BBC Radio 5 live’s award winning gaming podcast, discussing the world of video games and games culture.
…
continue reading
Player FM - Internet Radio Done Right
44 subscribers
Checked 6d ago
Added two years ago
Content provided by Justin Gardner (Rhynorater) & Joseph Thacker (Rez0), Justin Gardner (Rhynorater), and Joseph Thacker (Rez0). All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Justin Gardner (Rhynorater) & Joseph Thacker (Rez0), Justin Gardner (Rhynorater), and Joseph Thacker (Rez0) or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
Similar to Critical Thinking - Bug Bounty Podcast
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
T
There’s a Better Way: Smart Talk on Healthcare and Technology
1
There’s a Better Way: Smart Talk on Healthcare and Technology
Surescripts
12k
30
The American healthcare system is one of the most innovative in the world. But it’s also riddled with complex challenges, such as access to affordable medications, inefficiency and administrative burdens, and communication barriers between providers. There’s clearly a better way—and at Surescripts, we have a unique sightline into what that may be. In this series, host Melanie Marcus, Chief Marketing Officer of Surescripts, sits down with today’s most inspiring and innovative leaders in healt ...
…
continue reading
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
T
The Talk Show With John Gruber
1
The Talk Show With John Gruber
Daring Fireball / John Gruber
2k341
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
We help founders make something people want.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
))
Daily Deals
Episode 107: Bypassing Cross-Origin Browser Headers
Manage episode 462674806 series 3435922
Content provided by Justin Gardner (Rhynorater) & Joseph Thacker (Rez0), Justin Gardner (Rhynorater), and Joseph Thacker (Rez0). All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Justin Gardner (Rhynorater) & Joseph Thacker (Rez0), Justin Gardner (Rhynorater), and Joseph Thacker (Rez0) or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
Episode 107: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph are tackling the subject of cross-origin security headers. They also cover some news items including Google’s OAuth login flaw, RAINK, and gift card hacking.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to https://x.com/realytcracker for the awesome intro music!
====== Links ======
Follow your hosts on Twitter:
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today’s Sponsor - ThreatLocker. Check out their Managed Detection and Response! https://www.criticalthinkingpodcast.io/tl-mdr
====== Resources ======
A Proud Dad's Tale of Two Bug Hunting Daughters and Their Responsible Disclosures
Top 10 web hacking techniques of 2024
Cross-Origin-Opener-Policy: preventing attacks from popups
====== Timestamps ======
(00:00:00) Introduction
(00:05:13) Hacking with your kids
(00:09:46) H1/bc pentests
(00:12:23) Google’s OAuth login flaw
(00:18:01) Raink & Rez0's AI tweets
(00:28:46) Giftcard hacking & Portswigger top 10 voting
(00:34:23) Cross Origin Web Headers
120 episodes
ShareManage episode 462674806 series 3435922
Content provided by Justin Gardner (Rhynorater) & Joseph Thacker (Rez0), Justin Gardner (Rhynorater), and Joseph Thacker (Rez0). All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Justin Gardner (Rhynorater) & Joseph Thacker (Rez0), Justin Gardner (Rhynorater), and Joseph Thacker (Rez0) or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
Episode 107: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph are tackling the subject of cross-origin security headers. They also cover some news items including Google’s OAuth login flaw, RAINK, and gift card hacking.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to https://x.com/realytcracker for the awesome intro music!
====== Links ======
Follow your hosts on Twitter:
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today’s Sponsor - ThreatLocker. Check out their Managed Detection and Response! https://www.criticalthinkingpodcast.io/tl-mdr
====== Resources ======
A Proud Dad's Tale of Two Bug Hunting Daughters and Their Responsible Disclosures
Top 10 web hacking techniques of 2024
Cross-Origin-Opener-Policy: preventing attacks from popups
====== Timestamps ======
(00:00:00) Introduction
(00:05:13) Hacking with your kids
(00:09:46) H1/bc pentests
(00:12:23) Google’s OAuth login flaw
(00:18:01) Raink & Rez0's AI tweets
(00:28:46) Giftcard hacking & Portswigger top 10 voting
(00:34:23) Cross Origin Web Headers
120 episodes
All episodes
×
C
Critical Thinking - Bug Bounty Podcast
1 Episode 120: SpaceRaccoon - From Day Zero to Zero Day 1:36:57
1:36:57 
Play Later 
Play Later 
Lists 
Like 
Liked1:36:57
Play Later Play Later Lists Like LikedEpisode 120: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner welcomes Eugene to talk (aka fanboy) about his new book, 'From Day Zero to Zero Day.' We walk through what to expect in each chapter, including Binary Analysis, Source and Sink Discovery, and Fuzzing everything.Then we give listeners a special deal on the book. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater https://x.com/rez0__ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch ! Today’s Sponsor - ThreatLocker User Store https://www.criticalthinkingpodcast.io /tl-userstore Today’s guest: https://x.com/spaceraccoonsec ====== Resources ====== Buy SpaceRaccoon's Book: From Day Zero to Zero Day https://nostarch.com/zero-day USE CODE 'ZERODAYDEAL' for 30% OFF Pwning Millions of Smart Weighing Machines with API and Hardware Hacking https://spaceraccoon.dev/pwning-millions-smart-weighing-machines-api-hardware-hacking/ ====== Timestamps ====== (00:00:00) Introduction (00:04:58) From Day Zero to Zero Day (00:12:06) Mapping Code to Attack Surface (00:17:59) Day Zero and Taint Analysis (00:22:43) Automated Variant Analysis & Binary Taxonomy (00:31:35) Source and Sink Discovery (00:40:22) Hybrid Binary Analysis & Quick and Dirty Fuzzing (00:56:00) Coverage-Guided Fuzzing, Fuzzing Everything, & Beyond Day Zero (01:02:16) Bug bounty, Vuln research, & Governmental work (01:10:23) Source Code Review & Pwning Millions of Smart Weighing Machines…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 119: Abusing Iframes from a client-side hacker 33:54
33:54 Play Later Play Later Lists Like Liked33:54
Play Later Play Later Lists Like LikedEpisode 119: In this episode of Critical Thinking - Bug Bounty Podcast Justin does a mini deep dive into the world of iframes, starting with why they’re significant, their attributes, and how to attack them. CORRECTION: Some of my comments on the latest episode of the pod were woefully inaccurate about the `csp` attribute of an iframe. Def should have read the spec more thoroughly. Please see the #corrections channel in Discord for the deets. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater https://x.com/rez0__ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch ! ====== Resources ====== Episode with JR0ch17 ctbb.show/61 Exacerbating Cross-Site Scripting: The Iframe Sandwich https://coopergyoung.com/exacerbating-cross-site-scripting-the-iframe-sandwich/ ====== Timestamps ====== (00:00:00) Introduction (00:01:20) Why are Iframes useful (00:05:11) Attributes of Iframes (00:21:39) Iframe Attacks (00:29:53) Iframe Fun Facts…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 118: Hacking Happy Hour: 0days on Tap and SQLi Shots 58:29
