Sign up to save your podcasts
Or
Share Ep. 1 – Breaking OTP Security, Exploiting Static Domains & Privilege Escalation via Role Misconfigurations
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Ep. 1 – Breaking OTP Security, Exploiting Static Domains & Privilege Escalation via Role Misconfigurations
What if your OTP security wasn’t secure at all? What if a static domain—something most people ignore—could lead to full account takeover? And what if flawed role management allowed admins to escalate privileges?
In this episode of Hacked & Secured: Pentest Exploits & Mitigations, we break down three real-world security failures that turned minor oversights into critical exploits:
- Leaking OTPs in API responses – Breaking authentication at the source.
- Static domain to account takeover – When persistence turns into a full exploit.
- Privilege escalation via role mismanagement – How attackers bypass access controls.
Learn how these vulnerabilities were discovered, exploited, and mitigated.
Chapters:
00:00 - INTRO
01:00 - FINDING #1 - The Vulnerability That Defeats OTP Security: Leaking OTP Codes in API Responses
05:20 - FINDING #2 - From Static Domain to Account Takeover: The Power of Persistence
12:05 - FINDING #3 - Privilege Escalation via User Invitations and Role Assignment
16:49 - OUTRO
Want your pentest discovery featured? Submit your creative findings through the Google Form in the episode description, and we might showcase your finding in an upcoming episode!
🌍 Follow & Connect → LinkedIn, YouTube, Twitter, Instagram
📩 Submit Your Pentest Findings → https://forms.gle/7pPwjdaWnGYpQcA6A
📧 Feedback? Email Us → [email protected]
🔗 Podcast Website → Website Link
View all episodes
By Amin MalekpourWhat if your OTP security wasn’t secure at all? What if a static domain—something most people ignore—could lead to full account takeover? And what if flawed role management allowed admins to escalate privileges?
In this episode of Hacked & Secured: Pentest Exploits & Mitigations, we break down three real-world security failures that turned minor oversights into critical exploits:
- Leaking OTPs in API responses – Breaking authentication at the source.
- Static domain to account takeover – When persistence turns into a full exploit.
- Privilege escalation via role mismanagement – How attackers bypass access controls.
Learn how these vulnerabilities were discovered, exploited, and mitigated.
Chapters:
00:00 - INTRO
01:00 - FINDING #1 - The Vulnerability That Defeats OTP Security: Leaking OTP Codes in API Responses
05:20 - FINDING #2 - From Static Domain to Account Takeover: The Power of Persistence
12:05 - FINDING #3 - Privilege Escalation via User Invitations and Role Assignment
16:49 - OUTRO
Want your pentest discovery featured? Submit your creative findings through the Google Form in the episode description, and we might showcase your finding in an upcoming episode!
🌍 Follow & Connect → LinkedIn, YouTube, Twitter, Instagram
📩 Submit Your Pentest Findings → https://forms.gle/7pPwjdaWnGYpQcA6A
📧 Feedback? Email Us → [email protected]
🔗 Podcast Website → Website Link