Secrets of an Android App Bug Hunter

2023-07-13

[public] 34.6K views, 5.12K likes, dislikes audio only

Sergey Toshin tells us the story of how he became a top Android bug hunter and how he finds critical vulnerabilities. He also shows us a really cool vulnerability found in the Google Android Snapseed app. I didn't know this crazy attack vector exists!

Start Android Bug Hunting Here! Google App Scan Results: https://bughunters.google.com/report/targets/290590452

Google Mobile VRP: https://bughunters.google.com/about/rules/6618732618186752/google-mobile-vulnerability-reward-program-rules

Oversecured Blog: https://blog.oversecured.com/

Verify the output of tools: https://bughunters.google.com/learn/improving-your-reports/avoiding-mistakes/5981856648134656/verify-the-output-of-the-tools

More Bug Bounty Videos: https://www.youtube.com/playlist?list=PLhixgUqwRTjxKYsPTegCyL5adZaq5eILt

More Mobile Security: https://www.youtube.com/playlist?list=PLhixgUqwRTjxHFDl0OykeqZ-VvnClfDpT

Chapters:

00:00 - Intro

00:57 - Meet Sergey Toshin (Oversecured)

02:51 - How Oversecured Started

04:42 - Verify The Output of Tools!

07:17 - First Look at Vulnerability

09:58 - 1. Explained: Android Intents

11:25 - 2. Explained: Content Providers

12:51 - 3. Explained: App Permissions

13:34 - Exploit Walkthrough

16:17 - Proof of Concept and Report

17:15 - Android VRP Rewards

18:32 - Start Hunting for Bugs in Google Apps!

=[ ❤️ Support ]=

→ per Video: https://www.patreon.com/join/liveoverflow

→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

=[ 🐕 Social ]=

→ Twitter: https://twitter.com/LiveOverflow/

→ Instagram: https://instagram.com/LiveOverflow/

→ Blog: https://liveoverflow.com/

→ Subreddit: https://www.reddit.com/r/LiveOverflow/

→ Facebook: https://www.facebook.com/LiveOverflow/