YoVDO

Beyond the Borders of Scope

Offered By: HackerOne via YouTube

Tags

H@cktivitycon Courses Cybersecurity Courses Remote Code Execution (RCE) Courses

Course Description

Overview

Explore advanced bug bounty techniques focusing on out-of-scope asset reconnaissance in this 16-minute conference talk from h@cktivitycon 2020. Learn how to leverage unconventional recon methods to uncover vulnerabilities in core applications without directly hacking out-of-scope assets. Discover Jr0ch17's proven strategies for finding unique bugs, including reflected XSS, RCE, and information disclosure. Gain insights into approaching new targets, identifying site builders, chaining vulnerabilities, and exploiting various platforms like AEM, Slack, and Jenkins. Enhance your bug hunting skills and increase your chances of discovering high-impact, non-duplicate vulnerabilities in bug bounty programs.

Syllabus

Intro
Who am I
Outline
Disclaimer
Approaching a new target
Who built the site
Chaining vulnerabilities
AEM
Target Apps
Slack
Scope
Useruid Leak
Privilege Escalation
Admin Endpoint
Intel Jenkins
Outro


Taught by

HackerOne

Related Courses

Bug Bounty In Hindi
YouTube
CVE Series: Confluence RCE (CVE-2022-26134)
Cybrary
Achieving Linux Kernel Code Execution Through a Malicious USB Device
Black Hat via YouTube
Towards Discovering Remote Code Execution Vulnerabilities in Apple FaceTime
Black Hat via YouTube
Browser Hacking With ANGLE
Hack In The Box Security Conference via YouTube