Tag feed

#account-takeover

25 posts1 followers

Explore Hashnode

Alternatives

Trending tags this week

4F404 Founders404-founders.comJun 1 · 3 min read

Sweet. Just Ask Meta AI Nicely an Get Someone Else's Instagram

The Bot Had The Keys Several Instagram users reported account takeovers over the weekend. The unusual part was the alleged attack path. According to reports, attackers abused Meta's AI support assista

0

NGNiranjan Gblog.securityinsights.ioMay 25 · 6 min read

The Hidden Threat After Login: Understanding Session Hijacking

You did everything right. You turned on multi-factor authentication (MFA). You use strong passwords. Maybe you even switched to passkeys. So how did an attacker still get into your email? The answer i

0

Oosint78shemkar.hashnode.devApr 26 · 6 min read

One Extra JSON Key: How a Harmless Profile Endpoint Became an ATO Candidate

The harmless profile endpoint that taught me how real bugs work Early in my bug bounty journey, I found a bug that looked simple from the outside, but it changed the way I think about web security. At

0

SRSatyam Rastogisatyamrastogi.hashnode.devApr 18 · 6 min read

DraftKings Credential Trafficking: Post-Plea Monetization & Detection Gaps

Originally published on satyamrastogi.com Kamerin Stokes monetized DraftKings credentials through underground marketplaces post-plea, revealing systemic gaps in credential revocation and underground market monitoring. DraftKings Credential Traffick...

0

RLRisingWave Labsrisingwave.comApr 7 · 13 min read

Real-Time Features for Account Takeover Detection

Account takeover (ATO) is the fraud vector that breaks most traditional detection systems -- not because it is technically sophisticated, but because it uses entirely valid credentials. The attacker is not forging a card number or synthesizing a fake...

0

CSCyber Safety Zoneblog.cybersafetyzone.comFeb 24 · 2 min read

OAuth Attacks Explained: Why U.S. Businesses Are Losing Accounts Without Password Leaks

In today’s digital-first world, most U.S. businesses rely on OAuth to make logging in easier for users. From Google and Microsoft to Slack and Dropbox, OAuth allows users to access apps without repeat

0

LDLakshay Dhoundiyallakshaydhoundiyal.hashnode.devFeb 8 · 6 min read

Ghostpairing Attack: The WhatsApp Hack That Lets Strangers Read Your Chats 👻

Most people think WhatsApp hacks look dramatic. A locked account.A warning message.A sudden logout. But what if the most dangerous WhatsApp attack does none of that? The Ghostpairing attack is a stealthy form of WhatsApp account takeover that doesn’t...

0

ZMZeeshan M.z-sec.coJan 16 · 4 min read

Reverse Account Takeover via Email Rebinding Causing Forced Privilege De-Escalation

When we talk about account takeover, we usually imagine a familiar story: an attacker steals credentials, hijacks a session, or abuses password reset flows to log in as someone else. This write-up is about something more subtle — and arguably more da...

0

CSCyber Seklercybersekler.comJan 16 · 2 min read

Password Reset Poisoning Leading to Account Takeover

Overview During a penetration test of a Web Applications API, I discovered a vulnerability in the password reset functionality that allowed an attacker to intercept reset tokens and take over user accounts. By manipulating a user-controllable field i...

0

AHAli Hussainzadakoalasec.hashnode.devJan 3 · 4 min read

Stored XSS leads to Zero-Click Account Takeover

Hey, yolo guys! Long time no chat! As we already know, bug bounty is a scam (just kidding 🙂). I recently started doing penetration testing for startups in my country. In this case, it was an online marketplace, where I discovered eight security vuln...

0

#account-takeover

Search Hashnode

#account-takeover

Explore Hashnode

Trending tags this week

Sweet. Just Ask Meta AI Nicely an Get Someone Else's Instagram

The Hidden Threat After Login: Understanding Session Hijacking

One Extra JSON Key: How a Harmless Profile Endpoint Became an ATO Candidate

DraftKings Credential Trafficking: Post-Plea Monetization & Detection Gaps

Real-Time Features for Account Takeover Detection

OAuth Attacks Explained: Why U.S. Businesses Are Losing Accounts Without Password Leaks

Ghostpairing Attack: The WhatsApp Hack That Lets Strangers Read Your Chats 👻

Reverse Account Takeover via Email Rebinding Causing Forced Privilege De-Escalation

Password Reset Poisoning Leading to Account Takeover

Stored XSS leads to Zero-Click Account Takeover