One misbound identity. One exposed internal path. Two routes to total compromise. In this season finale of Hacked & Secured: Pentest Exploits & Mitigations, we break down two real-world findings that show how small trust assumptions can unravel entire systems: nOAuth (SSO account misbinding) — Multi-tenant SSO auto-linked accounts by email instead of a stable subject/issuer identifier. With a crafted identity on a controlled domain, an attacker could land a valid session as another us...
All content for Hacked & Secured: Pentest Exploits & Mitigations is the property of Amin Malekpour and is served directly from their servers
with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.
One misbound identity. One exposed internal path. Two routes to total compromise. In this season finale of Hacked & Secured: Pentest Exploits & Mitigations, we break down two real-world findings that show how small trust assumptions can unravel entire systems: nOAuth (SSO account misbinding) — Multi-tenant SSO auto-linked accounts by email instead of a stable subject/issuer identifier. With a crafted identity on a controlled domain, an attacker could land a valid session as another us...
What if you could take over an account—not by cracking a password, but by chaining two overlooked vulnerabilities? What if a single CSRF exploit let attackers reset security questions and hijack accounts? And what if manipulating an authorization token could escalate privileges? In this episode of Hacked & Secured: Pentest Exploits & Mitigations, we break down three real-world pentest findings that prove creative exploitation turns small flaws into critical security risks: Chaining ID...
Hacked & Secured: Pentest Exploits & Mitigations
One misbound identity. One exposed internal path. Two routes to total compromise. In this season finale of Hacked & Secured: Pentest Exploits & Mitigations, we break down two real-world findings that show how small trust assumptions can unravel entire systems: nOAuth (SSO account misbinding) — Multi-tenant SSO auto-linked accounts by email instead of a stable subject/issuer identifier. With a crafted identity on a controlled domain, an attacker could land a valid session as another us...