58:29 Play Later Play Later Lists Like Liked58:29
Play Later Play Later Lists Like LikedEpisode 118: In this episode of Critical Thinking - Bug Bounty Podcast we cover a host of news, including clientside tidbits, “Credentialless” iframes, prototype pollution, and what constitutes a polyglot in llms.txt. Follow us on X Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow Rhynorater and Rez0 on X ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord ! You can also find some hacker swag ! ====== Resources ====== p4fg passed 1 Million! /reports/:id.json - $25K Crit Hacking Crypto pt1 The art of payload obfuscation Analyzing the Next.js Middleware Bypass Nahamsec's Merch store llms.txt polyglot prompt injection React Router and the Remix’ed path Pre-Authentication SQL Injection in Halo ITSM Pwning Millions of Smart Weighing Machines MCP Server Oauth Cline “Credentialless” iframes Tiny XSS Payloads Types of Pollution ====== Timestamps ====== (00:00:00) Introduction (00:05:56) Next.js Middleware bypass & Polyglots in llms.txt (00:16:35) CPDoS on React Router (00:24:26) Loose Types Sink Ships & Pwning Smart Scales (00:32:30) MCP Server Oauth & Cline (00:39:40) Clientside Tidbits & Prototype Pollutions…
C
Critical Thinking - Bug Bounty Podcast
1 Hacking AI Series: Vulnus ex Machina - Part 1 32:20
32:20 Play Later Play Later Lists Like Liked32:20
Play Later Play Later Lists Like LikedEpisode 117: In this episode of Critical Thinking - Bug Bounty Podcast Joseph introduces Vulus Ex Machina: A 3-part mini-series on hacking AI applications. In this part, he lays the groundwork and focuses on AI reconnaissance. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater https://x.com/rez0__ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch ! ====== Resources ====== Building Reliable Web Agents https://x.com/pk_iv/status/1904178892723941777 17 security checks from VIBE to PRODUCTION https://x.com/Kaamiiaar/status/1902342578185630000 How to Hack AI Agents and Applications https://josephthacker.com/hacking/2025/02/25/how-to-hack-ai-apps.html AI Crash Course Repo https://github.com/henrythe9th/ai-crash-course Deep Dive into LLMs like ChatGPT https://www.youtube.com/watch?v=7xTGNNLPyMI ====== Timestamps ====== (00:00:00) Introduction (00:01:54) AI News (00:08:09) How to Hack AI Agents and Applications (00:14:26) The Recon Process (00:25:06) Initial Probing & Steering…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 116: Auth Bypasses and Google VRP Writeups 26:48
26:48 Play Later Play Later Lists Like Liked26:48
Play Later Play Later Lists Like LikedEpisode 116: In this episode of Critical Thinking - Bug Bounty Podcast Justin gives a quick rundown of Portswigger’s SAML Roulette writeup, as well as some Google VRP reports, and a Next.js middleware exploit. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater https://x.com/rez0__ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch ! Today’s Sponsor: ThreatLocker Cloud Control - https://www.threatlocker.com/platform/cloud-control ====== Resources ====== SAML roulette: the hacker always wins https://portswigger.net/research/saml-roulette-the-hacker-always-wins Loophole of getting Google Form associated with Google Spreadsheet with no editor/owner access https://bughunters.google.com/reports/vrp/yBeFmSrJi Loophole to see the editors of a Google Document with no granted access(owner/editor) with just the fileid (can be obtained from publicly shared links with 0 access) https://bughunters.google.com/reports/vrp/7EhAw2hur Cloud Tools for Eclipse - Chaining misconfigured OAuth callback redirection with open redirect vulnerability to leak Google OAuth Tokens with full GCP Permissions https://bughunters.google.com/reports/vrp/F8GFYGv4g Next.js, cache, and chains: the stale elixir https://zhero-web-sec.github.io/research-and-things/nextjs-cache-and-chains-the-stale-elixir Next.js and the corrupt middleware: the authorizing artifact https://zhero-web-sec.github.io/research-and-things/nextjs-and-the-corrupt-middleware ====== Timestamps ====== (00:00:00) Introduction (00:02:59) SAML roulette (00:13:08) Google bugs (00:20:16) Next.js and the corrupt middleware…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 115: Mentee to Career Hacker - Mokusou (So Sakaguchi) 1:40:58
1:40:58 Play Later Play Later Lists Like Liked1:40:58
Play Later Play Later Lists Like LikedEpisode 115: In this episode of Critical Thinking - Bug Bounty Podcast Justin and So Sakaguchi sit down to walk through some recent bugs, before having a live mentorship session. They also talk about Reflector, and finish up by doing a bonus podcast segment in Japanese! Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to https://x.com/realytcracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater https://x.com/rez0__ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch ! Today’s Sponsor: ThreatLocker Cloud Control - https://www.threatlocker.com/platform/cloud-control Today’s Guest: https://x.com/Mokusou4 ====== Resources ====== So's last appearance in episode 40 ctbb.show/40 ====== Timestamps ====== (00:00:00) Introduction (00:04:11) So's Facebook Bug (00:14:37) So and Justin's Google Bug (00:33:39) Live Mentorship Session (00:56:29) Reflector (01:13:22) Bonus - Podcast in Japanese…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 114: Single Page Application Hacking Playbook 1:22:25
1:22:25 Play Later Play Later Lists Like Liked1:22:25
Play Later Play Later Lists Like LikedEpisode 114: In this episode of Critical Thinking - Bug Bounty Podcast we’re diving into SPA and how to attack them.We also cover a host of news items, including some bug write-ups, AI updates, and a new tool called Hackadvisor. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater https://x.com/rez0__ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch ! Today’s Sponsor: ThreatLocker Cloud Control ====== Resources ====== Hacking High-Profile Bug Bounty Targets: Deep Dive into a Client-Side Chain Research finds 12,000 ‘Live’ API Keys and Passwords in DeepSeek's Training Data Hackadvisor WP Extensions Notebook LM Pressing Buttons with Popups Response to @RenwaX23 Prompt Injection Attacks for Dummies Shadow Repeater parallel-prettier ====== Timestamps ====== (00:00:00) Introduction (00:02:15) Bug Write-up from @busf4ctor (00:09:44) Scanning Common Crawl (00:16:30) Hackadvisor and WP/Chrome Extension News (00:24:15) Notebook LM, and Recent AI Updates (00:31:58) Write-up from @J0R1AN and Related POC from @RenwaX23 (00:38:10) Prompt Injection Attacks for Dummies (00:42:29) ShadowRepeater (00:47:04) Single-page applications…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 113: Best Technical Takeaways from Portswigger Top 10 2024 1:29:19
1:29:19 Play Later Play Later Lists Like Liked1:29:19
