Where are all the RCEs? RCE case study

Поделиться
HTML-код
  • Опубликовано: 5 авг 2024
  • 📚 Full case study: members.bugbountyexplained.com...
    📧 Subscribe to BBRE Premium: bbre.dev/premium
    ✉️ Sign up for the mailing list: bbre.dev/nl
    📣 Follow me on Twitter: bbre.dev/tw
    This video is a part of an RCE case study where I studied 126 disclosed RCE bug bounty reports to learn how are people actually making money with RCEs. In this video, I go through different functionalities in which RCEs were common.
    Videos:
    • $50,000 0-day RCE on A...
    • $25,000 GitHub pages R...
    • $20,000 RCE in GitLab ...
    • How to turn SQL inject...
    • What functionalities a...
    • $130,000+ Learn New Ha...
    🖥 Get $100 in credits for Digital Ocean: bbre.dev/do
    Timestamps:
    00:00 Intro
    00:27 Imports/Sharing
    2:36 Other
    3:50 File uploads
    6:56 Authentication
    8:59 High-privilege funcionality
    10:43 Cloud
    11:35 Templates
    12:41 SQL query
    13:17 Installing packages
    15:44 0day
    16:38 Image processing
    18:14 Executing commands/code
    20:25 SMTP/DB configuration
    21:29 Making requests
    23:14 Headless browser
  • НаукаНаука

Комментарии • 15

  • @BugBountyReportsExplained
    @BugBountyReportsExplained  8 месяцев назад +4

    You can now join BBRE Premium with $20 OFF using the code BLACKFRIDAY. Go to bbre.dev/premium

  • @fantasm0-
    @fantasm0- 7 месяцев назад +1

    I'm going to subscribe to premium...Love your work. Thank you for what you do!

  • @otixtools
    @otixtools 7 месяцев назад +2

    Hi brother , i have recently reported a bug on a iphone to apple,and they replied after some time ( like 20 days) " we are going to adress this issue in a future security update , thanks for sending this our way" , do u think they will give me bug bountry reward for this?

  • @shohaghasan5641
    @shohaghasan5641 8 месяцев назад

    Just wow!

  • @unknown9860
    @unknown9860 7 месяцев назад +1

    Can you give us the link to this source

  • @_CryptoCat
    @_CryptoCat 8 месяцев назад

    2:40 - not sure about the rest of the "other" section but I would probably label the first example "misconfiguration".

  • @ahmetsaric5364
    @ahmetsaric5364 4 месяца назад

    Hello, and thank You a lot

  • @kittoh_
    @kittoh_ 8 месяцев назад

    Can you make a video explaining how you conduct your case studies? It would be awesome! Great vid btw.

    • @BugBountyReportsExplained
      @BugBountyReportsExplained  8 месяцев назад +4

      I described my methodology in the first case study: www.bugbountyexplained.com/what-functionalities-are-most-often-vulnerable-to-ssrfs-case-study-of-124-bug-bounty-reports/

    • @kittoh_
      @kittoh_ 8 месяцев назад +1

      @@BugBountyReportsExplainedHey man! That's awesome! Greatly appreciated.

  • @bloodnation6924
    @bloodnation6924 8 месяцев назад

    hi
    thx 4 your good vids.
    i want to ask you somthing.
    can you make a public project in notion and share your write-ups and other useful stuff in it?

  • @jrtishner
    @jrtishner 8 месяцев назад

    😎🤜🤛😎

  • @mnageh-bo1mm
    @mnageh-bo1mm 8 месяцев назад

    nice video , it was all over the place tho : |

  • @johnhack67
    @johnhack67 7 месяцев назад

    Jestes u Bombala Top Hacking Books for 2024 (plus Resources): FREE and Paid :-) Congratz

