Android App Bug Bounty Secrets
5,093Sergey Toshin tells us the story of how he became a top Android bug hunter and how he finds critical vulnerabilities. He also shows us a really cool vulnerability found in the Google Android Snapseed app. I didn't know this crazy attack vector exists!
Start Android Bug Hunting Here! Google App Scan Results: https://bughunters.google.com/report/targets/290590452
Google Mobile VRP: https://bughunters.google.com/about/rules/6618732618186752/google-mobile-vulnerability-reward-program-rules
Oversecured Blog: https://blog.oversecured.com/
Verify the output of tools: https://bughunters.google.com/learn/improving-your-reports/avoiding-mistakes/5981856648134656/verify-the-output-of-the-tools
More Bug Bounty Videos: https://www.youtube.com/playlist?list=PLhixgUqwRTjxKYsPTegCyL5adZaq5eILt
More Mobile Security: https://www.youtube.com/playlist?list=PLhixgUqwRTjxHFDl0OykeqZ-VvnClfDpT
Chapters:
00:00 - Intro
00:57 - Meet Sergey Toshin (Oversecured)
02:51 - How Oversecured Started
04:42 - Verify The Output of Tools!
07:17 - First Look at Vulnerability
09:58 - 1. Explained: Android Intents
11:25 - 2. Explained: Content Providers
12:51 - 3. Explained: App Permissions
13:34 - Exploit Walkthrough
16:17 - Proof of Concept and Report
17:15 - Android VRP Rewards
18:32 - Start Hunting for Bugs in Google Apps!
=[ β€οΈ Support ]=
β per Video: https://www.patreon.com/join/liveoverflow
β per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
=[ π Social ]=
β Twitter: https://twitter.com/LiveOverflow/
β Instagram: https://instagram.com/LiveOverflow/
β Blog: https://liveoverflow.com/
β Subreddit: https://www.reddit.com/r/LiveOverflow/
β Facebook: https://www.facebook.com/LiveOverflow/
Other Videos By LiveOverflow
| 2024-01-22 | Finding The .webp Vulnerability in 8s (Fuzzing with AFL++) |
| 2023-12-21 | A Vulnerability to Hack The World - CVE-2023-4863 |
| 2023-11-20 | Reinventing Web Security |
| 2023-10-17 | The Circle of Unfixable Security Issues |
| 2023-10-05 | Binary Exploitation vs. Web Security |
| 2023-09-19 | Hacker Tweets Explained |
| 2023-08-29 | Zenbleed (CVE-2023-20593) |
| 2023-08-18 | The Discovery of Zenbleed ft. Tavis Ormandy |
| 2023-08-01 | Asking Android Developers About Security at Droidcon Berlin |
| 2023-07-22 | Local Root Exploit in HospitalRun Software |
| 2023-07-13 | Android App Bug Bounty Secrets |
| 2023-07-03 | Generic HTML Sanitizer Bypass Investigation |
| 2023-06-22 | Hacking Google Cloud? |
| 2023-06-11 | Trying to Find a Bug in WordPress |
| 2023-05-31 | Authentication Bypass Using Root Array |
| 2023-05-22 | My YouTube Financials - The Future of LiveOverflow |
| 2023-05-11 | Defending LLM - Prompt Injection |
| 2023-04-27 | Accidental LLM Backdoor - Prompt Tricks |
| 2023-04-14 | Attacking LLM - Prompt Injection |
| 2023-04-01 | Our Future As Hackers Is At Stake! |
| 2023-03-29 | Cyber Security Challenge Germany (2023) |