#NahamCon2024

Поделиться
HTML-код
  • Опубликовано: 6 июн 2024
  • LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍
    For many hackers, changing the redirect_uri to an attacker-controlled host is the only attack they know. But in 2024 it won't work. We have to work harder - exploit and chain multiple smaller bugs together to get the account takeover. Those chains will be the topic of this talk.
    📚 If you want to learn bug bounty hunting from me: bugbounty.nahamsec.training
    💻 If you want to practice soem of my free labs and challenges: app.hacking.hub.io
    🔗 LINKS:
    📖 MY FAVORITE BOOKS:
    Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -amzn.to/3Re8Pa2
    Hacking APIs: Breaking Web Application Programming Interfaces - amzn.to/45g4bOr
    Black Hat GraphQL: Attacking Next Generation APIs - amzn.to/455F9l3
    🍿 WATCH NEXT:
    If I Started Bug Bounty Hunting in 2024, I'd Do this - • If I Started Bug Bount...
    2023 How to Bug Bounty - • How to Bug Bounty in 2023
    Bug Bounty Hunting Full Time - youtu.be/watch?v=ukb79vAgRiY
    Hacking An Online Casino - youtu.be/watch?v=2eIDxVrk4a8
    WebApp Pentesting/Hacking Roadmap - youtu.be/watch?v=doFo0I_KU0o
    MY OTHER SOCIALS:
    🌍 My website - www.nahamsec.com/
    👨‍💻 My free labs - app.hackinghub.io/
    🐦 Twitter - / nahamsec
    📸 Instagram - / nahamsec
    👨‍💻 Linkedin - / nahamsec
    WHO AM I?
    If we haven't met before, hey 👋! I'm Ben, most people online know me online as NahamSec. I'm a hacker turned content creator. Through my videos on this channel, I share my experience as a top hacker and bug bounty hunter to help you become a better and more efficient hacker.
    FYI: Some of the links I have in the description are affiliate links that I get a a percentage from.

Комментарии • 13

  • @ZarakKhanNiazi
    @ZarakKhanNiazi 19 дней назад +8

    BBRE guy is the only person who cares about eyesight of content consumers, he used large fonts which we can read easily

  • @KarahannAe
    @KarahannAe 9 дней назад +1

    18:24 if anyone else was also confused when he says POST-AUTH REDIRECT he is talking about after the Oauth dance is over, he doesnt mean POST based oauth flow.

  • @so3litude_
    @so3litude_ 19 дней назад +2

    Even though the state parameter is present in the request you should always check for CSRF I've found many targets vulnerable to this . Most of the people leave as soon as they see State parameter in the request. This happens because of misconfig in OUath flow where it doesen't validate the state parameter server side . It only checks if it is present or not.

    • @deporison
      @deporison 19 дней назад

      Also the login csrf is still possible because we still have the state and we can send it to the user

    • @BugBountyReportsExplained
      @BugBountyReportsExplained 19 дней назад +1

      very true! The presence doesn't mean it's checked

  • @MarkFoudy
    @MarkFoudy 19 дней назад

    Thanks Ben!

  • @user-mk3zz8zn9b
    @user-mk3zz8zn9b 10 дней назад

    this was nice

  • @heller64
    @heller64 19 дней назад

    most site now uses strict url validation on redirect_uri not even extra dot can be added btw thx greg