Play Later Play Later Lists Like LikedEpisode 113: In this episode of Critical Thinking - Bug Bounty Podcast we’re breaking down the Portswigger Top 10 from 2024. There’s some bangers in here! Follow us on X at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on X: ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag ! ====== Resources ====== Hijacking OAUTH flows via Cookie Tossing ChatGPT Account Takeover - Wildcard Web Cache Deception OAuth Non-Happy Path to ATO CVE-2024-4367 - Arbitrary JavaScript execution in PDF.js DoubleClickjacking: A New Era of UI Redressing WorstFit: Unveiling Hidden Transformers in Windows ANSI SQL Injection Isn't Dead: Smuggling Queries at the Protocol Level Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server Middleware, middleware everywhere – and lots of misconfigurations to fix ====== Timestamps ====== (00:00:00) Introduction (00:09:56) Hijacking OAuth flows via Cookie Tossing (00:17:30) ChatGPT Account Takeover (00:25:28) OAuth Non-Happy Path to ATO (00:29:24) CVE-2024-4367 (00:37:37) DoubleClickjacking: (00:44:54) Exploring the DOMPurify library (00:48:01) WorstFit (00:56:29) Unveiling TE.0 HTTP Request Smuggling (01:06:40) SQL Injection Isn't Dead: Smuggling Queries at the Protocol Level (01:14:05) Confusion Attacks…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 112: Interview with Ciarán Cotter (MonkeHack) - Critical Lab Researcher and Full-time Hunter 1:07:37
1:07:37 Play Later Play Later Lists Like Liked1:07:37
Play Later Play Later Lists Like LikedEpisode 112: In this episode of Critical Thinking - Bug Bounty Podcast Joseph Thacker is joined by Ciarán Cotter (Monke) to share his bug hunting journey and give us the rundown on some recent client-side and server-side bugs. Then they discuss WebSockets, SaaS security, and cover some AI news including Grok 3, Nuclei -AI Flag, and some articles by Johann Rehberger. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater https://x.com/rez0__ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch ! Today’s Guest - Ciarán Cotter https://x.com/monkehack ====== Resources ====== Msty https://msty.app/ From Day Zero to Zero Day https://nostarch.com/zero-day Nuclei - ai flag https://x.com/pdiscoveryio/status/1890082913900982763 ChatGPT Operator: Prompt Injection Exploits & Defenses https://embracethered.com/blog/posts/2025/chatgpt-operator-prompt-injection-exploits/ Hacking Gemini's Memory with Prompt Injection and Delayed Tool Invocation https://embracethered.com/blog/posts/2025/gemini-memory-persistence-prompt-injection/ ====== Timestamps ====== (00:00:00) Introduction (00:01:04) Bug Rundowns (00:13:05) Monke's Bug Bounty Background (00:20:03) Websocket Research (00:34:01) Connecting Hackers with Companies (00:34:56) Grok 3, Msty, From Day Zero to Zero Day (00:42:58) Full time Bug Bounty, SaaS security, and Threat Modeling while AFK (00:54:49) Nuclei - ai flag, ChatGPT Operator, and Hacking Gemini's Memory…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 111: How to Bypass DOMPurify in Bug Bounty with Kevin Mizu 1:49:15
1:49:15 Play Later Play Later Lists Like Liked1:49:15
Play Later Play Later Lists Like LikedEpisode 111: In this episode of Critical Thinking - Bug Bounty Podcast Justin interviews Kevin Mizu to showcase his knowledge regarding DOMPurify and its misconfigurations. We walk through some of Kevin’s research, highlighting things like Dangerous allow-lists and URI Attributes, DOMPurify hooks, node manipulation, and DOM Clobbering. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater https://x.com/rez0__ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch ! ====== Resources ====== Exploring the DOMPurify library: Bypasses and Fixes (1/2) https://mizu.re/post/exploring-the-dompurify-library-bypasses-and-fixes Exploring the DOMPurify library: Hunting for Misconfigurations (2/2) https://mizu.re/post/exploring-the-dompurify-library-hunting-for-misconfigurations Dom-Explorer tool https://yeswehack.github.io/Dom-Explorer/shared?id=772a440c-b0c2-4991-be71-3e271cf7954f CT Episode 61: A Hacker on Wall Street - JR0ch17 https://www.criticalthinkingpodcast.io/episode-61-a-hacker-on-wall-street-jr0ch17/ ====== Timestamps ====== (00:00:00) Introduction (00:01:44) Kevin Mizu - Background and Bring-a-bug (00:15:09) DOMPurify (00:29:04) Misconfigurations - Dangerous allow-lists (00:39:09) Dangerous URI attributes configuration (00:46:08) Bad usage (00:59:55) DOMPurify Hooks: before, after, and upon SanitizeAttribute (01:29:15) Node manipulation, nodeName namespace case confusion, & DOM Clobbering DOS (01:36:51) Misc concepts for future research…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 110: Oauth Gadget Correlation and Common Attacks 49:41
49:41 Play Later Play Later Lists Like Liked49:41
Play Later Play Later Lists Like LikedEpisode 110: In this episode of Critical Thinking - Bug Bounty Podcast we hit some quick news items including a DOMPurify 3.2.3 Bypass, O3 mini updates, and a cool postLogger Chrome Extension. Then, we hone in on OAuth vulnerabilities, API keys, and innovative techniques hackers use to exploit these systems. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to https://x.com/realytcracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater https://x.com/rez0__ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch ! ====== Resources ====== DOMPurify 3.2.3 Bypass Jason Zhou's post about O3 mini Live Chat Blog #2: Cisco Webex Connect postLogger Chrome Extension postLogger Webstore Link Common OAuth Vulnerabilities nOAuth: How Microsoft OAuth Misconfiguration Can Lead to Full Account Takeover Account Takeover using SSO Logins Kai Greshake ====== Timestamps ====== (00:00:00) Introduction (00:01:44) DOMPurify 3.2.3 Bypass (00:06:37) O3 mini (00:10:29) Ophion Security: Cisco Webex Connect (00:15:54) Discord Community News (00:19:12) postLogger Chrome Extension (00:21:04) Common OAuth Vulnerabilities & Lessons learned from Google’s APIs…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 109: Creative Recon - Alternative Techniques 1:01:42
1:01:42 Play Later Play Later Lists Like Liked1:01:42
Play Later Play Later Lists Like LikedEpisode 109: In this episode of Critical Thinking - Bug Bounty Podcast we start off with a quick recap of some of the DeepSeek Drama that’s been going down, and discuss AI in CAPTCHA and 2FA as well. Then we switch to cover some other news before settling in to talk about Alternative Recon Techniques Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to https://x.com/realytcracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater https://x.com/rez0__ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch ! Today’s Sponsor - ThreatLocker. Check out their Managed Detection and Response! ====== Resources ====== Resources Wiz Research Uncovers Exposed DeepSeek Database Bypass Bot Detection Tweet from sw33tLie rsc 2fa Stealing HttpOnly cookies with the cookie sandwich technique Report Pointers for Collaborative Chains Clone2Leak: Your Git Credentials Belong To Us Deanonymization via cache GoogleChrome related-website-sets ====== Timestamps ====== (00:00:00) Introduction (00:02:03) DeepSeek debacle and Bypass Bot Detection (00:23:48) Stealing HttpOnly cookies with the cookie sandwich technique (00:30:54) Report Pointers for Collaborative Chains (00:34:43) Clone2Leak: Your Git Credentials Belong To Us (00:40:04) Deanonymization for Signal and Discord (00:41:53) Alternative Recon Techniques…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 108: How to Hack Salesforce, ServiceNow, and Other SaaS Products With Aaron Costello 1:31:08
1:31:08 Play Later Play Later Lists Like Liked1:31:08
Play Later Play Later Lists Like LikedEpisode 108: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph bring on Aaron Costello to discuss SaaS security and misconfigurations as a bug class. He also gives some in-depth examples from Salesforce, ServiceNow, and Power Pages. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to https://x.com/realytcracker for the awesome intro music! ====== Links ====== Follow your hosts on Twitter: https://x.com/Rhynorater https://x.com/rez0__ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch ! Today’s Sponsor: AppOmni. Get AppOmni's Definitive Guide to SaaS Security https://www.criticalthinkingpodcast.io/AppOmni Today’s Guest: https://x.com/ConspiracyProof ====== Resources ====== Aaron's Blog https://www.enumerated.ie/ Data Exposure and ServiceNow: The Elephant in the ITSM Room https://www.enumerated.ie/index/servicenow-data-exposure Salesforce Lightning - An in-depth look at exploitation vectors for the everyday community https://www.enumerated.ie/index/salesforce Lightning Components: A Treatise on Apex Security from an External Perspective https://go.appomni.com/hubfs/Collateral/AppOmni_Labs_White_Paper_Apex_Security.pdf?utm_campaign=Network%20Computing&utm_source=referral&utm_content=network_computing Microsoft Power Pages: Data Exposure Reviewed https://appomni.com/ao-labs/microsoft-power-pages-data-exposure-reviewed/ ====== Timestamps ====== (00:00:00) Introduction (00:03:00) Aaron Costello, Arbitrary File Upload, & App Cache Manifest Poison bug (00:13:37) SAAS Misconfigurations as a bug class (00:43:27) SalesForce Misconfigurations (01:11:30) Microsoft Power Pages…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 107: Bypassing Cross-Origin Browser Headers 1:06:17
1:06:17 Play Later Play Later Lists Like Liked1:06:17
Play Later Play Later Lists Like LikedEpisode 107: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph are tackling the subject of cross-origin security headers. They also cover some news items including Google’s OAuth login flaw, RAINK, and gift card hacking. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to https://x.com/realytcracker for the awesome intro music! ====== Links ====== Follow your hosts on Twitter: https://x.com/Rhynorater https://x.com/rez0__ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch ! Today’s Sponsor - ThreatLocker. Check out their Managed Detection and Response! https://www.criticalthinkingpodcast.io/tl-mdr ====== Resources ====== A Proud Dad's Tale of Two Bug Hunting Daughters and Their Responsible Disclosures Google’s OAuth login flaw Rez0's Ai tweet Rez0's Follow-up Raink from BishopFox Gift cards security research Top 10 web hacking techniques of 2024 Cross-Origin-Opener-Policy: preventing attacks from popups ====== Timestamps ====== (00:00:00) Introduction (00:05:13) Hacking with your kids (00:09:46) H1/bc pentests (00:12:23) Google’s OAuth login flaw (00:18:01) Raink & Rez0's AI tweets (00:28:46) Giftcard hacking & Portswigger top 10 voting (00:34:23) Cross Origin Web Headers…
C
Critical Thinking - Bug Bounty Podcast
Episode 106: In this episode of Critical Thinking - Bug Bounty Podcast we are pleased to announce our new co-host of the podcast: Joseph Thacker Aka Rez0! We discuss Joseph's transition to full-time bug bounty hunting, his goals, and what he’s looking forward to bringing to the pod. We also cover some news items including doubleclickjacking, character set attacks, SVG XSS, and more. Follow us on twitter at: @ctbbpodcast Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Rez0 on twitter: https://x.com/Rhynorater https://x.com/rez0__ ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Check out our new SWAG store at https://ctbb.show/swag ! Resources DoubleClickjacking: A New Era of UI Redressing https://www.paulosyibelo.com/2024/12/doubleclickjacking-what.html XBOW Validation Benchmarks https://github.com/xbow-engineering/validation-benchmarks Jorian tweet https://x.com/J0R1AN/status/1871586792455163975 Simplified Payload https://portswigger-labs.net/xss/charset.php?x=%1b$B%1b(B%3Ca%20href=javas%1B(Jcript:alert(1)%3Etest%3C/a%3E&charset= SVG XSS Payload https://x.com/garethheyes/status/1876953751245783534 curl-cffi https://pypi.org/project/curl-cffi/ Bypassing File Upload Restrictions To Exploit CSPT https://blog.doyensec.com/2025/01/09/cspt-file-upload.html AI-Crash-Course https://github.com/henrythe9th/AI-Crash-Course?tab=readme-ov-file Timestamps (00:00:00) Introduction (00:02:15) Rez0's journey to Full-time hunter, Tool developer, and new Co-host (00:21:04) DoubleClickjacking (00:31:48) XBOW Validation Benchmarks, Charset Thoughts, and SVG XSS (00:42:28) curl-cffi, CSPT, and AI Crash Course…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 105: Best Critical Thinking Moments from 2024 2:17:47
2:17:47 Play Later Play Later Lists Like Liked2:17:47
Play Later Play Later Lists Like LikedEpisode 105: In this episode of Critical Thinking - Bug Bounty Podcast we're back with another Best-of episode recapping some of our top moments of 2024. Follow us on twitter at: @ctbbpodcast Ssend us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Rez0 on twitter: https://x.com/Rhynorater https://x.com/rez0__ ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Check out our new SWAG store at https://ctbb.show/swag ! Today’s Sponsor - ThreatLocker. Check out their Elevation Control! https://www.criticalthinkingpodcast.io/tl-ec Resources Episode 53 ctbb.show/53 Episode 59 ctbb.show/59 Episode 65 ctbb.show/65 Episode 69 ctbb.show/69 Episode 80 ctbb.show/80 Episode 81 ctbb.show/81 Episode 86 ctbb.show/86 Episode 87 ctbb.show/87 Episode 91 ctbb.show/91 Episode 93 ctbb.show/93 Episode 99 ctbb.show/99 Timestamps (00:00:00) Introduction (00:03:59) Episode 53 (00:17:12) Episode 59 (00:32:45) Episode 65 (00:48:08) Episode 69 (01:02:37) Episode 80 (01:18:09) Episode 81 (01:28:59) Episode 86 (01:41:04) Episode 87 (01:54:48) Episode 91 (02:01:48) Episode 93 (02:09:37) Episode 99…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 104: 2024 Hacker Stats & 2025 Goals 29:00
29:00 Play Later Play Later Lists Like Liked29:00
Play Later Play Later Lists Like LikedEpisode 104: In this episode of Critical Thinking - Bug Bounty Podcast Justin reflects upon the past year and walks through some of the bug bounty goals he had for 2024, and how he feels like he did. Then he sets some goals for 2025, as well as some exciting CT news for the coming year. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Rez0 on X: https://x.com/rhynorater https://x.com/rez0__ ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Check out our new SWAG store at https://ctbb.show/swag ! Resources CTBB Full Time Guild ctbb.show/ft Critical Research Lab ctbb.show/crl CT Episode 51 - 2024 Goals https://www.criticalthinkingpodcast.io/episode-51-hacker-stats-2023-2024-goals/ Personal BB inventory and goals https://ctbb.show/blog Timestamps (00:00:00) introduction (00:00:57) Critical Thinking 2025 Announcements (00:04:21) Personal Inventory of 2024 (00:24:05) Goals for 2025…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 103: Getting ANSI about Unicode Normalization 1:00:30
1:00:30 Play Later Play Later Lists Like Liked1:00:30
