MXH1HqTFNm0
https://youtu.be/ZFst3-r-9Lg
https://youtu.be/pk7oYuz4x0Q
https://youtu.be/JiMzpjgAXv8
Timestamps:
00:00 Intro
00:30 Clickjacking
3:14 Pre-account takeover
5:36 Direct authentication bypass
13:22 SSO takeover
23:11 Reset victim’s password
Add comment