AI-Powered Bug Hunting • Ben Sadeghipour @NahamSec • GOTO 2024
GOTO Conferences
@goto-About
GOTO gathers the brightest minds in the software community to help developers tackle projects today, plan for tomorrow and create a better future. Learn from thought leaders and innovators with top-rated videos released daily, and at our year-round conferences, masterclasses and meetups. GOTO offers attractive sponsorship opportunities for partner companies. Reach out for limited offerings: [email protected] GOTO YouTube Channel Code of Conduct: https://blog.gotocon.com/yt-coc
Video Description
This presentation was recorded at GOTO Chicago 2024. #GOTOcon #GOTOchgo https://gotochgo.com Ben Sadeghipour - Hacker & Content Creator @NahamSec RESOURCES https://twitter.com/nahamsec https://www.linkedin.com/in/nahamsec https://github.com/nahamsec https://www.twitch.tv/nahamsec https://www.instagram.com/nahamsec https://nahamsec.com ABSTRACT This session will give you a glimpse into the world offensive security and ethical hacking, using real-world examples from bug bounty hunting. We will explore critical vulnerabilities in modern web applications that threaten a company infrastructure or attacks the company by leveraging customer PII. Additionally, we’ll discuss how AI can serve as a valuable companion in the hacking process, helping to generate ideas and solutions for identifying and addressing security flaws effectively. [...] TIMECODES 00:00 Intro 02:12 What's a bug bounty? 03:15 $1M since 2022 03:52 Easier with AI 06:09 Applied AI for bug bounties 06:33 Asset discovery 08:30 Hacking NASA 14:03 Insecure direct object reference 15:46 Unauthenticated access to the API leaks user PIl 19:40 IIS short name enumeration 26:38 In collaboration with Shubs & Rens 32:08 Demo 34:13 Final thoughts 34:41 Outro Read the full abstract here: https://gotochgo.com/2024/sessions/3365 RECOMMENDED BOOKS Peter Yaworski • Real-World Bug Hunting • https://amzn.to/3Y0368p Vickie Li • Bug Bounty Bootcam • https://amzn.to/3IAExdE Carlos A. Lozano & Shahmeer Amir • Bug Bounty Hunting Essential • https://amzn.to/3XIx2Wo Sanjib Sinha • Bug Bounty Hunting for Web Security • https://amzn.to/3YO44Wu Jim Manico & August Detlefsen • Iron-Clad Java • https://amzn.to/3qGqwBw Liz Rice • Container Security • https://amzn.to/3oU4iJe Aaron Parecki • OAuth 2.0 Simplified • https://amzn.to/2A3IMOf https://bsky.app/profile/gotocon.com https://twitter.com/GOTOcon https://www.linkedin.com/company/goto- https://www.instagram.com/goto_con https://www.facebook.com/GOTOConferences #Hacker #Hacking #Hack #WhiteHat #WhiteHatHacker #Security #Cybersecurity #CybersecurityTutorial #WebSecurity #EthicalHacking #Vulnerability #HackerOne #BenSadeghipour #BugBounty #BugBountyTips #HackerOneElite #CTF CHANNEL MEMBERSHIP BONUS Join this channel to get early access to videos & other perks: https://www.youtube.com/channel/UCs_tLP3AiwYKwdUHpltJPuA/join Looking for a unique learning experience? Attend the next GOTO conference near you! Get your ticket at https://gotopia.tech Sign up for updates and specials at https://gotopia.tech/newsletter SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily. https://www.youtube.com/user/GotoConferences/?sub_confirmation=1
AI Bug Hunting Essentials
AI-recommended products based on this video
BrosTrend Linux USB WiFi Adapter 1200Mbps Supports Ubuntu, Mint, Debian, Kubuntu, Mate, Zorin, PureOS, Raspberry Pi 2+, Windows 11/10, USB3.0 Wireless Dual Band Wi-Fi 5GHz/867Mbps + 2.4GHz/300Mbps
BrosTrend 1800Mbps WiFi 6 Linux WiFi Adapter for PC and Raspberry Pi 2+, Long Range USB WiFi Dongle Linux for Ubuntu, Mint, Debian, Kubuntu, Lubuntu, Zorin, Windows 11/10, Dual Band Wireless Antenna
MeLE Quieter DL Mini PC Windows 11 Home, N100 4GB 128GB, 2.5G Dual LAN,IoT Industrial Desktop Computer Support Windows 10 11 Linux Ubuntu Debian 4K Triple Display, Dual HDMI, All-in-One USB-C
