This presentation was recorded at GOTO Chicago 2024. #GOTOcon #GOTOchgo Ben Sadeghipour - Hacker & Content Creator @NahamSec RESOURCES ABSTRACT This session will give you a glimpse into the world offensive security and ethical hacking, using real-world examples from bug bounty hunting. We will explore critical vulnerabilities in modern web applications that threaten a company infrastructure or attacks the company by leveraging customer PII. Additionally, we’ll discuss how AI can serve as a valuable companion in the hacking process, helping to generate ideas and solutions for identifying and addressing security flaws effectively. [...] TIMECODES 00:00 Intro 02:12 What's a bug bounty? 03:15 $1M since 2022 03:52 Easier with AI 06:09 Applied AI for bug bounties 06:33 Asset discovery 08:30 Hacking NASA 14:03 Insecure direct object reference 15:46 Unauthenticated access to the API leaks user PIl 19:40 IIS short name enumeration 26:38 In collaboration with Shubs & Rens 32:08 Demo 34:13 Final thoughts 34:41 Outro Read the full abstract here: RECOMMENDED BOOKS Peter Yaworski • Real-World Bug Hunting • Vickie Li • Bug Bounty Bootcam • Carlos A. Lozano & Shahmeer Amir • Bug Bounty Hunting Essential • Sanjib Sinha • Bug Bounty Hunting for Web Security • Jim Manico & August Detlefsen • Iron-Clad Java • Liz Rice • Container Security • Aaron Parecki • OAuth 2.0 Simplified • #Hacker #Hacking #Hack #WhiteHat #WhiteHatHacker #Security #Cybersecurity #CybersecurityTutorial #WebSecurity #EthicalHacking #Vulnerability #HackerOne #BenSadeghipour #BugBounty #BugBountyTips #HackerOneElite #CTF CHANNEL MEMBERSHIP BONUS Join this channel to get early access to videos & other perks: Looking for a unique learning experience? Attend the next GOTO conference near you! Get your ticket at Sign up for updates and specials at SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily.