Way too long for what it conveys and not very useful to be honest. I quit watching it at the 27 minute mark; at that point did it become crystal clear that this slow-paced presentation only discuss more-or-less obvious information. When you have the right XSS (or similar) vector, of course you can hijack the OAuth workflow! Why does that need 50 mins to present? Wouldn't neessarily consider this hacking OAuth even. For all intents and purposes, OAuth works as designed throughout the whole process. The video is, as far as I went in, rather about perusing a compromised web application for OAuth access. AFAICT something like "Pivoting Web Vulnerabilities into OAuth 2.0 Access" would've been a more appropriate title. NOI, but the 27 minutes I spent watching this felt like wasted time.
03:29 history of oauth 09:11 authorization grant 11:15 example, zoom
Awesome, thanks!
Sorry i laughed about this tho ): 7:14
Very nice, Thanks!
How do you purchase a subdomain of another company's domain? I think that was possible?
i didn’t get that either. maybe the company created a subdomain for him to test the poc ?
sounds like a domain registration site
Cool video.... ❤❤❤
Nice video.:)
Way too long for what it conveys and not very useful to be honest.
I quit watching it at the 27 minute mark; at that point did it become crystal clear that this slow-paced presentation only discuss more-or-less obvious information.
When you have the right XSS (or similar) vector, of course you can hijack the OAuth workflow! Why does that need 50 mins to present?
Wouldn't neessarily consider this hacking OAuth even. For all intents and purposes, OAuth works as designed throughout the whole process. The video is, as far as I went in, rather about perusing a compromised web application for OAuth access. AFAICT something like "Pivoting Web Vulnerabilities into OAuth 2.0 Access" would've been a more appropriate title.
NOI, but the 27 minutes I spent watching this felt like wasted time.
Farah Hawa concluded everything he mentioned in just 10 minutes!
great!!
Thanks 😊
leet stuff
In 2 years, how was your journey in bug bounty?
🤑