✉️ Sign up for the mailing list ✉️ https://mailing.bugbountyexplained.com/
?Get a free 2 week trial of Detectify – the sponsor of today’s video? https://www.detectify.com/bbre

This video is an explanation of the attack on AWS S3 implementation on undisclosed bug bounty platform. The vulnerability was found by Frans Rosen and he got $25,000 bounty for it.

? Get $100 in credits for Digital Ocean ?
https://m.do.co/c/cc700f81d215

✎Sign up for Pentesterlab from my referral✎
https://pentesterlab.com/referral/Vtch_7hLg32TqA

Report:
https://labs.detectify.com/2018/08/02/bypassing-exploiting-bucket-upload-policies-signed-urls/

Reporter’s twitter:
https://twitter.com/fransrosen

Follow me on twitter:
https://twitter.com/gregxsunday

Timestamps:
00:00 Intro
00:23 Detectify – the sponsor of the video
00:59 AWS S3
01:55 signed URLs
03:42 attacking signed URLs implementations

Add comment

Your email address will not be published. Required fields are marked *