
Hacked & Secured: Pentest Exploits & Mitigations
If you know how attacks work, you’ll know exactly where to look—whether you’re breaking in as an ethical hacker or defending as a blue teamer.
Hacked & Secured: Pentest Exploits & Mitigations breaks down real-world pentest findings, exposing how vulnerabilities were discovered, exploited, and mitigated.
Each episode dives into practical security lessons, covering attack chains and creative exploitation techniques used by ethical hackers. Whether you're a pentester, security engineer, developer, or blue teamer, you'll gain actionable insights to apply in your work.
🎧 New episodes every month.
🌍 Follow & Connect → LinkedIn, YouTube, Twitter, Instagram, Website Link
📩 Submit Your Pentest Findings → https://forms.gle/7pPwjdaWnGYpQcA6A
📧 Feedback? Email Us → podcast@quailu.com.au
Hacked & Secured: Pentest Exploits & Mitigations
Ep. 12 – Timing Attacks & Mobile OAuth Hijack: When Microseconds and Misflows Betray You
A few microseconds. One silent browser session. That’s all it took for attackers to break into systems without tripping a single alert.
In this episode of Hacked & Secured: Pentest Exploits & Mitigations, we explore two subtle but devastating flaws:
🔹 Timing Attacks for Token Leaks – By measuring microsecond delays, attackers were able to recover secrets, without seeing them in responses.
🔹 OAuth Hijack via Mobile App Flows – A crafted app abused in-app browser sessions and custom URL schemes to silently steal valid login tokens from users on iOS.
These aren’t theoretical bugs—they were found in the wild and affect real apps. If you build or test auth systems, this episode is for you.
Chapters:
00:00 - INTRO
01:11 - FINDING #1 - Timing Leaks That Speak Volumes
06:56 - FINDING #2 - Hijacking Mobile OAuth with One Silent Redirect
13:06 - OUTRO
Want your pentest discovery featured? Submit your creative findings through the Google Form in the episode description, and we might showcase your finding in an upcoming episode!
🌍 Follow & Connect → LinkedIn, YouTube, Twitter, Instagram
📩 Submit Your Pentest Findings → https://forms.gle/7pPwjdaWnGYpQcA6A
📧 Feedback? Email Us → podcast@quailu.com.au
🔗 Podcast Website → Website Link