AI Powered Bug Hunting • Ben Sadeghipour @NahamSec • YOW! 2024
About this talk
This presentation was recorded at YOW! Australia 2024. #GOTOcon #YOW https://yowcon.com Ben Sadeghipour - Hacker & Content Creator @NahamSec RESOURCES https://twitter.com/nahamsec https://www.linkedin.com/in/nahamsec https://github.com/nahamsec https://www.twitch.tv/nahamsec https://www.instagram.com/nahamsec https://nahamsec.com ABSTRACT This session will give you a glimpse into the world offensive security and ethical hacking, using real-world examples from bug bounty hunting. We will explore critical vulnerabilities in modern web applications that threaten a company infrastructure or attacks the company by leveraging customer PII. Additionally, we’ll discuss how AI can serve as a valuable companion in the hacking process, helping to generate ideas and solutions for identifying and addressing security flaws effectively. [...] TIMECODES 00:00 Intro 02:07 What's a bug bounty? 03:11 $1M since 2022 04:06 Easier with AI 06:21 Applied AI for bug bounties 08:16 Asset discovery 09:55 Hacking NASA 16:33 Insecure direct object reference 18:59 Unauthenticated access to the API leaks user PIl 23:11 IIS short name enumeration 31:53 Zip slip 37:20 Demo 39:20 Final thoughts 41:35 Outro Read the full abstract here: https://yowcon.com/brisbane-2024/sessions/3546 RECOMMENDED BOOKS Peter Yaworski • Real-World Bug Hunting • https://amzn.to/3Y0368p Vickie Li • Bug Bounty Bootcam • https://amzn.to/3IAExdE Carlos A. Lozano & Shahmeer Amir • Bug Bounty Hunting Essential • https://amzn.to/3XIx2Wo Sanjib Sinha • Bug Bounty Hunting for Web Security • https://amzn.to/3YO44Wu Jim Manico & August Detlefsen • Iron-Clad Java • https://amzn.to/3qGqwBw Liz Rice • Container Security • https://amzn.to/3oU4iJe Aaron Parecki • OAuth 2.0 Simplified • https://amzn.to/2A3IMOf https://bsky.app/profile/gotocon.com https://twitter.com/GOTOcon https://www.linkedin.com/company/goto- https://www.instagram.com/goto_con https://www.facebook.com/GOTOConferences #Hacker #Hacking #Hack #WhiteHat #WhiteHatHacker #Security #Cybersecurity #CybersecurityTutorial #WebSecurity #EthicalHacking #Vulnerability #HackerOne #BenSadeghipour #BugBounty #BugBountyTips #HackerOneElite #ZipSlip #CTF #YOWcon CHANNEL MEMBERSHIP BONUS Join this channel to get early access to videos & other perks: https://www.youtube.com/channel/UCs_tLP3AiwYKwdUHpltJPuA/join Looking for a unique learning experience? Attend the next GOTO conference near you! Get your ticket at https://gotopia.tech Sign up for updates and specials at https://gotopia.tech/newsletter SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily. https://www.youtube.com/user/GotoConferences/?sub_confirmation=1
Topics covered
Stay Updated
Get notified about new features and conference additions.
