25:19

Decoding Spotify Barcodes - Defcon 32 Coin Challenge Solution [2024]

30:31

XSS via CSPT and Open Redirect - Solution to August '24 Challenge (Defcon)

02:57

Intigriti Kick off 2024

12:58

Exploiting Insecure Output Handling in LLMs

11:32

Indirect Prompt Injection

05:41

Exploiting Vulnerabilities in LLM APIs

09:28

Exploiting LLM APIs with Excessive Agency

03:07

Intigriti Customer Story: Personio

10:36

Performing CSRF Exploits Over GraphQL

04:53

Misconfig Mapper - Hacker Tools

07:12

Bypassing GraphQL Brute Force Protections

07:51

Finding a Hidden GraphQL Endpoint

05:05

Accidental Exposure of Private GraphQL Fields

06:47

Accessing Private GraphQL Posts

11:51

Prototype Poisoning and Unicode Case Mapping Collision - Solution to March '24 Challenge

18:50

Introduction to GraphQL Attacks

18:18

Aggressive Scanning in Bug Bounty (and how to avoid it)

10:37

Exploiting Server-side Parameter Pollution in a REST URL

24:30

Common Scoping Mistakes

11:26

Exploiting Server-side Parameter Pollution in a Query String

14:11

Understanding Scope, Ethics and Code of Conduct (CoC)

07:20

Exploiting a Mass Assignment Vulnerability

21:15

Unicode Normalization and Cookie Path Precedence - Solution to February (Valentines) '24 Challenge

07:10

Finding and Exploiting an Unused API Endpoint

07:34

Exploiting an API Endpoint using Documentation

10:02

Web Shell Upload via Race Condition

24:22

DOM Clobbering, CSPP (axios) and XSS - Unintended Solutions to January '24 Challenge

08:41

Exploiting Time-sensitive Vulnerabilities

02:29

Intigriti Customer Story: Microsoft

15:37

Partial Construction Race Conditions

07:39

Single-endpoint Race Conditions

06:24

Intigriti HackerViews 🎙️ - Meet your Bug Bounty Heroes - nnedelchev

19:06

Multi-endpoint Race Conditions

06:37

Intigriti HackerViews 🎙️ - Meet your Bug Bounty Heroes - leorac

02:35

Intigriti HackerViews 🎙️ - Meet your Bug Bounty Heroes - sklon

04:13

Intigriti HackerViews 🎙️ - Meet your Bug Bounty Heroes - bandjes

16:54

Bypassing Rate Limits via Race Conditions

11:28

Limit Overrun Race Conditions

03:52

Intel's 1337UP Knights of Elektron Live Hacking Event Aftermovie

07:32

Researcher API

18:07

Leveraging Server Side XSS (PDF) for Auth Bypass - "My Music" [INTIGRITI 1337UP LIVE CTF 2023]

07:05

Making a ChatGPT Discord Bot Leak it's Prompt - "Triage Bot" [INTIGRITI 1337UP LIVE CTF 2023]

14:13

Hacking a Game Developed with RPG Maker - "Dark Secrets" [INTIGRITI 1337UP LIVE CTF 2023]

02:15

Intigriti’s Hybrid Pentest: Penetration Testing as a Service reimagined

07:34

JWT Authentication Bypass via Algorithm Confusion with No Exposed Key

12:24

JWT Authentication Bypass via Algorithm Confusion

19:16

Blind Command Injection (in a slim docker container) - Solution to July '23 Challenge

15:11

JWT Authentication Bypass via kid Header Path Traversal

13:40

JWT Authentication Bypass via jku Header Injection

14:02

JWT Authentication Bypass via jwk Header Injection

27:03

Prototype Pollution, reCAPTCHA and XSS - Solution to June '23 Challenge

09:42

Weak Authentication [InsecureBankv2 APK]

10:11

Cracking a JWT with MD5_HMAC Algorithm - Marmalade 5 [NahamCon CTF 2023]

12:35

JWT Authentication Bypass via Weak Signing Key

10:56

JWT Authentication Bypass via Flawed Signature Verification

18:50

Android Root Detection Bypass (Frida Hooking and APK Patching)

09:37

JWT Authentication Bypass via Unverified Signature

16:33

Introduction to JWT Attacks

09:58

XSS via ES6 Reflect API - Solution to May '23 Challenge

22:02

2 ways to root an AVD (android studio); Magisk (rootAVD) and SuperSU