Hacked & Secured: Pentest Exploits & Mitigations

One misbound identity. One exposed internal path. Two routes to total compromise.In this season finale of Hacked & Secured: Pentest Exploits & Mitigations, we break down two real-world findings that show how small trust assumptions can unravel entire systems:nOAuth (SSO account misbinding) — Multi-tenant SSO auto-linked accounts by email instead of a stable subject/issuer identifier. With a crafted identity on a controlled domain, an attacker could land a valid session as another user. From wall socket to Domain Admin — No NAC on the switch enabled quiet network access, followed by username harvesting and a light password spray to a low-priv account. From there: AD enumeration, weak service credentials, and abuse of certificate services to escalate to Domain Admin.What you’ll learn: how identity claims should be bound in modern SSO, how to harden join and mapping flows, and a practical checklist to shut down common internal escalation paths (NAC, credential hygiene, service principals, AD CS, and monitoring).Chapters:00:00 - INTRO01:27 - FINDING #1 - nOAuth: the email you shouldn’t have trusted07:22 - FINDING #2 - From one wall socket to Domain Admin13:43 - OUTROWant your pentest discovery featured? Submit your creative findings through the Google Form in the episode description, and we might showcase your finding in an upcoming episode!🌍 Follow & Connect → LinkedIn, YouTube, Twitter, Instagram 📩 Submit Your Pentest Findings → https://forms.gle/7pPwjdaWnGYpQcA6A 📧 Feedback? Email Us → [email protected] 🔗 Podcast Website → Website Link

A few microseconds. One silent browser session. That’s all it took for attackers to break into systems without tripping a single alert.In this episode of Hacked & Secured: Pentest Exploits & Mitigations, we explore two subtle but devastating flaws:🔹 Timing Attacks for Token Leaks – By measuring microsecond delays, attackers were able to recover secrets, without seeing them in responses.🔹 OAuth Hijack via Mobile App Flows – A crafted app abused in-app browser sessions and custom URL schemes to silently steal valid login tokens from users on iOS.These aren’t theoretical bugs—they were found in the wild and affect real apps. If you build or test auth systems, this episode is for you.Chapters:00:00 - INTRO01:11 - FINDING #1 - Timing Leaks That Speak Volumes06:56 - FINDING #2 - Hijacking Mobile OAuth with One Silent Redirect13:06 - OUTROWant your pentest discovery featured? Submit your creative findings through the Google Form in the episode description, and we might showcase your finding in an upcoming episode!🌍 Follow & Connect → LinkedIn, YouTube, Twitter, Instagram 📩 Submit Your Pentest Findings → https://forms.gle/7pPwjdaWnGYpQcA6A 📧 Feedback? Email Us → [email protected] 🔗 Podcast Website → Website Link

One flawed password reset. One shared session token. One dangerous object.In Episode 11 of Hacked & Secured: Pentest Exploits & Mitigations, we break down three real-world vulnerabilities where trust between systems and users broke down—with serious consequences.Account Takeover via Forgot Password – A predictable ID and exposed tokens let attackers reset passwords without access to email.Session Hijack in OTP Login – A logic flaw in how login tokens were handled allowed full account access with just a user ID.Remote Code Execution via Java Deserialization – A community-contributed finding where an exposed service deserialized untrusted input, leading to code execution.These aren’t complex chains. They’re common mistakes with big impact—and important lessons for developers, security teams, and testers.Chapters:00:00 - INTRO00:59 - FINDING #1 - Account Takeover via Forgot Password06:26 - FINDING #2 - Shared Session Token in SMS Login Flow10:39 - FINDING #3 - Java Deserialisation to Remote Code Execution16:13 - OUTROWant your pentest discovery featured? Submit your creative findings through the Google Form in the episode description, and we might showcase your finding in an upcoming episode!🌍 Follow & Connect → LinkedIn, YouTube, Twitter, Instagram 📩 Submit Your Pentest Findings → https://forms.gle/7pPwjdaWnGYpQcA6A 📧 Feedback? Email Us → [email protected] 🔗 Podcast Website → Website Link

