LiveOverflow | Android App Bug Bounty Secrets @LiveOverflow | Uploaded 1 year ago | Updated 2 hours ago
Sergey Toshin tells us the story of how he became a top Android bug hunter and how he finds critical vulnerabilities. He also shows us a really cool vulnerability found in the Google Android Snapseed app. I didn't know this crazy attack vector exists!
Start Android Bug Hunting Here! Google App Scan Results: bughunters.google.com/report/targets/290590452
Google Mobile VRP: bughunters.google.com/about/rules/6618732618186752/google-mobile-vulnerability-reward-program-rules
Oversecured Blog: blog.oversecured.com
Verify the output of tools: bughunters.google.com/learn/improving-your-reports/avoiding-mistakes/5981856648134656/verify-the-output-of-the-tools
More Bug Bounty Videos: youtube.com/playlist?list=PLhixgUqwRTjxKYsPTegCyL5adZaq5eILt
More Mobile Security: youtube.com/playlist?list=PLhixgUqwRTjxHFDl0OykeqZ-VvnClfDpT
Chapters:
00:00 - Intro
00:57 - Meet Sergey Toshin (Oversecured)
02:51 - How Oversecured Started
04:42 - Verify The Output of Tools!
07:17 - First Look at Vulnerability
09:58 - 1. Explained: Android Intents
11:25 - 2. Explained: Content Providers
12:51 - 3. Explained: App Permissions
13:34 - Exploit Walkthrough
16:17 - Proof of Concept and Report
17:15 - Android VRP Rewards
18:32 - Start Hunting for Bugs in Google Apps!
=[ ❤️ Support ]=
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
=[ 🐕 Social ]=
→ Twitter: twitter.com/LiveOverflow
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
Sergey Toshin tells us the story of how he became a top Android bug hunter and how he finds critical vulnerabilities. He also shows us a really cool vulnerability found in the Google Android Snapseed app. I didn't know this crazy attack vector exists!
Start Android Bug Hunting Here! Google App Scan Results: bughunters.google.com/report/targets/290590452
Google Mobile VRP: bughunters.google.com/about/rules/6618732618186752/google-mobile-vulnerability-reward-program-rules
Oversecured Blog: blog.oversecured.com
Verify the output of tools: bughunters.google.com/learn/improving-your-reports/avoiding-mistakes/5981856648134656/verify-the-output-of-the-tools
More Bug Bounty Videos: youtube.com/playlist?list=PLhixgUqwRTjxKYsPTegCyL5adZaq5eILt
More Mobile Security: youtube.com/playlist?list=PLhixgUqwRTjxHFDl0OykeqZ-VvnClfDpT
Chapters:
00:00 - Intro
00:57 - Meet Sergey Toshin (Oversecured)
02:51 - How Oversecured Started
04:42 - Verify The Output of Tools!
07:17 - First Look at Vulnerability
09:58 - 1. Explained: Android Intents
11:25 - 2. Explained: Content Providers
12:51 - 3. Explained: App Permissions
13:34 - Exploit Walkthrough
16:17 - Proof of Concept and Report
17:15 - Android VRP Rewards
18:32 - Start Hunting for Bugs in Google Apps!
=[ ❤️ Support ]=
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
=[ 🐕 Social ]=
→ Twitter: twitter.com/LiveOverflow
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
