DEF CON 32 - Practical Exploitation of DoS in Bug Bounty - Roni Lupin Carta

Поделиться
HTML-код
  • Опубликовано: 9 фев 2025
  • The talk "Practical Exploitation of DoS in Bug Bounty" explains methods for identifying and exploiting Denial of Service (DoS) vulnerabilities in bug bounty programs. Starting with an overview of DoS attacks and their impact, we will highlight how these attacks disrupt services by overwhelming resources or exploiting flaws. The talk covers various DoS attack types, including N+1 errors, in-depth GraphQL crashing, and Cache Poisoning, with real-world examples demonstrating their effects.
    We will then detail practical techniques for discovering DoS vulnerabilities. This includes automated scanning tools, manual testing methods, and understanding the target system's architecture.
    N+1 errors occur when an application makes redundant database queries, significantly impacting performance. Attackers can exploit this by triggering numerous unnecessary queries, causing severe slowdowns or crashes. GraphQL, a query language for APIs, can be vulnerable to complex queries that consume excessive resources, leading to server crashes. We will show how to craft such queries and the resulting impact. Cache Poisoning involves manipulating cached data to serve malicious or incorrect content, which can disrupt services or degrade performance. We will explore techniques to poison caches and demonstrate the potential consequences.
    Additionally, the talk emphasizes the importance of responsibly reporting discovered vulnerabilities to bug bounty programs. Best practices are shared for effectively communicating findings and ensuring timely mitigation. Of course, there are some fails during this path, and those are going to be covered too.
    The session wraps up by stressing the need for continuous learning and staying updated on the latest trends in DoS attack vectors and mitigation strategies

Комментарии • 8

  • @jonathanfillion7890
    @jonathanfillion7890 3 месяца назад +4

    I'm glad the npm DOS was re-evaludated Lupin. Congrats to the NPM team as well.

  • @DemoncyberSec
    @DemoncyberSec 3 месяца назад +5

    That login page ddos is awesome bro loved it lupin bro you are always the best

  • @anuzravat
    @anuzravat 3 месяца назад +3

    underated PPT

    • @anuzravat
      @anuzravat 3 месяца назад +2

      good work idnama

  • @gentelman8179
    @gentelman8179 2 месяца назад

    The extension is not yet released

  • @fevicoI
    @fevicoI 3 месяца назад +3

    His accent is so irritating.