One cookie set on a subdomain triggered XSS and stole session tokens. One fake image upload gave the attacker a reverse shell.This episode breaks down two powerful exploits—a cookie-based XSS that bypassed frontend protections, and an RCE through Ghostscript triggered by a disguised PostScript file.Learn how subtle misconfigurations turned everyday features into full account and server compromise.Chapters:00:00 - INTRO01:08 - FINDING #1 - Cookie-Controlled XSS12:19 - FINDING #2 - Image Upload to RCE via Ghostscript19:03 - OUTROWant your pentest discovery featured? Submit your creative findings through the Google Form in the episode description, and we might showcase your finding in an upcoming episode!🌍 Follow & Connect → LinkedIn, YouTube, Twitter, Instagram 📩 Submit Your Pentest Findings → https://forms.gle/7pPwjdaWnGYpQcA6A 📧 Feedback? Email Us → [email protected] 🔗 Podcast Website → Website Link

One markdown link copied server files. One poisoned log triggered remote code execution. One LFI crashed the entire server. In this episode, we unpack three real-world exploits—directory traversal and local file inclusion flaws that went far beyond file reads. From silent data leaks to full server compromise, these attacks all started with a single trusted path.Chapters:00:00 - INTRO01:07 - FINDING #1 - Server File Theft with Directory Traversal09:23 - FINDING #2 - From File Inclusion to RCE via Log Poisoning16:20 - FINDING #3 - LFI to Server Crash24:09 - OUTROWant your pentest discovery featured? Submit your creative findings through the Google Form in the episode description, and we might showcase your finding in an upcoming episode!🌍 Follow & Connect → LinkedIn, YouTube, Twitter, Instagram 📩 Submit Your Pentest Findings → https://forms.gle/7pPwjdaWnGYpQcA6A 📧 Feedback? Email Us → [email protected] 🔗 Podcast Website → Website Link

A broken logout flow let attackers hijack accounts using just a user ID. A self-XSS and an IDOR exposed stored data. And a forgotten internal tool—running outdated software—ended in full Remote Code Execution.This episode is all about how small bugs, missed checks, and overlooked services can lead to serious consequences.Chapters:00:00 - INTRO01:22 - FINDING #1 - The Logout That Logged You In07:12 - FINDING #2 - From Signature Field to Shell Access14:40 - OUTROWant your pentest discovery featured? Submit your creative findings through the Google Form in the episode description, and we might showcase your finding in an upcoming episode!🌍 Follow & Connect → LinkedIn, YouTube, Twitter, Instagram 📩 Submit Your Pentest Findings → https://forms.gle/7pPwjdaWnGYpQcA6A 📧 Feedback? Email Us → [email protected] 🔗 Podcast Website → Website Link

A predictable ID exposed private documents. A crafted name leaked backend files. In this episode, we break down two high-impact flaws—an IDOR that let attackers clone confidential attachments, and an SSTI hidden in an email template that revealed server-side files. Simple inputs, big consequences. Learn how they worked, why they were missed, and how to stop them.Chapters:00:00 - INTRO01:28 - FINDING #1 – IDOR to Steal Confidential Files with Just an Attachment ID09:05 - FINDING #2 – Server-Side Template Injection That Leaked Local Files18:41 - OUTROWant your pentest discovery featured? Submit your creative findings through the Google Form in the episode description, and we might showcase your finding in an upcoming episode!🌍 Follow & Connect → LinkedIn, YouTube, Twitter, Instagram 📩 Submit Your Pentest Findings → https://forms.gle/7pPwjdaWnGYpQcA6A 📧 Feedback? Email Us → [email protected] 🔗 Podcast Website → Website Link

