Episode 3: H1-407 Event Madness & Takeaways Part 1
Critical Thinking - Bug Bounty Podcast
00:00
I've Got a List of Things to Hack and I'll Just Like Write It on the List. Dot TXT.
Dot TXT: I wanted to shout out a blog post from Franz Rosen in the Kinko FOMO. It's about S3 bucket authorization paths and stuff like that. He'll make a blog post and be like, yeah, so for the last five years, I've been exploiting every company that you think this. And then you just didn't do it. So definitely be on the lookout for any time you're seeing an application handing off data via signed URLs to S3,. You know, fuzz that endpoint very thoroughly play around with all the logic.
Transcript
Play full episode