Следующие
Автовоспроизведение
DEF CON 32 - Top War Stories from a TryHard Bug Bounty Hunter -Justin Rhynorater Gardner50:38DEF CON 32 - Top War Stories from a TryHard Bug Bounty Hunter -Justin Rhynorater Gardner
DEF CON 32 - Top War Stories from a TryHard Bug Bounty Hunter -Justin Rhynorater GardnerDEFCONConference
Просмотров 24 тыс.
DEF CON 32 - Reflections on a Decade in Bug Bounties - Nikhil Shrivastava & Charlie Waterhouse59:13DEF CON 32 - Reflections on a Decade in Bug Bounties - Nikhil Shrivastava & Charlie Waterhouse
DEF CON 32 - Reflections on a Decade in Bug Bounties - Nikhil Shrivastava & Charlie WaterhouseDEFCONConference
Просмотров 4,6 тыс.
DEF CON 31 War Stories - Tracking the Worlds Dumbest Cyber Mercenaries - Cooper Quintin20:31DEF CON 31 War Stories - Tracking the Worlds Dumbest Cyber Mercenaries - Cooper Quintin
DEF CON 31 War Stories - Tracking the Worlds Dumbest Cyber Mercenaries - Cooper QuintinDEFCONConference
Просмотров 147 тыс.
Where I've been for the past year...23:13Where I've been for the past year...
Where I've been for the past year...CoryxKenshin
Просмотров 9 млн
Off Grid Cabin Disaster !16:33Off Grid Cabin Disaster !
Off Grid Cabin Disaster !Bushradical
Просмотров 482 тыс.
Blox Fruits ALL Changes in Dragon Rework Update17:26Blox Fruits ALL Changes in Dragon Rework Update
Blox Fruits ALL Changes in Dragon Rework UpdateMeEnyu
Просмотров 2,5 млн
We Took 100 Shots vs a Women's Pro Keeper and Scored ___ Goals22:55We Took 100 Shots vs a Women's Pro Keeper and Scored ___ Goals
We Took 100 Shots vs a Women's Pro Keeper and Scored ___ GoalsChrisMD
Просмотров 1,1 млн
Going full-time bug bounty, privilege escalation bugs and more with Douglas Day1:31:16Going full-time bug bounty, privilege escalation bugs and more with Douglas Day
Going full-time bug bounty, privilege escalation bugs and more with Douglas DayBug Bounty Reports Explained
Просмотров 10 тыс.
Gavin Klondike - The Cyberpunks Guide to Attacking and Defending Generative AI33:36Gavin Klondike - The Cyberpunks Guide to Attacking and Defending Generative AI
Gavin Klondike - The Cyberpunks Guide to Attacking and Defending Generative AIThe Long Con
Просмотров 27
DEF CON 32 -Your Smartcard is Dumb A Brief History of Hacking Access Control Systems - Chad Shortman53:22DEF CON 32 -Your Smartcard is Dumb A Brief History of Hacking Access Control Systems - Chad Shortman
DEF CON 32 -Your Smartcard is Dumb A Brief History of Hacking Access Control Systems - Chad ShortmanDEFCONConference
Просмотров 39 тыс.
DEF CON 32 - The Darkest Side of Bug Bounty - Jason Haddix32:30DEF CON 32 - The Darkest Side of Bug Bounty - Jason Haddix
DEF CON 32 - The Darkest Side of Bug Bounty - Jason HaddixDEFCONConference
Просмотров 58 тыс.
What if all the world's biggest problems have the same solution?24:52What if all the world's biggest problems have the same solution?
What if all the world's biggest problems have the same solution?Veritasium
Просмотров 1,1 млн
DEF CON 32 - Hacking Millions of Modems and Investigating Who Hacked My Modem - Sam Curry24:58DEF CON 32 - Hacking Millions of Modems and Investigating Who Hacked My Modem - Sam Curry
DEF CON 32 - Hacking Millions of Modems and Investigating Who Hacked My Modem - Sam CurryDEFCONConference
Просмотров 55 тыс.
Hacking on Bug Bounties for 10 years: Shubs' (@infosec_au) Keynote at BSides Ahmedabad 202336:35Hacking on Bug Bounties for 10 years: Shubs' (@infosec_au) Keynote at BSides Ahmedabad 2023
Hacking on Bug Bounties for 10 years: Shubs' (@infosec_au) Keynote at BSides Ahmedabad 2023BSides Ahmedabad
Просмотров 13 тыс.
DEF CON 32 - Using AI Computer Vision in Your OSINT Data Analysis - Mike Raggo52:39DEF CON 32 - Using AI Computer Vision in Your OSINT Data Analysis - Mike Raggo
DEF CON 32 - Using AI Computer Vision in Your OSINT Data Analysis - Mike RaggoDEFCONConference
Просмотров 4,8 тыс.
DEF CON 32 - Where’s the Money-Defeating ATM Disk Encryption - Matt Burch38:34DEF CON 32 - Where’s the Money-Defeating ATM Disk Encryption - Matt Burch
DEF CON 32 - Where’s the Money-Defeating ATM Disk Encryption - Matt BurchDEFCONConference
Просмотров 35 тыс.
IEM KATOWICE 2025 GRAND FINAL BO54:18:23IEM KATOWICE 2025 GRAND FINAL BO5
IEM KATOWICE 2025 GRAND FINAL BO5SL4M & Counter-Strike
Просмотров 486 тыс.
AAAaah00:10AAAaah
AAAaahTik Cover
Просмотров 350 тыс.
РИСКОВАННАЯ АТАКА. НУЖНЫ ВСЕ. ББ2025. День 2. Вечер6:52:58РИСКОВАННАЯ АТАКА. НУЖНЫ ВСЕ. ББ2025. День 2. Вечер
РИСКОВАННАЯ АТАКА. НУЖНЫ ВСЕ. ББ2025. День 2. ВечерLeBwa
Просмотров 160 тыс.
Мой тг: Подвал Стинта #стинт #stint #stintik00:29Мой тг: Подвал Стинта #стинт #stint #stintik
Мой тг: Подвал Стинта #стинт #stint #stintikStintik
Просмотров 304 тыс.
НАВИ - СПИРИТ, МАТЧ НА МИЛЛИОН ЗРИТЕЛЕЙ! КАТОВИЦЕ 202534:10НАВИ - СПИРИТ, МАТЧ НА МИЛЛИОН ЗРИТЕЛЕЙ! КАТОВИЦЕ 2025
НАВИ - СПИРИТ, МАТЧ НА МИЛЛИОН ЗРИТЕЛЕЙ! КАТОВИЦЕ 2025РАЙЗ
Просмотров 412 тыс.
НУЖЕН ТОП1 В БИТВЕ БЛОГЕРОВ. День 36:02:46НУЖЕН ТОП1 В БИТВЕ БЛОГЕРОВ. День 3
НУЖЕН ТОП1 В БИТВЕ БЛОГЕРОВ. День 3LeBwa
Просмотров 126 тыс.
Power of Makeup (Poppy Playtime)00:17Power of Makeup (Poppy Playtime)
Power of Makeup (Poppy Playtime)FASH
Просмотров 3 млн
ЧТО БЫ твоя мама СЪЕЛА за 10.000$00:55ЧТО БЫ твоя мама СЪЕЛА за 10.000$
ЧТО БЫ твоя мама СЪЕЛА за 10.000$Никита Удановский
Просмотров 429 тыс.