A single uppercase letter unlocked an admin panel. One malformed request hijacked user sessions. In this episode, we break down two real-world exploits—a 403 bypass and a request smuggling attack—that turned small oversights into full system compromise. Learn how they worked, why they were missed, and what should have been done differently.Chapters:00:00 - INTRO01:18 - FINDING #1 – The 403 Bypass That Led to Full Admin Control08:17 - FINDING #2 – Smuggling Requests, Hijacking Responses16:35 - OUTROWant your pentest discovery featured? Submit your creative findings through the Google Form in the episode description, and we might showcase your finding in an upcoming episode!🌍 Follow & Connect → LinkedIn, YouTube, Twitter, Instagram 📩 Submit Your Pentest Findings → https://forms.gle/7pPwjdaWnGYpQcA6A 📧 Feedback? Email Us → [email protected] 🔗 Podcast Website → Website Link

A simple filename triggered stored XSS, hijacking accounts and stealing API keys. A SQL injection bypassed a web firewall, dumping an entire database in one request.Both attacks exploited basic security flaws—flaws that should have been caught.Learn how these exploits worked, why they were missed, and what should have been done differently.Chapters:0:00 - INTRO01:39 - FINDING #1 – Stored XSS That Took Over User Accounts07:14 - FINDING #2 – The SQL Injection That Bypassed a Firewall and Dumped the Entire Database15:22 - OUTROWant your pentest discovery featured? Submit your creative findings through the Google Form in the episode description, and we might showcase your finding in an upcoming episode!🌍 Follow & Connect → LinkedIn, YouTube, Twitter, Instagram 📩 Submit Your Pentest Findings → https://forms.gle/7pPwjdaWnGYpQcA6A 📧 Feedback? Email Us → [email protected] 🔗 Podcast Website → Website Link

Exposed secrets, overlooked permissions, and credentials hiding in plain sight—each one leading to a critical breach.In this episode, we break down three real-world pentest findings where a forgotten file, a misconfigured setting, and a leaked credential gave attackers full control. How did they happen? How can you find similar issues? And what can be done to stop them?Listen now to learn how attackers exploit these mistakes—and how you can prevent them.Chapters:00:00 - INTRO01:00 - FINDING #1 - How a Forgotten File Exposed Private Repositories06:37 - FINDING #2 - How Misconfigured Permissions Led to Full System Takeover14:35 - FINDING #3 - The Credentials That Gave Access to a Network Switch20:31 - OUTROWant your pentest discovery featured? Submit your creative findings through the Google Form in the episode description, and we might showcase your finding in an upcoming episode!🌍 Follow & Connect → LinkedIn, YouTube, Twitter, Instagram 📩 Submit Your Pentest Findings → https://forms.gle/7pPwjdaWnGYpQcA6A 📧 Feedback? Email Us → [email protected] 🔗 Podcast Website → Website Link

How can attackers take over accounts, networks, and devices—without credentials?In this episode, we break down three real-world security flaws that prove authentication alone isn’t enough:Account Takeover – A single request bypassed email verification, locking out store owners.Internal Network Compromise – A hidden admin URL and hardcoded access key gave attackers full control.Smart Device Hijack – A community-submitted finding reveals how Bluetooth vulnerabilities allowed remote command execution—without WiFi, passwords, or internet access.These findings expose critical weaknesses in application security, network defense, and IoT device protection—problems that pentesters, developers, and security teams must identify before attackers do.Chapters:00:00 - INTRO01:30 - FINDING #1 - How a Security Researcher Took Over an Entire Shopping Platform with Just One Request07:25 - FINDING #2 - How a Security Researcher Hacked an Entire Internal Network with Just One URL13:46 - FINDING #3 - How a Security Researcher Took Over a Smart Switch Using Just Bluetooth20:47 - OUTROWant your pentest discovery featured? Submit your creative findings through the Google Form in the episode description, and we might showcase your finding in an upcoming episode!🌍 Follow & Connect → LinkedIn, YouTube, Twitter, Instagram 📩 Submit Your Pentest Findings → https://forms.gle/7pPwjdaWnGYpQcA6A 📧 Feedback? Email Us → [email protected] 🔗 Podcast Website → Website Link

