Top privilege escalation techniques – bug bounty case study
???? Subscribe to BBRE Premium: https://bbre.dev/premium
✉️ Sign up for the mailing list: https://bbre.dev/nl
???? Follow me on Twitter: https://bbre.dev/tw
This video is the part of case study of 162 disclosed privilege escalation bug bounty reports.
Mention Shopify video: https://youtu.be/ZFst3-r-9Lg
???? Get $100 in credits for Digital Ocean: https://bbre.dev/do
Timestamps:
00:00 Intro
00:18 Reading data
03:09 Creating or modifying resources
05:51 Permanently escalating permissions within the organisation
08:16 Deleting resources
12:06 The attacker keeps old privileges
14:54 Joining another organisation
16:51 Paywall bypasses
17:36 Bypassing victim’s confirmation
18:50 Overpermissive OAuth app
Add comment