One misbound identity. One exposed internal path. Two routes to total compromise. In this season finale of Hacked & Secured: Pentest Exploits & Mitigations, we break down two real-world findings that show how small trust assumptions can unravel entire systems: nOAuth (SSO account misbinding) — Multi-tenant SSO auto-linked accounts by email instead of a stable subject/issuer identifier. With a crafted identity on a controlled domain, an attacker could land a valid session as another us...
All content for Hacked & Secured: Pentest Exploits & Mitigations is the property of Amin Malekpour and is served directly from their servers
with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.
One misbound identity. One exposed internal path. Two routes to total compromise. In this season finale of Hacked & Secured: Pentest Exploits & Mitigations, we break down two real-world findings that show how small trust assumptions can unravel entire systems: nOAuth (SSO account misbinding) — Multi-tenant SSO auto-linked accounts by email instead of a stable subject/issuer identifier. With a crafted identity on a controlled domain, an attacker could land a valid session as another us...
Ep. 4 – Exposed Secrets & Silent Takeovers: How Misconfigurations Open the Door to Attackers
Hacked & Secured: Pentest Exploits & Mitigations
21 minutes
8 months ago
Ep. 4 – Exposed Secrets & Silent Takeovers: How Misconfigurations Open the Door to Attackers
Exposed secrets, overlooked permissions, and credentials hiding in plain sight—each one leading to a critical breach. In this episode, we break down three real-world pentest findings where a forgotten file, a misconfigured setting, and a leaked credential gave attackers full control. How did they happen? How can you find similar issues? And what can be done to stop them? Listen now to learn how attackers exploit these mistakes—and how you can prevent them. Want your pentest discovery featured...
Hacked & Secured: Pentest Exploits & Mitigations
One misbound identity. One exposed internal path. Two routes to total compromise. In this season finale of Hacked & Secured: Pentest Exploits & Mitigations, we break down two real-world findings that show how small trust assumptions can unravel entire systems: nOAuth (SSO account misbinding) — Multi-tenant SSO auto-linked accounts by email instead of a stable subject/issuer identifier. With a crafted identity on a controlled domain, an attacker could land a valid session as another us...