What if you could take over an account—not by cracking a password, but by chaining two overlooked vulnerabilities? What if a single CSRF exploit let attackers reset security questions and hijack accounts? And what if manipulating an authorization token could escalate privileges?In this episode of Hacked & Secured: Pentest Exploits & Mitigations, we break down three real-world pentest findings that prove creative exploitation turns small flaws into critical security risks:Chaining IDORs for account takeover – Exploiting weak access controls.CSRF bypass to reset security questions – Turning one click into total compromise.Privilege escalation via token manipulation – How a simple change led to admin access.Learn how these vulnerabilities were discovered, exploited, and mitigated.Chapters:00:00 - INTRO01:02 - FINDING #1 - Account Takeover by Chaining Two IDORs07:19 - FINDING #2 - Account Takeover Through CSRF Vulnerability in Security Questions12:18 - FINDING #3 - Privilege Escalation Through Authorization Token Manipulation17:05 - OUTROWant your pentest discovery featured? Submit your creative findings through the Google Form in the episode description, and we might showcase your finding in an upcoming episode!🌍 Follow & Connect → LinkedIn, YouTube, Twitter, Instagram 📩 Submit Your Pentest Findings → https://forms.gle/7pPwjdaWnGYpQcA6A 📧 Feedback? Email Us → [email protected] 🔗 Podcast Website → Website Link

What if your OTP security wasn’t secure at all? What if a static domain—something most people ignore—could lead to full account takeover? And what if flawed role management allowed admins to escalate privileges?In this episode of Hacked & Secured: Pentest Exploits & Mitigations, we break down three real-world security failures that turned minor oversights into critical exploits:Leaking OTPs in API responses – Breaking authentication at the source.Static domain to account takeover – When persistence turns into a full exploit.Privilege escalation via role mismanagement – How attackers bypass access controls.Learn how these vulnerabilities were discovered, exploited, and mitigated.Chapters:00:00 - INTRO01:00 - FINDING #1 - The Vulnerability That Defeats OTP Security: Leaking OTP Codes in API Responses05:20 - FINDING #2 - From Static Domain to Account Takeover: The Power of Persistence12:05 - FINDING #3 - Privilege Escalation via User Invitations and Role Assignment16:49 - OUTROWant your pentest discovery featured? Submit your creative findings through the Google Form in the episode description, and we might showcase your finding in an upcoming episode!🌍 Follow & Connect → LinkedIn, YouTube, Twitter, Instagram 📩 Submit Your Pentest Findings → https://forms.gle/7pPwjdaWnGYpQcA6A 📧 Feedback? Email Us → [email protected] 🔗 Podcast Website → Website Link

If you know how attacks work, you’ll know exactly where to look—whether you’re breaking in as an ethical hacker or defending as a blue teamer.Welcome to Hacked & Secured: Pentest Exploits & Mitigations—the podcast that breaks down real-world pentest findings and exposes critical security flaws before attackers do.Red team tactics – How vulnerabilities are found and exploited. Blue team defenses – How to detect, mitigate, and prevent attacks. Real pentest insights – Lessons from bug bounty reports, security blogs, and private pentests.New episodes every two weeks. Follow to stay ahead of evolving threats.Let’s make security knowledge accessible to all!Want your pentest discovery featured? Submit your creative findings through the Google Form in the episode description, and we might showcase your finding in an upcoming episode!🌍 Follow & Connect → LinkedIn, YouTube, Twitter, Instagram 📩 Submit Your Pentest Findings → https://forms.gle/7pPwjdaWnGYpQcA6A 📧 Feedback? Email Us → [email protected] 🔗 Podcast Website → Website Link