Sergey Toshin tells us the story of how he became a top Android bug hunter and how he finds critical vulnerabilities. He also shows us a really cool vulnerability found in the Google Android Snapseed app. I didn't know this crazy attack vector exists!

Start Android Bug Hunting Here! Google App Scan Results: https://bughunters.google.com/report/...

Google Mobile VRP: https://bughunters.google.com/about/r...
Oversecured Blog: https://blog.oversecured.com/
Verify the output of tools: https://bughunters.google.com/learn/i...

More Bug Bounty Videos:    • Bug Bounty  
More Mobile Security:    • Mobile Security  

Chapters:
00:00 Intro
00:57 Meet Sergey Toshin (Oversecured)
02:51 How Oversecured Started
04:42 Verify The Output of Tools!
07:17 First Look at Vulnerability
09:58 1. Explained: Android Intents
11:25 2. Explained: Content Providers
12:51 3. Explained: App Permissions
13:34 Exploit Walkthrough
16:17 Proof of Concept and Report
17:15 Android VRP Rewards
18:32 Start Hunting for Bugs in Google Apps!

=[ ❤ Support ]=

→ per Video:   / liveoverflow  
→ per Month:    / @liveoverflow  

=[ Social ]=

→ Twitter:   / liveoverflow  
→ Instagram:   / liveoverflow  
→ Blog: https://liveoverflow.com/
→ Subreddit:   / liveoverflow  
→ Facebook:   / liveoverflow