Hacked & Secured: Pentest Exploits & Mitigations
Amin Malekpour
If you know how attacks work, you’ll know exactly where to look—whether you’re breaking in as an ethical hacker or defending as a blue teamer.
Hacked & Secured: Pentest Exploits & Mitigations breaks down real-world pentest findings, exposing how vulnerabilities were discovered, exploited, and mitigated.
Each episode dives into practical security lessons, covering attack chains and creative exploitation techniques used by ethical hackers. Whether you're a pentester, security engineer, developer, or blue teamer, you'll gain actionable insights to apply in your work.
🔹 Red Team Perspective – How attackers find and exploit vulnerabilities.
🔹 Blue Team Defenses – How to prevent real-world attacks.
🔹 Real Case Studies – Bug bounty reports, pentest findings, and security incidents analyzed step by step.
🎧 New episodes every two weeks.
🌍 Follow & Connect → LinkedIn, YouTube, Twitter, Instagram, Website Link
📩 Submit Your Pentest Findings → https://forms.gle/7pPwjdaWnGYpQcA6A
📧 Feedback? Email Us → [email protected]
All episodes
Best episodes
Seasons
Top 10 Hacked & Secured: Pentest Exploits & Mitigations Episodes
Goodpods has curated a list of the 10 best Hacked & Secured: Pentest Exploits & Mitigations episodes, ranked by the number of listens and likes each episode have garnered from our listeners. If you are listening to Hacked & Secured: Pentest Exploits & Mitigations for the first time, there's no better place to start than with one of these standout episodes. If you are a fan of the show, vote for your favorite Hacked & Secured: Pentest Exploits & Mitigations episode by adding your comments to the episode page.
Ep. 3 – One Request, One URL, One Bluetooth Hack: Three Takeovers That Shouldn’t Have Happened
Hacked & Secured: Pentest Exploits & Mitigations
02/13/25 • 21 min
How can attackers take over accounts, networks, and devices—without credentials?
In this episode, we break down three real-world security flaws that prove authentication alone isn’t enough:
- Account Takeover – A single request bypassed email verification, locking out store owners.
- Internal Network Compromise – A hidden admin URL and hardcoded access key gave attackers full control.
- Smart Device Hijack – A community-submitted finding reveals how Bluetooth vulnerabilities allowed remote command execution—without WiFi, passwords, or internet access.
These findings expose critical weaknesses in application security, network defense, and IoT device protection—problems that pentesters, developers, and security teams must identify before attackers do.
Want your pentest discovery featured? Submit your creative findings through the Google Form in the episode description, and we might showcase your finding in an upcoming episode!
🌍 Follow & Connect → LinkedIn, YouTube, Twitter, Instagram
📩 Submit Your Pentest Findings → https://forms.gle/7pPwjdaWnGYpQcA6A
📧 Feedback? Email Us → [email protected]🔗 Podcast Website → Website Link
Ep. 5 – Stored XSS & SQL Injection: Small Flaws, Big Breaches
Hacked & Secured: Pentest Exploits & Mitigations
03/13/25 • 16 min
A simple filename triggered stored XSS, hijacking accounts and stealing API keys. A SQL injection bypassed a web firewall, dumping an entire database in one request.
Both attacks exploited basic security flaws—flaws that should have been caught.
Learn how these exploits worked, why they were missed, and what should have been done differently.
Want your pentest discovery featured? Submit your creative findings through the Google Form in the episode description, and we might showcase your finding in an upcoming episode!
🌍 Follow & Connect → LinkedIn, YouTube, Twitter, Instagram
📩 Submit Your Pentest Findings → https://forms.gle/7pPwjdaWnGYpQcA6A
📧 Feedback? Email Us → [email protected]🔗 Podcast Website → Website Link
Ep. 4 – Exposed Secrets & Silent Takeovers: How Misconfigurations Open the Door to Attackers
Hacked & Secured: Pentest Exploits & Mitigations
02/27/25 • 21 min
Exposed secrets, overlooked permissions, and credentials hiding in plain sight—each one leading to a critical breach.
In this episode, we break down three real-world pentest findings where a forgotten file, a misconfigured setting, and a leaked credential gave attackers full control. How did they happen? How can you find similar issues? And what can be done to stop them?
Listen now to learn how attackers exploit these mistakes—and how you can prevent them.
Want your pentest discovery featured? Submit your creative findings through the Google Form in the episode description, and we might showcase your finding in an upcoming episode!
🌍 Follow & Connect → LinkedIn, YouTube, Twitter, Instagram
📩 Submit Your Pentest Findings → https://forms.gle/7pPwjdaWnGYpQcA6A
📧 Feedback? Email Us → [email protected]🔗 Podcast Website → Website Link
Ep. 6 – 403 Bypass & Request Smuggling: Tiny Tricks, Total Takeover
Hacked & Secured: Pentest Exploits & Mitigations
03/27/25 • 17 min
A single uppercase letter unlocked an admin panel. One malformed request hijacked user sessions.
In this episode, we break down two real-world exploits—a 403 bypass and a request smuggling attack—that turned small oversights into full system compromise. Learn how they worked, why they were missed, and what should have been done differently.
Chapters:
00:00 - INTRO
01:18 - FINDING #1 – The 403 Bypass That Led to Full Admin Control
08:17 - FINDING #2 – Smuggling Requests, Hijacking Responses
16:35 - OUTRO
Want your pentest discovery featured? Submit your creative findings through the Google Form in the episode description, and we might showcase your finding in an upcoming episode!
🌍 Follow & Connect → LinkedIn, YouTube, Twitter, Instagram
📩 Submit Your Pentest Findings → https://forms.gle/7pPwjdaWnGYpQcA6A
📧 Feedback? Email Us → [email protected]🔗 Podcast Website → Website Link
Ep. 2 – Chaining IDORs, CSRF Account Takeovers & Token Manipulation for Privilege Escalation
Hacked & Secured: Pentest Exploits & Mitigations
01/30/25 • 19 min
What if you could take over an account—not by cracking a password, but by chaining two overlooked vulnerabilities? What if a single CSRF exploit let attackers reset security questions and hijack accounts? And what if manipulating an authorization token could escalate privileges?
In this episode of Hacked & Secured: Pentest Exploits & Mitigations, we break down three real-world pentest findings that prove creative exploitation turns small flaws into critical security risks:
- Chaining IDORs for account takeover – Exploiting weak access controls.
- CSRF bypass to reset security questions – Turning one click into total compromise.
- Privilege escalation via token manipulation – How a simple change led to admin access.
Learn how these vulnerabilities were discovered, exploited, and mitigated.
Want your pentest discovery featured? Submit your creative findings through the Google Form in the episode description, and we might showcase your finding in an upcoming episode!
🌍 Follow & Connect → LinkedIn, YouTube, Twitter, Instagram
📩 Submit Your Pentest Findings → https://forms.gle/7pPwjdaWnGYpQcA6A
📧 Feedback? Email Us → [email protected]🔗 Podcast Website → Website Link
Intro to Hacked & Secured: Pentest Exploits & Mitigations – What to Expect!
Hacked & Secured: Pentest Exploits & Mitigations
01/30/25 • 2 min
If you know how attacks work, you’ll know exactly where to look—whether you’re breaking in as an ethical hacker or defending as a blue teamer.
Welcome to Hacked & Secured: Pentest Exploits & Mitigations—the podcast that breaks down real-world pentest findings and exposes critical security flaws before attackers do.
- Red team tactics – How vulnerabilities are found and exploited.
- Blue team defenses – How to detect, mitigate, and prevent attacks.
- Real pentest insights – Lessons from bug bounty reports, security blogs, and private pentests.
New episodes every two weeks. Follow to stay ahead of evolving threats.
Let’s make security knowledge accessible to all!
Want your pentest discovery featured? Submit your creative findings through the Google Form in the episode description, and we might showcase your finding in an upcoming episode!
🌍 Follow & Connect → LinkedIn, YouTube, Twitter, Instagram
📩 Submit Your Pentest Findings → https://forms.gle/7pPwjdaWnGYpQcA6A
📧 Feedback? Email Us → [email protected]🔗 Podcast Website → Website Link
Ep. 1 – Breaking OTP Security, Exploiting Static Domains & Privilege Escalation via Role Misconfigurations
Hacked & Secured: Pentest Exploits & Mitigations
01/30/25 • 19 min
What if your OTP security wasn’t secure at all? What if a static domain—something most people ignore—could lead to full account takeover? And what if flawed role management allowed admins to escalate privileges?
In this episode of Hacked & Secured: Pentest Exploits & Mitigations, we break down three real-world security failures that turned minor oversights into critical exploits:
- Leaking OTPs in API responses – Breaking authentication at the source.
- Static domain to account takeover – When persistence turns into a full exploit.
- Privilege escalation via role mismanagement – How attackers bypass access controls.
Learn how these vulnerabilities were discovered, exploited, and mitigated.
Want your pentest discovery featured? Submit your creative findings through the Google Form in the episode description, and we might showcase your finding in an upcoming episode!
🌍 Follow & Connect → LinkedIn, YouTube, Twitter, Instagram
📩 Submit Your Pentest Findings → https://forms.gle/7pPwjdaWnGYpQcA6A
📧 Feedback? Email Us → [email protected]🔗 Podcast Website → Website Link
Ep. 7 – IDOR & SSTI: From File Theft to Server-Side Secrets
Hacked & Secured: Pentest Exploits & Mitigations
04/10/25 • 19 min
A predictable ID exposed private documents. A crafted name leaked backend files.
In this episode, we break down two high-impact flaws—an IDOR that let attackers clone confidential attachments, and an SSTI hidden in an email template that revealed server-side files. Simple inputs, big consequences. Learn how they worked, why they were missed, and how to stop them.
Chapters:
00:00 - INTRO
01:28 - FINDING #1 – IDOR to Steal Confidential Files with Just an Attachment ID
09:05 - FINDING #2 – Server-Side Template Injection That Leaked Local Files
18:41 - OUTRO
Want your pentest discovery featured? Submit your creative findings through the Google Form in the episode description, and we might showcase your finding in an upcoming episode!
🌍 Follow & Connect → LinkedIn, YouTube, Twitter, Instagram
📩 Submit Your Pentest Findings → https://forms.gle/7pPwjdaWnGYpQcA6A
📧 Feedback? Email Us → [email protected]🔗 Podcast Website → Website Link
Show more best episodes
Show more best episodes
FAQ
How many episodes does Hacked & Secured: Pentest Exploits & Mitigations have?
Hacked & Secured: Pentest Exploits & Mitigations currently has 8 episodes available.
What topics does Hacked & Secured: Pentest Exploits & Mitigations cover?
The podcast is about Ethical Hacking, Pentesting, Podcasts, Technology, Business, Careers and Cybersecurity.
What is the most popular episode on Hacked & Secured: Pentest Exploits & Mitigations?
The episode title 'Ep. 3 – One Request, One URL, One Bluetooth Hack: Three Takeovers That Shouldn’t Have Happened' is the most popular.
What is the average episode length on Hacked & Secured: Pentest Exploits & Mitigations?
The average episode length on Hacked & Secured: Pentest Exploits & Mitigations is 17 minutes.
How often are episodes of Hacked & Secured: Pentest Exploits & Mitigations released?
Episodes of Hacked & Secured: Pentest Exploits & Mitigations are typically released every 14 days.
When was the first episode of Hacked & Secured: Pentest Exploits & Mitigations?
The first episode of Hacked & Secured: Pentest Exploits & Mitigations was released on Jan 30, 2025.
Show more FAQ
Show more FAQ