Play Later Play Later Lists Like LikedEpisode 103: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph delve into the vulnerabilities associated with ANSI codes and large language models (LLMs), as well as talk through some new research and the value of micro-blogging in general. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord ! We offer Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Check out our new SWAG store ! Join our Shift waitlist ! Today’s Sponsor - ThreatLocker. Check out their Elevation Control! https://www.criticalthinkingpodcast.io/tl-ec Resources _json Juggling Attack Cross-Site POST Requests Without a Content-Type Header Worst Fit Orange Tsai on Worst Fit Handling Cookies is a Minefield Terminal DiLLMa XS-Leaking flags with CSS: A CTFd 0day Hacking Back the AI-Hacker Johann Computer use demo How I Became The Most Valuable Hacker Timestamps (00:00:00) Introduction (00:01:39) _json Juggling Attack and Cross-Site POST Requests Without a Content-Type Header (00:10:55) Worst Fit and Unicode Mapping (00:20:08) Handling Cookies is a Minefield (00:28:11) Terminal DiLLMa & CTFd 0day (00:41:18) Hacking Back the AI-Hacker (00:47:30) Becoming Most Valuable Hacker…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 102: Building Web Hacking Micro Agents with Jason Haddix 1:02:49
1:02:49 Play Later Play Later Lists Like Liked1:02:49
Play Later Play Later Lists Like LikedEpisode 102: In this episode of Critical Thinking - Bug Bounty Podcast Justin grabs Jason Haddix to help brainstorm the concept of AI micro-agents in hacking, particularly in terms of web fuzzing, WAF bypasses, report writing, and more.They discuss the importance of contextual knowledge, the cost implications, and the strengths of different LLM Models. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Check out our new SWAG store at https://ctbb.show/swag ! Today’s Guest - https://x.com/Jhaddix Resources Keynote: Red, Blue, and Purple AI - Jason Haddix https://www.youtube.com/watch?v=XHeTn7uWVQM Attention in transformers, https://www.youtube.com/watch?v=eMlx5fFNoYc Shift https://shiftwaitlist.com/ The Darkest Side of Bug Bounty https://www.youtube.com/watch?v=6SNy0u6pYOc Timestamps (00:00:00) Introduction (00:01:25) Micro-agents and Weird Machine Tricks (00:11:05) Web fuzzing with AI (00:18:15) Brainstorming Shift and micro-agents (00:34:40) Strengths of different AI Models, and using AI to write reports (00:54:21) The Darkest Side of Bug Bounty…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 101: CTBB Hijacked: Rez0__ on AI Attack Vectors with Johann Rehberger 51:24
51:24 Play Later Play Later Lists Like Liked51:24
Play Later Play Later Lists Like LikedEpisode 101: In this episode of Critical Thinking - Bug Bounty Podcast we’ve been hijacked! Rez0 takes control of this episode, and sits down with Johann Rehberger to discuss the intricacies of AI application vulnerabilities. They talk through the importance of understanding system prompts, and various obfuscation techniques used to bypass security measures, the best AI platforms, and the evolving landscape of AI security. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s Sponsor - ThreatLocker. Check out their Elevation Control! https://www.criticalthinkingpodcast.io/tl-ec Today’s Guest: https://x.com/wunderwuzzi23 Resources Johann's blog https://embracethered.com/blog/ zombais https://embracethered.com/blog/posts/2024/claude-computer-use-c2-the-zombais-are-coming/ Copirate https://embracethered.com/blog/posts/2024/m365-copilot-prompt-injection-tool-invocation-and-data-exfil-using-ascii-smuggling/ Timestamps (00:00:00) Introduction (00:01:59) Biggest things to look for in AI hacking (00:11:58) Best AI companies to hack on (00:15:59) URL Redirects and Obfuscation Techniques (00:24:05) Copirate (00:35:50) prompt injection guardrails and threats…
C
Critical Thinking - Bug Bounty Podcast
1 Ep 100 - 8 Fav Bugs of 2024, Farewell Joel, Hello Shift - Cursor of Hacking 1:41:40
1:41:40 Play Later Play Later Lists Like Liked1:41:40
Play Later Play Later Lists Like LikedEpisode 100: In this episode of Critical Thinking - Bug Bounty Podcast we have a mixed bag. We celebrate 100 episodes of Critical Thinking, but also bid farewell to Joel, who will be leaving the show as a co-host, but returning as guest. Then we hear from a bunch of friends about their 'best bug of the year', before capping the episode with the announcement of a new AI tool we've been working on! Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Resources Delorean https://github.com/jselvi/Delorean Shift shiftwaitlist.com Timestamps (00:00:00) Introduction (00:07:32) Nagli (00:19:09) Shubs (00:35:00) Matt Brown (00:39:42) Matanber (00:57:52) Douglas Day (01:05:18) Alex Chapman (01:15:02) Nahamsec (01:25:45) Rez0 (01:28:20) Shift Announcement…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 99: Back to the Basics - Web Fundamental to 100k a Year in Bug Bounty 1:42:54
1:42:54 Play Later Play Later Lists Like Liked1:42:54
Play Later Play Later Lists Like LikedEpisode 99: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Roni dissect an old thread of Justin's talking about how best to start bug bounty with the goal of making $100k in the first year. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s Sponsor - AssetNote: Check out their ASMR board (no not that kind!) https://assetnote.io/asmr Today’s Guest - https://x.com/0xLupin Resources Justin's Twitter Thread https://x.com/Rhynorater/status/1699395452481769867 Timestamps (00:00:00) Introduction (00:03:00) Web Fundamentals Education (00:46:01) Threat Modeling and Hacking Goals (01:18:58) Vuln Types and finding Specialization…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 98: Team 82 Sharon Brizinov - The Live Hacking Polymath 1:43:57
1:43:57 Play Later Play Later Lists Like Liked1:43:57
Play Later Play Later Lists Like LikedEpisode 98: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner sits down with Sharon,to discuss his journey from early iOS development to leading a research team at Claroty. They address the differences between HackerOne and Pwn2Own, and talk through some intricacies of IoT security, and some less common IoT attack surfaces. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s Sponsor - ThreatLocker: Check out Network Control! https://www.criticalthinkingpodcast.io/tl-nc And AssetNote: Check out their ASMR board (no not that kind!) https://assetnote.io/asmr Today’s Guest: https://sharonbrizinov.com/ Resources The Claroty Research Team https://claroty.com/team82 Pwntools https://github.com/Gallopsled/pwntools Scan My SMS http://scanmysms.com Gotta Catch 'Em All: Phishing, Smishing, and the birth of ScanMySMS https://www.youtube.com/watch?v=EhNsXXbDp3U Timestamps (00:00:00) Introduction (00:03:31) Sharon's Origin Story (00:21:58) Transition to Bug Bounty and Pwn2Own vs HackerOne (00:47:05) IoT/ICS Hacking Methodology (01:10:13) Cloud to Device Communication (01:18:15) Bug replication and uncommon attack surfaces (01:30:58) Documentation tracker, reCaptcha bypass, and ScanMySMS…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 97: Bcrypt Hash Input Truncation & Mobile Device Threat Modeling 53:05
53:05 Play Later Play Later Lists Like Liked53:05
Play Later Play Later Lists Like LikedEpisode 97: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel jump into some cool news items, including a recent Okta Bcrypt vulnerability, insights into crypto bugs, and some intricacies of Android and Chrome security. They also explore the latest research from Portswigger on payload concealment techniques, and the introduction of the Lightyear tool for PHP exploits. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s Sponsor - ThreatLocker: Check out Network Control! https://www.criticalthinkingpodcast.io/tl-nc And AssetNote: Check out their ASMR board (no not that kind!) https://assetnote.io/asmr Resources Okta bcrypt Android Web Attack Surface Writeups Concealing payloads in URL credentials Dumping PHP files with Lightyear Limit maximum number of filter chains Dom-Explorer tool launched MultiHTMLParse JSON Crack Caido/Burp notes plugin Timestamps (00:00:00) Introduction (00:02:43) Okta Release and bcrypt (00:10:26) Android Web Attack Surface Writeups (00:20:21) More Portswigger Research (00:28:29) Lightyear and PHP filter chains (00:35:09) Dom-Explorer (00:45:24) The JSON Debate (00:49:59) Notes plugin for Burp and Caido…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 96: Cookies & Caching with MatanBer 49:09
49:09 Play Later Play Later Lists Like Liked49:09
Play Later Play Later Lists Like LikedEpisode 96: In this episode of Critical Thinking - Bug Bounty Podcast we’re back with Matanber to hit some stuff we ran out of time on last episode. We talk about advanced cookie parsing techniques and exploitation methods, Safari's unique behaviors regarding cookie handling and debugging methods, and some of the writeups from the HeroCTF v6. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s Guest: https://x.com/MtnBer Resources: Cookie Bugs - Smuggling & Injection https://blog.ankursundara.com/cookie-bugs/#:~:text=Cookie%20Smuggling iOS Webkit Debug Proxy https://github.com/google/ios-webkit-debug-proxy HeroCTF v6 Writeups https://mizu.re/post/heroctf-v6-writeups Timestamps (00:00:00) Introduction (00:01:29) Cookie exploits (00:21:32) Matan's Safari Adventure (00:29:49) HeroCTF 6 writeups…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 95: Attacking Chrome Extensions with MatanBer - Big Impact on the Client-Side 1:56:23
1:56:23 Play Later Play Later Lists Like Liked1:56:23
Play Later Play Later Lists Like LikedEpisode 95: In this episode of Critical Thinking - Bug Bounty Podcast In this episode, Justin is joined by MatanBer to delve into the intricacies of browser extensions. We talk about the structure and threat models, and cover things like service workers, extension pages, and isolated worlds. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s Sponsor - AssetNote. Listen to their podcast https://www.criticalthinkingpodcast.io/sspod Today’s Guest: https://x.com/MtnBer Resources Universal Code Execution by Chaining Messages in Browser Extensions https://spaceraccoon.dev/universal-code-execution-browser-extensions/ DOMLogger++ https://github.com/kevin-mizu/domloggerpp BBRE Metamask bug https://youtu.be/HnI0w156rtw?si=QixP8SX6JuRFz6PA Bench Press: Leaking Text Nodes with CSS https://blog.pspaul.de/posts/bench-press-leaking-text-nodes-with-css/ Timestamps: (00:00:00) Introduction (00:03:08) Structure & Threat Model for Browser Extension (00:28:28) Extension Attack scenarios (01:01:26) Attacking Extension Pages (01:26:35) Attacking Service Workers (01:46:23) Getting source code and dynamic debugging…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 94: Zendesk Fiasco & the CTBB Naughty List 49:29
49:29 Play Later Play Later Lists Like Liked49:29
Play Later Play Later Lists Like LikedEpisode 94: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel give their perspectives on the recent Zendesk fiasco and the ethical considerations surrounding it. They also highlight the launch of AuthzAI and some research from Ophion Security Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s Sponsor - AssetNote. Listen to their podcast https://www.criticalthinkingpodcast.io/sspod Resources: New music drop from our Boi YT https://x.com/realytcracker/status/1847599657569956099 AuthzAI https://authzai.com/ Ron Chan https://x.com/ngalongc Misconfigured User Auth Leads to Customer Messages https://www.ophionsecurity.com/post/live-chat-blog-1-misconfigured-user-auth-leads-to-customer-messages Zendesk Write-up https://gist.github.com/hackermondev/68ec8ed145fcee49d2f5e2b9d2cf2e52 Response from Zendesk https://gist.github.com/hackermondev/68ec8ed145fcee49d2f5e2b9d2cf2e52?permalink_comment_id=5232589#gistcomment-5232589 Timestamps (00:00:00) Introduction (00:05:29) AuthzAI and the return of Ron Chan (00:13:50) Ophion Security Research (00:18:12) Zendesk Drama…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 93: A Chat with Dr. Bouman - Life as a Hacker and a Doctor 1:41:29
1:41:29 Play Later Play Later Lists Like Liked1:41:29
Play Later Play Later Lists Like LikedEpisode 93: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Dr. Jonathan Bouman to discuss his unique journey as both a Hacker and a Healthcare Professional. We talk through how he balances his dual careers, some ethical considerations of hacking in the context of healthcare, and highlight some experiences he’s had with Amazon's bug bounty program. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Find the Hackernotes: https://blog.criticalthinkingpodcast.io/ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s Sponsor - ThreatLocker. Checkout their ThreatLocker Detect! https://www.criticalthinkingpodcast.io/tl-detect Today’s Guest - https://x.com/jonathanbouman?lang=en Resources Anyone can Access Deleted and Private Repository Data on GitHub Filesender Github Remote Code execution at ws1.aholdusa .com APK-MITM Hacking Dutch healthcare system Fitness Youtube Channels https://www.youtube.com/channel/UCpQ34afVgk8cRQBjSJ1xuJQ https://www.youtube.com/@BullyJuice Timestamps (00:00:00) Introduction (00:07:28) Medicine and Hacking (00:19:36) Hacking on Amazon (00:34:33) Collaboration and consistency (00:44:13) SSTI Methodology (01:06:10) iOS Hacking Methodology (01:13:23) Hacking Healthcare (01:32:19) Health tips for hacking…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 92 - SAML XPath Confusion, Chinese DNS Poisoning, and AI Powered 403 Bypasser 47:38
47:38 Play Later Play Later Lists Like Liked47:38
Play Later Play Later Lists Like LikedEpisode 92: In this episode of Critical Thinking - Bug Bounty Podcast In this episode Justin and Joel tackle a host of new research and write-ups, including Ruby SAML, 0-Click exploits in MediaTek Wi-Fi, and Vulnerabilities caused by The Great Firewall Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Find the Hackernotes: https://blog.criticalthinkingpodcast.io/ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s Sponsor - ThreatLocker. Checkout their ThreatLocker Detect! https://www.criticalthinkingpodcast.io/tl-detect Resources: Insecurity through Censorship Ruby-SAML / GitLab Authentication Bypass 0-Click exploit discovered in MediaTek Wi-Fi chipsets New Caido Plugin to Generate Wordlists Bebik’s 403 Bypassor CSPBypass Arb Read & Arb write on LLaMa.cpp by SideQuest XSS WAF Bypass One payload for all Timestamps (00:00:00) Introduction (00:02:08) Vulnerabilities Caused by The Great Firewall (00:07:25) Ruby SAML Bypass (00:19:55) 0-Click exploit discovered in MediaTek Wi-Fi chipsets (00:24:36) New Caido Wordlist Plugin (00:31:00) CSPBypass.com (00:35:37) Arb Read & Arb write on LLaMa.cpp by SideQuest (00:43:10) Helpful WAF Bypass…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 91: Zero to LHE in 9 Months (feat gr3pme) 1:22:50
1:22:50 Play Later Play Later Lists Like Liked1:22:50
Play Later Play Later Lists Like LikedEpisode 91: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner sits down with Critical Thinking’s own HackerNotes writer Brandyn Murtagh (gr3pme) to talk about his journey with Bug Bounty. We cover mentorship, networking and LHEs, ecosystem hacking, emotional regulation, and the need for self-care. Then we wrap up with some fun bugs. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Find the Hackernotes: https://blog.criticalthinkingpodcast.io/ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Shop our new swag store at ctbb.show/swag Today’s Sponsor: Project Discovery - tldfinder: https://www.criticalthinkingpodcast.io/tldfinder Today’s guest: https://x.com/gr3pme Resources: Lessons Learned for LHEs https://x.com/Rhynorater/status/1579499221954473984 Timestamps: (00:00:00) Introduction (00:07:02) Mentorship in Bug Bounty (00:16:30) LHE lessons, takeaways, and the benefit of feedback and networking (00:41:28) Choosing Targets (00:49:03) Vuln Classes (00:58:54) Bug Reports…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 90: 5k Clickjacking, Encryption Oracles, and Cursor for PoCs 51:42
51:42 Play Later Play Later Lists Like Liked51:42
Play Later Play Later Lists Like LikedEpisode 90: In this episode of Critical Thinking - Bug Bounty Podcast Joel and Justin recap some of their recent hacking ups and downs and have a lively chat about Cursor. Then they cover some some research about SQL Injections, Clickjacking in Google Docs, and how to steal your Telegram account in 10 seconds. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Find the Hackernotes: https://blog.criticalthinkingpodcast.io/ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Shop our new swag store at ctbb.show/swag Today’s Sponsor: Project Discovery - tldfinder: https://www.criticalthinkingpodcast.io/tldfinder Resources: Breaking Down Barriers: Exploiting Pre-Auth SQL Injection in WhatsUp Gold Content-Type that can be used for XSS Clickjacking Bug in Google Docs Justin's Gadget Link https://www.youtube.com/signin?next=https%3A%2F%2Faccounts.youtube.com%2Faccounts%2FSetSID%3Fcontinue%3Dhttps%3A%2F%2Fwww.google.com%252Famp%252fpoc.rhynorater.com Stealing your Telegram account in 10 seconds flat Timestamps (00:00:00) Introduction (00:08:28) Recent Hacks and Dupes (00:14:00) Cursor (00:25:02) Exploiting Pre-Auth SQL Injection in WhatsUp Gold (00:34:17) Content-Type that can be used for XSS (00:40:25) Caido updates (00:43:14) Clickjacking in Google Docs, and Stealing Telegram account…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 89: The Untapped Bug Bounty Landscape of IoT w/ Matt Brown 1:58:03
1:58:03 Play Later Play Later Lists Like Liked1:58:03
Play Later Play Later Lists Like LikedEpisode 89: In this episode of Critical Thinking - Bug Bounty Podcast We’re joined live by Matt Brown to talk about his journey with hacking in the IoT. We cover the specializations and challenges in hardware hacking, and Matt’s personal Methodology. Then we switch over to touch on BGA Reballing, Certificate Pinning and Validation, and some of his own bug stories. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Find the Hackernotes: https://blog.criticalthinkingpodcast.io/ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s Sponsor: Project Discovery - tldfinder: https://www.criticalthinkingpodcast.io/tldfinder Today’s Guess Matt Brown: https://x.com/nmatt0 Resources: Decrypting SSL to Chinese Cloud Servers https://www.youtube.com/watch?v=3qSxxNvuEtg mitmrouter https://github.com/nmatt0/mitmrouter certmitm Automatic Exploitation of TLS Certificate Validation Vulns https://www.youtube.com/watch?v=w_l2q_Gyqfo and https://media.defcon.org/DEF%20CON%2031/DEF%20CON%2031%20presentations/Aapo%20Oksman%20-%20certmitm%20automatic%20exploitation%20of%20TLS%20certificate%20validation%20vulnerabilities.pdf https://github.com/aapooksman/certmitm HackerOne Detailed Platform Standards https://docs.hackerone.com/en/articles/8369826-detailed-platform-standards Timestamps: (00:00:00) Introduction (00:13:33) Specialization and Challenges of IOT Hacking (00:33:03) Decrypting SSL to Chinese Cloud Servers (00:47:00) General IoT Hacking Methodology (01:26:00) Certificate Pinning and Certificate Validation (01:34:35) BGA Reballing (01:43:26) Bug Stories…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 88: News, Tools, and Writeups 1:06:08
1:06:08 Play Later Play Later Lists Like Liked1:06:08
Play Later Play Later Lists Like LikedEpisode 88: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel tackle a whole slate of new research including a new cheat sheet for URL validation bypass from Portswigger, the introduction of Sanic DNS as a high-speed DNS resolver, xsstools, and the Dockerization of Orange Confusion Attacks. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Find the Hackernotes: https://blog.criticalthinkingpodcast.io/ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Shop our new swag store at ctbb.show/swag Resources URL Validation Bypass cheat sheet SanicDNS Orange Confusion Attacks WordPress GiveWP POP to RCE Xsstools Bypassing browser tracking protection Advanced iframe Magic DOM Clobbering https://www.ruhrsec.de/downloads/slides/Everything-You-Wanted-to-Know-About-DOM-Clobbering-But-Were-Afraid-to-Ask-Soheil-Khodayari-RuhrSec.pdf And https://domclob.xyz/domc_payload_generator/ Timestamps: (00:00:00) Introduction (00:02:00) URL validation bypass (00:07:41) SanicDNS and Orange confusion attacks (00:20:06) WordPress GiveWP POP to RCE (00:31:29) Xsstools (00:43:56) Bypassing browser tracking protection (00:52:06) DOM Clobbering and mixing up your approach…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 87: 'Hacker Wife' Mariah Gardner on Bug Bounty mentality and relationships 1:26:41
1:26:41 Play Later Play Later Lists Like Liked1:26:41
Play Later Play Later Lists Like LikedEpisode 87: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with none other than his wife Mariah to talk about Bug Bounty from the perspective of a Significant Other. They share how they’ve traversed travel and Live Hacking Events, household chores, hobbies, goals, rewards, as well as how best to encourage and support the hacker/non-hacker in your life. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Find the Hackernotes: https://blog.criticalthinkingpodcast.io/ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Shop our new swag store at ctbb.show/swag Today’s Guest: https://x.com/MariahG017 Resources: Ruby Nealon's song https://x.com/_ruby/status/835306502546149376 Don't Force Yourself to Become a Bug Bounty Hunter https://samcurry.net/dont-force-yourself-to-become-a-bug-bounty-hunter Timestamps (00:00:00) Introduction (00:03:12) Technical Questions for a Bug Bounty Wife (00:16:11) Mariah's First LHE experience (00:31:12) LHEs as a Couple (00:41:57) Encouragement and Risk (00:55:55) Hacker Family Dynamics, goals, and keeping promises (01:17:35) How to care for your Hacker/Hacker Wife…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 86: The X-Correlation between Frans & RCE - Research Drop 42:09
