AI-Powered Bug Hunting • Ben Sadeghipour @NahamSec • GOTO 2024

This presentation was recorded at GOTO Chicago 2024. #GOTOcon #GOTOchgo https://gotochgo.com Ben Sadeghipour - Hacker & Content Creator @NahamSec RESOURCES https://twitter.com/nahamsec https://www.linkedin.com/in/nahamsec https://github.com/nahamsec https://www.twitch.tv/nahamsec https://www.instagram.com/nahamsec https://nahamsec.com ABSTRACT This session will give you a glimpse into the world offensive security and ethical hacking, using real-world examples from bug bounty hunting. We will explore critical vulnerabilities in modern web applications that threaten a company infrastructure or attacks the company by leveraging customer PII. Additionally, we’ll discuss how AI can serve as a valuable companion in the hacking process, helping to generate ideas and solutions for identifying and addressing security flaws effectively. [...] TIMECODES 00:00 Intro 02:12 What's a bug bounty? 03:15 $1M since 2022 03:52 Easier with AI 06:09 Applied AI for bug bounties 06:33 Asset discovery 08:30 Hacking NASA 14:03 Insecure direct object reference 15:46 Unauthenticated access to the API leaks user PIl 19:40 IIS short name enumeration 26:38 In collaboration with Shubs & Rens 32:08 Demo 34:13 Final thoughts 34:41 Outro Read the full abstract here: https://gotochgo.com/2024/sessions/3365 RECOMMENDED BOOKS Peter Yaworski • Real-World Bug Hunting • https://amzn.to/3Y0368p Vickie Li • Bug Bounty Bootcam • https://amzn.to/3IAExdE Carlos A. Lozano & Shahmeer Amir • Bug Bounty Hunting Essential • https://amzn.to/3XIx2Wo Sanjib Sinha • Bug Bounty Hunting for Web Security • https://amzn.to/3YO44Wu Jim Manico & August Detlefsen • Iron-Clad Java • https://amzn.to/3qGqwBw Liz Rice • Container Security • https://amzn.to/3oU4iJe Aaron Parecki • OAuth 2.0 Simplified • https://amzn.to/2A3IMOf https://bsky.app/profile/gotocon.com https://twitter.com/GOTOcon https://www.linkedin.com/company/goto- https://www.instagram.com/goto_con https://www.facebook.com/GOTOConferences #Hacker #Hacking #Hack #WhiteHat #WhiteHatHacker #Security #Cybersecurity #CybersecurityTutorial #WebSecurity #EthicalHacking #Vulnerability #HackerOne #BenSadeghipour #BugBounty #BugBountyTips #HackerOneElite #CTF CHANNEL MEMBERSHIP BONUS Join this channel to get early access to videos & other perks: https://www.youtube.com/channel/UCs_tLP3AiwYKwdUHpltJPuA/join Looking for a unique learning experience? Attend the next GOTO conference near you! Get your ticket at https://gotopia.tech Sign up for updates and specials at https://gotopia.tech/newsletter SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily. https://www.youtube.com/user/GotoConferences/?sub_confirmation=1