by Amin Malekpour
<p><b>If you know how attacks work, you’ll know exactly where to look—whether you’re breaking in as an ethical hacker or defending as a blue teamer.<br></b><br></p><p>Hacked & Secured: Pentest Exploits & Mitigations breaks down <b>real-world pentest findings</b>, exposing how vulnerabilities were discovered, exploited, and mitigated.</p><p>Each episode dives into <b>practical security lessons</b>, covering attack chains and creative exploitation techniques used by ethical hackers. Whether you're a <b>pentester, security engineer, developer, or blue teamer</b>, you'll gain <b>actionable insights to apply in your work.</b></p><p><br></p><p>🔹 <b>Red Team Perspective</b> – How attackers find and exploit vulnerabilities.<br>🔹 <b>Blue Team Defenses</b> – How to prevent real-world attacks.<br>🔹 <b>Real Case Studies</b> – Bug bounty reports, pentest findings, and security incidents analyzed step by step.</p><p><br></p><p>🎧 <b>New episodes every two weeks.</b></p><p><br>🌍 Follow & Connect → <a href="https://www.linkedin.com/showcase/hacked-and-secured/about"><b>LinkedIn</b></a><b>, </b><a href="https://www.youtube.com/@HackedAndSecured"><b>YouTube</b></a><b>, </b><a href="https://x.com/HackedNSecured"><b>Twitter</b></a><b>, </b><a href="https://www.instagram.com/hackedandsecuredpod/"><b>Instagram</b></a><b>, </b><a href="https://hackedandsecured.buzzsprout.com/"><b>Website Link</b></a></p><p><br>📩 Submit Your Pentest Findings <b>→ </b><a href="https://forms.gle/7pPwjdaWnGYpQcA6A"><b>https://forms.gle/7pPwjdaWnGYpQcA6A</b></a><b> </b><br><br></p><p>📧 Feedback? Email Us <b>→ </b><a href="mailto:[email protected]"><b>[email protected]</b></a></p>
Language
🇺🇲
Publishing Since
1/30/2025
Email Addresses
1 available
Phone Numbers
0 available
April 10, 2025
A predictable ID exposed private documents. A crafted name leaked backend files. In this episode, we break down two high-impact flaws—an IDOR that let attackers clone confidential attachments, and an SSTI hidden in an email template that revealed server-side files. Simple inputs, big consequences. Learn how they worked, why they were missed, and how to stop them. Chapters: 00:00 - INTRO 01:28 - FINDING #1 – IDOR to Steal Confidential Files with Just an Attachment ID 09:05 - FINDING #2 – Serv...
March 27, 2025
A single uppercase letter unlocked an admin panel. One malformed request hijacked user sessions. In this episode, we break down two real-world exploits—a 403 bypass and a request smuggling attack—that turned small oversights into full system compromise. Learn how they worked, why they were missed, and what should have been done differently. Chapters: 00:00 - INTRO 01:18 - FINDING #1 – The 403 Bypass That Led to Full Admin Control 08:17 - FINDING #2 – Smuggling Requests, Hijacking Responses 1...
March 13, 2025
A simple filename triggered stored XSS, hijacking accounts and stealing API keys. A SQL injection bypassed a web firewall, dumping an entire database in one request. Both attacks exploited basic security flaws—flaws that should have been caught. Learn how these exploits worked, why they were missed, and what should have been done differently. Want your pentest discovery featured? Submit your creative findings through the Google Form in the episode description, and we might showcase your findi...
Pod Engine is not affiliated with, endorsed by, or officially connected with any of the podcasts displayed on this platform. We operate independently as a podcast discovery and analytics service.
All podcast artwork, thumbnails, and content displayed on this page are the property of their respective owners and are protected by applicable copyright laws. This includes, but is not limited to, podcast cover art, episode artwork, show descriptions, episode titles, transcripts, audio snippets, and any other content originating from the podcast creators or their licensors.
We display this content under fair use principles and/or implied license for the purpose of podcast discovery, information, and commentary. We make no claim of ownership over any podcast content, artwork, or related materials shown on this platform. All trademarks, service marks, and trade names are the property of their respective owners.
While we strive to ensure all content usage is properly authorized, if you are a rights holder and believe your content is being used inappropriately or without proper authorization, please contact us immediately at [email protected] for prompt review and appropriate action, which may include content removal or proper attribution.
By accessing and using this platform, you acknowledge and agree to respect all applicable copyright laws and intellectual property rights of content owners. Any unauthorized reproduction, distribution, or commercial use of the content displayed on this platform is strictly prohibited.