One misbound identity. One exposed internal path. Two routes to total compromise.

In this season finale of Hacked & Secured: Pentest Exploits & Mitigations, we break down two real-world findings that show how small trust assumptions can unravel entire systems:

• nOAuth (SSO account misbinding) — Multi-tenant SSO auto-linked accounts by email instead of a stable subject/issuer identifier. With a crafted identity on a controlled domain, an attacker could land a valid session as another user.
• From wall socket to Domain Admin — No NAC on the switch enabled quiet network access, followed by username harvesting and a light password spray to a low-priv account. From there: AD enumeration, weak service credentials, and abuse of certificate services to escalate to Domain Admin.

What you’ll learn: how identity claims should be bound in modern SSO, how to harden join and mapping flows, and a practical checklist to shut down common internal escalation paths (NAC, credential hygiene, service principals, AD CS, and monitoring).

Chapters:

00:00 - INTRO

01:27 - FINDING #1 - nOAuth: the email you shouldn’t have trusted

07:22 - FINDING #2 - From one wall socket to Domain Admin

13:43 - OUTRO

Want your pentest discovery featured? Submit your creative findings through the Google Form in the episode description, and we might showcase your finding in an upcoming episode!

🌍 Follow & Connect → LinkedIn, YouTube, Twitter, Instagram
📩 Submit Your Pentest Findings → https://forms.gle/7pPwjdaWnGYpQcA6A
📧 Feedback? Email Us → podcast@quailu.com.au
🔗 Podcast Website → Website Link

A few microseconds. One silent browser session. That’s all it took for attackers to break into systems without tripping a single alert.

In this episode of Hacked & Secured: Pentest Exploits & Mitigations, we explore two subtle but devastating flaws:

🔹 Timing Attacks for Token Leaks – By measuring microsecond delays, attackers were able to recover secrets, without seeing them in responses.

🔹 OAuth Hijack via Mobile App Flows – A crafted app abused in-app browser sessions and custom URL schemes to silently steal valid login tokens from users on iOS.

These aren’t theoretical bugs—they were found in the wild and affect real apps. If you build or test auth systems, this episode is for you.

Chapters:

00:00 - INTRO

01:11 - FINDING #1 - Timing Leaks That Speak Volumes

06:56 - FINDING #2 - Hijacking Mobile OAuth with One Silent Redirect

13:06 - OUTRO

Want your pentest discovery featured? Submit your creative findings through the Google Form in the episode description, and we might showcase your finding in an upcoming episode!

🌍 Follow & Connect → LinkedIn, YouTube, Twitter, Instagram
📩 Submit Your Pentest Findings → https://forms.gle/7pPwjdaWnGYpQcA6A
📧 Feedback? Email Us → podcast@quailu.com.au
🔗 Podcast Website → Website Link

One flawed password reset. One shared session token. One dangerous object.

In Episode 11 of Hacked & Secured: Pentest Exploits & Mitigations, we break down three real-world vulnerabilities where trust between systems and users broke down—with serious consequences.

• Account Takeover via Forgot Password – A predictable ID and exposed tokens let attackers reset passwords without access to email.
• Session Hijack in OTP Login – A logic flaw in how login tokens were handled allowed full account access with just a user ID.
• Remote Code Execution via Java Deserialization – A community-contributed finding where an exposed service deserialized untrusted input, leading to code execution.

These aren’t complex chains. They’re common mistakes with big impact—and important lessons for developers, security teams, and testers.

Chapters:

00:00 - INTRO

00:59 - FINDING #1 - Account Takeover via Forgot Password

06:26 - FINDING #2 - Shared Session Token in SMS Login Flow

10:39 - FINDING #3 - Java Deserialisation to Remote Code Execution

16:13 - OUTRO

Want your pentest discovery featured? Submit your creative findings through the Google Form in the episode description, and we might showcase your finding in an upcoming episode!

🌍 Follow & Connect → LinkedIn, YouTube, Twitter, Instagram
📩 Submit Your Pentest Findings → https://forms.gle/7pPwjdaWnGYpQcA6A
📧 Feedback? Email Us → podcast@quailu.com.au
🔗 Podcast Website → Website Link