Save 40% on Coursera Plus Annual

Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Hacia Dos ATO: Eslabón por Eslabón - Casos de Account Takeover en Seguridad Web

Ekoparty Security Conference via YouTube

Start learning Write review
GetSmarter Ad

AI Adoption - Drive Business Value and Organizational Impact

Learn More Datacamp Ad

Power BI Fundamentals - Create visualizations and dashboards from scratch

Learn More

Overview

Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Explore a detailed conference talk from Ekoparty Security Conference that demonstrates two successful high-severity Account Takeover (ATO) attacks achieved through vulnerability chaining. Learn about the first case involving SSO misconfiguration exploitation combined with an out-of-scope XSS vulnerability and Facebook API functionality to execute a user-interaction ATO in a web services company. Discover the second case that leverages password change function misconfiguration and UUID normalization after password recovery to achieve an ATO in a chat integration company. Follow along step-by-step through each bug discovery process, examining the collected clues and understanding how combining multiple vulnerabilities created greater impact than individual exploits. Gain insights from real triager interactions and bug report experiences shared by security researcher Benjamín "bronxi" Muñoz at Ekoparty 2024.

Syllabus

Hacia dos ATO: Eslabón por eslabón - Benjamín "bronxi" Muñoz - Ekoparty 2024

Taught by

Ekoparty Security Conference

Reviews

Start your review of Hacia Dos ATO: Eslabón por Eslabón - Casos de Account Takeover en Seguridad Web

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.