  • @bughunter9766
    @bughunter9766 19 дней назад

    Thanks Ben and Enjoooooooy 😊

    • @ZarakKhanNiazi
      @ZarakKhanNiazi 19 дней назад

      I love and enjoy hearing him say enjoy

    • @bughunter9766
      @bughunter9766 19 дней назад

      @@ZarakKhanNiazi All of us like it 😁✌️✌️✌️

  • @InfoSecIntel
    @InfoSecIntel 17 дней назад

    Hey brother can you add these to the playlist

  • @hamzabohra5083
    @hamzabohra5083 19 дней назад

    Second

Следующие
Автовоспроизведение
#NahamCon2024: Practical AI for Bounty Hunters | @jhaddix37:26#NahamCon2024: Practical AI for Bounty Hunters | @jhaddix
#NahamCon2024: Practical AI for Bounty Hunters | @jhaddixNahamSec
Просмотров 4,4 тыс.
#NahamCon2024: Modern WAF Bypass Techniques on Large Attack Surfaces33:56#NahamCon2024: Modern WAF Bypass Techniques on Large Attack Surfaces
#NahamCon2024: Modern WAF Bypass Techniques on Large Attack SurfacesNahamSec
Просмотров 11 тыс.
#NahamCon2024: GraphQL is the New PHP | @0xlupin26:17#NahamCon2024: GraphQL is the New PHP | @0xlupin
#NahamCon2024: GraphQL is the New PHP | @0xlupinNahamSec
Просмотров 4,8 тыс.
YIKES.... Acolyte Episode 532:49YIKES.... Acolyte Episode 5
YIKES.... Acolyte Episode 5The Stupendous Wave
Просмотров 112 тыс.
The Most BROKEN WEAPON in Shadow of the Erdtree - Elden Ring09:20The Most BROKEN WEAPON in Shadow of the Erdtree - Elden Ring
The Most BROKEN WEAPON in Shadow of the Erdtree - Elden RingOnlyWaifu
Просмотров 243 тыс.
Mario Hide & Seek BUT you can hide as Objects33:06Mario Hide & Seek BUT you can hide as Objects
Mario Hide & Seek BUT you can hide as ObjectsSmallAnt
Просмотров 906 тыс.
I Tricked MrBeast Into Giving Me $100,00037:37I Tricked MrBeast Into Giving Me $100,000
I Tricked MrBeast Into Giving Me $100,000Niko Omilana
Просмотров 3,8 млн
researcher accidentally finds 0-day affecting his entire internet service provider29:02researcher accidentally finds 0-day affecting his entire internet service provider
researcher accidentally finds 0-day affecting his entire internet service providerLow Level Learning
Просмотров 543 тыс.
What Makes A Great Developer27:12What Makes A Great Developer
What Makes A Great DeveloperThePrimeTime
Просмотров 146 тыс.
3 Levels of WiFi Hacking22:123 Levels of WiFi Hacking
3 Levels of WiFi HackingNetworkChuck
Просмотров 1,6 млн
Watch me hack a Wordpress website..28:52Watch me hack a Wordpress website..
Watch me hack a Wordpress website..Tech Raj
Просмотров 88 тыс.
Remotely Control Any PC with an image?!12:42Remotely Control Any PC with an image?!
Remotely Control Any PC with an image?!Loi Liang Yang
Просмотров 124 тыс.
Open Redirect Leading to OAuth Access Token Disclosure!15:36Open Redirect Leading to OAuth Access Token Disclosure!
Open Redirect Leading to OAuth Access Token Disclosure!Intigriti
Просмотров 12 тыс.
#NahamCon2024: Deep Dive Into AWS Instance Metadata | @congon4tor18:30#NahamCon2024: Deep Dive Into AWS Instance Metadata | @congon4tor
#NahamCon2024: Deep Dive Into AWS Instance Metadata | @congon4torNahamSec
Просмотров 1,4 тыс.
#NahamCon2024: The Art of Bypassing WAFs (with live demos!) | @Brumens21:08:48#NahamCon2024: The Art of Bypassing WAFs (with live demos!) | @Brumens2
#NahamCon2024: The Art of Bypassing WAFs (with live demos!) | @Brumens2NahamSec
Просмотров 4,1 тыс.
#NahamCon2024: Shodan & WAF Evasion Techniques | @godfatherOrwa20:30#NahamCon2024: Shodan & WAF Evasion Techniques | @godfatherOrwa
#NahamCon2024: Shodan & WAF Evasion Techniques | @godfatherOrwaNahamSec
Просмотров 7 тыс.
LISA - ROCKSTAR (MV Teaser)00:10LISA - ROCKSTAR (MV Teaser)
LISA - ROCKSTAR (MV Teaser)LLOUD Official
Просмотров 4,2 млн
МЕГАЯЩИКИ ОБНОВА! ПОЗЗИ vs ХОЛДИК БАТЛ12:50МЕГАЯЩИКИ ОБНОВА! ПОЗЗИ vs ХОЛДИК БАТЛ
МЕГАЯЩИКИ ОБНОВА! ПОЗЗИ vs ХОЛДИК БАТЛПоззи
Просмотров 463 тыс.
Трагедии в Севастополе и Дагестане - отец Андрей Ткачёв06:32Трагедии в Севастополе и Дагестане — отец Андрей Ткачёв
Трагедии в Севастополе и Дагестане - отец Андрей ТкачёвПротоиерей Андрей Ткачёв
Просмотров 243 тыс.
Вечный ДВИГАТЕЛЬ!⚙️ #shorts00:27Вечный ДВИГАТЕЛЬ!⚙️ #shorts
Вечный ДВИГАТЕЛЬ!⚙️ #shortsГараж 54
Просмотров 2,1 млн
Il pourrait encore jouer 🤩00:23Il pourrait encore jouer 🤩
Il pourrait encore jouer 🤩Val Lienard
Просмотров 2,3 млн
РЕД ФЛАГ: предательство подруг, преследование, абьюз от парней // МИЛАНА НЕКРАСОВА16:17РЕД ФЛАГ: предательство подруг, преследование, абьюз от парней // МИЛАНА НЕКРАСОВА
РЕД ФЛАГ: предательство подруг, преследование, абьюз от парней // МИЛАНА НЕКРАСОВАМилана Некрасова
Просмотров 159 тыс.
ДЕВУШКА ПОЛЗАЛА ПО КВАРТИРЕ А РЯДОМ СТОЯЛ ЕЁ 6 ЛЕТНИЙ СЫН. Исполнили мечту.20:17ДЕВУШКА ПОЛЗАЛА ПО КВАРТИРЕ А РЯДОМ СТОЯЛ ЕЁ 6 ЛЕТНИЙ СЫН. Исполнили мечту.
ДЕВУШКА ПОЛЗАЛА ПО КВАРТИРЕ А РЯДОМ СТОЯЛ ЕЁ 6 ЛЕТНИЙ СЫН. Исполнили мечту.ВАСЯ НА СЕНЕ
Просмотров 571 тыс.
1$ vs 500$ ВИРТУАЛЬНАЯ РЕАЛЬНОСТЬ !23:201$ vs 500$ ВИРТУАЛЬНАЯ РЕАЛЬНОСТЬ !
1$ vs 500$ ВИРТУАЛЬНАЯ РЕАЛЬНОСТЬ !GoldenBurst
Просмотров 833 тыс.