You logged into my account — Daizibukaikou — DEF CON China Beta

Дата: 16.06.2018. Автор: CISO CLUB. Категории: Подкасты и видео по информационной безопасности

This topic describes some ways for inducing victims to log into an attacker’s account on the Internet, which can result in some vulnerabilities and attack scenarios.Meanwhile, this topic will also mention how to fix it.This kind of security risk is often overlooked, while it can provide important help for some use of vulnerabilities, even combining some of the low-risk vulnerabilities or features of CSRF, selfxss, OAuth, and SSO, etc. to steal login credentials, bind third-party backdoors accounts, steal privacy, access others’ resources, conduct phishing attacks and implement fraudulent use of identity, etc.

Network ID: Daizibukaikou. He is skillful in web security and once worked for Internet companies such as Sina, Nokia, Meituan, and Xiaomi on information security. He is currently working for Antfin as a security expert, and is responsible for the system and network security.

CISO CLUB

Об авторе CISO CLUB

Редакция портала cisoclub.ru. Добавляйте ваш материал на сайт в разделе "Разместить публикацию".
Читать все записи автора CISO CLUB

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *