1. Account Takeover via IDOR in Password Reset
  2. Account Takeover by Password Reset Poisoning
  3. Account Takeover via IDOR (Post Authentication)
  4. Account Takeover via CSRF
  5. Account Takeover by Broken Cryptography
  6. Account Takeover by OAuth Misconfiguration
  7. Pre-Authentication Account Takeover
  8. Account Takeover due to Improper Rate-Limit/Anti-Automation Checks
  9. Account Takeover due to Weak Security Policies
  10. Account Takeover by utilizing Sensitive Data Exposure
  11. Account Takeover by XSS
  12. Misc. Methods
    1. Response Body Manipulation
    2. Status Code Manipulation
    3. Parameter Pollution
    4. Mass Assignment
    5. Token Forging
  13. More Details on These Attack Vectors can be found at: https://github.com/harsh-bothra/SecurityExplained/blob/main/resources/account-takeovers-methodology.md
  14. MindMap Created By: Harsh Bothra (Twitter: @harshbothra_)