AI-Powered Bug Hunting • Ben Sadeghipour @NahamSec • GOTO 2024

Thumbnail
Channel
GOTO Conferences

This presentation was recorded at GOTO Chicago 2024. #GOTOcon #GOTOchgo
https://gotochgo.com

Ben Sadeghipour - Hacker & Content Creator @NahamSec

RESOURCES
https://twitter.com/nahamsec
https://www.linkedin.com/in/nahamsec
https://github.com/nahamsec
https://www.twitch.tv/nahamsec
https://www.instagram.com/nahamsec
https://nahamsec.com

ABSTRACT
This session will give you a glimpse into the world offensive security and ethical hacking, using real-world examples from bug bounty hunting. We will explore critical vulnerabilities in modern web applications that threaten a company infrastructure or attacks the company by leveraging customer PII.

Additionally, we’ll discuss how AI can serve as a valuable companion in the hacking process, helping to generate ideas and solutions for identifying and addressing security flaws effectively. [...]

TIMECODES
00:00 Intro
02:12 What's a bug bounty?
03:15 $1M since 2022
03:52 Easier with AI
06:09 Applied AI for bug bounties
06:33 Asset discovery
08:30 Hacking NASA
14:03 Insecure direct object reference
15:46 Unauthenticated access to the API leaks user PIl
19:40 IIS short name enumeration
26:38 In collaboration with Shubs & Rens
32:08 Demo
34:13 Final thoughts
34:41 Outro

Read the full abstract here:
https://gotochgo.com/2024/sessions/3365

RECOMMENDED BOOKS
Peter Yaworski • Real-World Bug Hunting • https://amzn.to/3Y0368p
Vickie Li • Bug Bounty Bootcam • https://amzn.to/3IAExdE
Carlos A. Lozano & Shahmeer Amir • Bug Bounty Hunting Essential • https://amzn.to/3XIx2Wo
Sanjib Sinha • Bug Bounty Hunting for Web Security • https://amzn.to/3YO44Wu
Jim Manico & August Detlefsen • Iron-Clad Java • https://amzn.to/3qGqwBw
Liz Rice • Container Security • https://amzn.to/3oU4iJe
Aaron Parecki • OAuth 2.0 Simplified • https://amzn.to/2A3IMOf

https://bsky.app/profile/gotocon.com
https://twitter.com/GOTOcon
https://www.linkedin.com/company/goto-
https://www.instagram.com/goto_con
https://www.facebook.com/GOTOConferences
#Hacker #Hacking #Hack #WhiteHat #WhiteHatHacker #Security #Cybersecurity #CybersecurityTutorial #WebSecurity #EthicalHacking #Vulnerability #HackerOne #BenSadeghipour #BugBounty #BugBountyTips #HackerOneElite #CTF

CHANNEL MEMBERSHIP BONUS
Join this channel to get early access to videos & other perks:
https://www.youtube.com/channel/UCs_tLP3AiwYKwdUHpltJPuA/join

Looking for a unique learning experience?
Attend the next GOTO conference near you! Get your ticket at https://gotopia.tech
Sign up for updates and specials at https://gotopia.tech/newsletter

SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily.
https://www.youtube.com/user/GotoConferences/?sub_confirmation=1

Watch on YouTube
https://www.youtube.com/watch?v=lCZtgN7b4TE