Top privilege escalation techniques - bug bounty case study

📕 The full privilege escalation case study: https://members.bugbountyexplained.com/bypassing-admin-checks-and-more-privilege-escalation-case-study/ 📧 Subscribe to BBRE Premium: https://bbre.dev/premium ✉️ Sign up for the mailing list: https://bbre.dev/nl 📣 Follow me on Twitter: https://bbre.dev/tw This video is the part of case study of 162 disclosed privilege escalation bug bounty reports. Reports mentioned in the video: https://ysamm.com/?p=606 https://blog.teddykatz.com/2021/03/10/fork-collab-abuse.html https://www.darabi.me/2015/03/facebook-bypass-ads-account-roles.html https://hackerone.com/reports/858671 https://hackerone.com/reports/1596663 https://youtu.be/ZFst3-r-9Lg https://hackerone.com/reports/791775 https://hackerone.com/reports/927567 https://siratsami71.medium.com/1500-worth-slack-vulnerability-bypass-invite-accept-process-8204e5431d52 https://hackerone.com/reports/434763 https://medium.com/@cachemoney/using-a-github-app-to-escalate-to-an-organization-owner-for-a-10-000-bounty-4ec307168631 🖥 Get $100 in credits for Digital Ocean: https://bbre.dev/do Timestamps: 00:00 Intro 00:18 Reading data 03:09 Creating or modifying resources 05:51 Permanently escalating permissions within the organisation 08:16 Deleting resources 12:06 The attacker keeps old privileges 14:54 Joining another organisation 16:51 Paywall bypasses 17:36 Bypassing victim's confirmation 18:50 Overpermissive OAuth app