Account takeover attacks are a serious threat to individuals and organizations and are becoming increasingly common. In order to stay ahead of cybercriminals, it is important for Developers and Pentesters to have a strong understanding of advanced and uncommon techniques for performing account takeover attacks.
In this talk, we will explore a range of techniques that are not commonly known or used for account takeover attacks. We will discuss various topics including JWT, GUID/UUID, Homograph attacks, and Password reset misconfiguration. We will also explore the tools used for this attack.
This talk is designed for Pentesters, and Bug Bounty Hunters who are looking to enhance their skills and knowledge in account takeover attacks, and for the Developers to properly secure their code. By the end of this talk, attendees will have a better understanding of uncommon and advanced techniques for account takeover attacks and will be better equipped to identify vulnerabilities and weaknesses in account security implementation.