Следующие
Автовоспроизведение
What types of DoS bugs will get you a bounty? Case study of 138 DoS bug bounty reports19:36What types of DoS bugs will get you a bounty? Case study of 138 DoS bug bounty reports
What types of DoS bugs will get you a bounty? Case study of 138 DoS bug bounty reportsBug Bounty Reports Explained
Просмотров 3,9 тыс.
How to turn a write-based path traversal into a critical? - Bug bounty case study16:31How to turn a write-based path traversal into a critical? - Bug bounty case study
How to turn a write-based path traversal into a critical? - Bug bounty case studyBug Bounty Reports Explained
Просмотров 5 тыс.
Bug bounty: year 2 - 0days, a $20k bounty and… laziness - bounty vlog #514:08Bug bounty: year 2 - 0days, a $20k bounty and… laziness - bounty vlog #5
Bug bounty: year 2 - 0days, a $20k bounty and… laziness - bounty vlog #5Bug Bounty Reports Explained
Просмотров 22 тыс.
Billy Strings - Leadfoot (Official Music Video)03:38Billy Strings - Leadfoot (Official Music Video)
Billy Strings - Leadfoot (Official Music Video)Billy Strings
Просмотров 437 тыс.
Roman Reigns rocks the WWE Universe with SummerSlam return: SummerSlam 2024 highlights02:28Roman Reigns rocks the WWE Universe with SummerSlam return: SummerSlam 2024 highlights
Roman Reigns rocks the WWE Universe with SummerSlam return: SummerSlam 2024 highlightsWWE
Просмотров 3,7 млн
Bully Beatdown: The TV Show That Fought Your Bullies17:29Bully Beatdown: The TV Show That Fought Your Bullies
Bully Beatdown: The TV Show That Fought Your BulliesKurtis Conner
Просмотров 892 тыс.
Jordan Adetunji - KEHLANI REMIX (feat. Kehlani) [Official Video]03:32Jordan Adetunji - KEHLANI REMIX (feat. Kehlani) [Official Video]
Jordan Adetunji - KEHLANI REMIX (feat. Kehlani) [Official Video]Jordan Adetunji
Просмотров 1,4 млн
How to do account takeover? Case study of 146 bug bounty reports30:23How to do account takeover? Case study of 146 bug bounty reports
How to do account takeover? Case study of 146 bug bounty reportsBug Bounty Reports Explained
Просмотров 10 тыс.
Getting started in security research - Kevin Backhouse22:25Getting started in security research - Kevin Backhouse
Getting started in security research - Kevin BackhouseGitHub Education
Просмотров 8 тыс.
Why Agent Frameworks Will Fail (and what to use instead)19:21Why Agent Frameworks Will Fail (and what to use instead)
Why Agent Frameworks Will Fail (and what to use instead)Dave Ebbelaar
Просмотров 34 тыс.
Next Gen Hacker?43:03Next Gen Hacker?
Next Gen Hacker?David Bombal
Просмотров 232 тыс.
What functionalities are vulnerable to SSRFs? Case study of 124 bug bounty reports19:58What functionalities are vulnerable to SSRFs? Case study of 124 bug bounty reports
What functionalities are vulnerable to SSRFs? Case study of 124 bug bounty reportsBug Bounty Reports Explained
Просмотров 14 тыс.
How to turn SQL injection into an RCE or a file read? Case study of 128 bug bounty reports20:49How to turn SQL injection into an RCE or a file read? Case study of 128 bug bounty reports
How to turn SQL injection into an RCE or a file read? Case study of 128 bug bounty reportsBug Bounty Reports Explained
Просмотров 7 тыс.
IDOR - how to predict an identifier? Bug bounty case study23:55IDOR - how to predict an identifier? Bug bounty case study
IDOR - how to predict an identifier? Bug bounty case studyBug Bounty Reports Explained
Просмотров 13 тыс.
Easy $500 Vulnerabilities! // How To Bug Bounty13:19Easy $500 Vulnerabilities! // How To Bug Bounty
Easy $500 Vulnerabilities! // How To Bug BountyNahamSec
Просмотров 67 тыс.
I built a $5 chat app with Pocketbase & Svelte. Will it scale?13:34I built a $5 chat app with Pocketbase & Svelte. Will it scale?
I built a $5 chat app with Pocketbase & Svelte. Will it scale?Fireship
Просмотров 399 тыс.
Запомни эту хитрость! Паяльник из зажигалки00:13Запомни эту хитрость! Паяльник из зажигалки
Запомни эту хитрость! Паяльник из зажигалкиEngineer’s workshop
Просмотров 1,2 млн
Ура!наконец-то куплю новый Samsung!#хочуврек#котики#футажи#shorts Автор звука:@GORA933800:10Ура!наконец-то куплю новый Samsung!#хочуврек#котики#футажи#shorts Автор звука:@GORA9338
Ура!наконец-то куплю новый Samsung!#хочуврек#котики#футажи#shorts Автор звука:@GORA9338lev89k
Просмотров 2,8 млн
Как противодействовать FPV дронам44:34Как противодействовать FPV дронам
Как противодействовать FPV дронамСтратег Диванного Легиона
Просмотров 75 тыс.
КАКОЙ SAMSUNG КУПИТЬ В 2024 ГОДУ14:59КАКОЙ SAMSUNG КУПИТЬ В 2024 ГОДУ
КАКОЙ SAMSUNG КУПИТЬ В 2024 ГОДУThebox - о технике и гаджетах
Просмотров 59 тыс.
Looks very comfortable. #leddisplay #ledscreen #ledwall #eagerled00:19Looks very comfortable. #leddisplay #ledscreen #ledwall #eagerled
Looks very comfortable. #leddisplay #ledscreen #ledwall #eagerled LED Screen Factory-EagerLED
Просмотров 12 млн
Серьезные проблемы с CPU у Intel и AMD. Маркетинговая дичь от NVIDIA. Youtube замедлили. Что делать?21:05Серьезные проблемы с CPU у Intel и AMD. Маркетинговая дичь от NVIDIA. Youtube замедлили. Что делать?
Серьезные проблемы с CPU у Intel и AMD. Маркетинговая дичь от NVIDIA. Youtube замедлили. Что делать?PRO Hi-Tech
Просмотров 104 тыс.
Замедление YouTube: решение проблемы. Все известные способы05:06Замедление YouTube: решение проблемы. Все известные способы
Замедление YouTube: решение проблемы. Все известные способыTech Talk
Просмотров 238 тыс.
Хакер взломал компьютер с USB кабеля. Кевин Митник.00:58Хакер взломал компьютер с USB кабеля. Кевин Митник.
Хакер взломал компьютер с USB кабеля. Кевин Митник.Последний Оплот Безопасности
Просмотров 2,3 млн