42:09 Play Later Play Later Lists Like Liked42:09
Play Later Play Later Lists Like LikedEpisode 86: In this episode of Critical Thinking - Bug Bounty Podcast Frans blows Justin’s mind with a sneak peak of his new presentation. Note: This is a little different from our normal episode, and video is recommended. So head over to ctbb.show/yt if you feel like you’re missing something. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Find the Hackernotes: https://blog.criticalthinkingpodcast.io/ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Shop our new swag store at ctbb.show/swag Watch this Episode on Youtube - ctbb.show/yt Today’s Guest: Frans Rosen - https://x.com/fransrosen View the slides of this presentation at https://speakerdeck.com/fransrosen/x-correlation-injections-or-how-to-break-server-side-contexts Timestamps (00:00:00) Introduction (00:04:09) x-correlation injection (00:21:10) Server-side JSON-Injection (00:32:10) Fuzz Blindly and Optimizing Blind RCE…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 85: Practical Applications of DEFCON 32 Web Research 1:30:30
1:30:30 Play Later Play Later Lists Like Liked1:30:30
Play Later Play Later Lists Like LikedEpisode 85: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel talk through some of the research coming out of DEFCON, mainly from the PortSwigger team. Web timing attacks, cache exploitation, and exploits related to email protocols are all featured. Plus we also talk some fun Apache hacks from Orange Tsai Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Find the Hackernotes: https://blog.criticalthinkingpodcast.io/ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! Check out our new SWAG store at https://ctbb.show/swag ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s Sponsor - ThreatLocker Resources Listen to the whispers https://portswigger.net/research/listen-to-the-whispers-web-timing-attacks-that-actually-work Splitting the email atom https://portswigger.net/research/splitting-the-email-atom Gotta cache 'em all https://portswigger.net/research/gotta-cache-em-all HTTP Garden https://github.com/narfindustries/http-garden Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server! https://blog.orange.tw/2024/08/confusion-attacks-en.html#%E2%9C%94%EF%B8%8F-2-2-2-Local-Gadget-to-XSS Trusted API Types https://developer.mozilla.org/en-US/docs/Web/API/Trusted_Types_API Untrusted Types https://github.com/filedescriptor/untrusted-types Timestamps: (00:00:00) Introduction (00:09:45) 'Listen to the whispers' (00:30:03) 'Splitting the email atom' (00:58:42) 'Gotta cache 'em all' (01:21:03) 'Confusion Attacks'…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 84: 0xLupin & Takeaways from Google's Las Vegas BugSwat 27:15
27:15 Play Later Play Later Lists Like Liked27:15
Play Later Play Later Lists Like LikedEpisode 84: In this episode of Critical Thinking - Bug Bounty Podcast, Justin is joined by Roni Carta (@0xLupin) to discuss their MVH win at the recent Google LHE, and share some technical observations they had with the target and the event. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Find the Hackernotes: https://blog.criticalthinkingpodcast.io/ Follow your hosts Rhynorater & Teknogeek on twitter: ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s Guest: https://x.com/0xLupin Today’s Sponsor - ThreatLocker Timestamps: (00:00:00) Introduction (00:02:12) MHV Debrief (00:09:05) Sandboxes and Comfort Zones (00:13:24) SDKs and Legal Compliance (00:19:29) Age of Target and Platform-Exclusive Hunters…
C
Critical Thinking - Bug Bounty Podcast
Episode 83: In this episode of Critical Thinking - Bug Bounty Podcast Joel and Justin are brainstorming new features and improvements for Caido, such as the implementation of a 403 bypassing workflow, a text expander, Tracing Cookies, and more. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s Sponsor - ThreatLocker Resources: Post from Gareth Heyes https://x.com/garethheyes/status/1811084674988474417 Wiki List of XML and HTML https://en.wikipedia.org/wiki/List_of_XML_and_HTML_character_entity_references#List_of_character_entity_references_in_HTML HackerOne Leaderboard Changes https://x.com/scarybeasts/status/1810813103354892666 Espanso https://espanso.org/ Critical Thinkers Discord ctbb.show/criticalthinkers Oauth Scan https://portswigger.net/bappstore/8ef2db1173e8432c8797831c2e730727 Timestamps: (00:00:00) Introduction (00:03:12) News (00:13:20) Into the Brainstorm (00:13:41) 403 Bypasser (00:20:34) "Expaido" (00:31:34) Trace Cookies (00:42:01) Highlight Decoding Expansion and AI integrations (00:49:08) OAuth Testing, API Highlighter, and Note-taking…
C
Critical Thinking - Bug Bounty Podcast
Episode 82: In this episode of Critical Thinking - Bug Bounty Podcast Joel Margolis discusses strategies and tips for part-time bug bounty hunting. He covers things like finding (and enforcing) balance, picking programs and goals, and streamlining your process to optimize productivity. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s Sponsor - ThreatLocker Resources: Evernote RCE Post https://0reg.dev/blog/evernote-rce ServiceNow Bug Chain https://www.assetnote.io/resources/research/chaining-three-bugs-to-access-all-your-servicenow-data Douglas Day's Talk on finding 'no's' https://youtu.be/G1RHa7l1Ys4?si=TY16ULsEIfJ9CMKk Timestamps: (00:01:37) Introduction (00:02:24) Evernote RCE Post (00:06:47) AssetNote ServiceNow Bug Chain (00:12:16) Part-Time Bug Bounty: Balance and Accountability (00:18:04) Picking programs: Impact and Payout (00:28:46) Streamline your process…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 81: Crushing Client-Side on Any Scope with MatanBer 2:04:48
2:04:48 Play Later Play Later Lists Like Liked2:04:48
Play Later Play Later Lists Like LikedEpisode 81: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by MatanBer to go over some recent bug reports, as well as share some tips and tricks on client-side hacking and using DevTools effectively. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s Sponsor - ThreatLocker Today’s Guest: https://x.com/MtnBer Resources: Beyond XSS https://aszx87410.github.io/beyond-xss/en/ Web VSCode XSS https://gitlab.com/gitlab-org/gitlab/-/issues/461328 Timestamps (00:00:00) Introduction (00:05:24) Learning and Labs (00:17:29) DevTools tips and tricks (00:49:49) General Client-Side hacking tips (01:09:59) Self-XSS Storytime (01:32:16) Bug Reports (01:46:37) Brainstorming a Client-side HUD…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 80: Pwn2Own VS H1 Live Hacking Event (feat SinSinology) 2:49:26
2:49:26 Play Later Play Later Lists Like Liked2:49:26
Play Later Play Later Lists Like LikedEpisode 80: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by Sina Kheirkhah to talk about the start of his hacking journey and explore the differences between the Pwn2Own and HackerOne Events Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s Sponsor - ThreatLocker Today’s Guest: https://x.com/SinSinology Blog: https://sinsinology.medium.com/ Resources: WhatsUp Gold Pre-Auth RCE Advanced .NET Exploitation Training dnSpyEx QEMU Unicorn Engine Qiling libAFL Alex Plaskett interview TippingPoint Flashback Team Timestamps: (00:00:00) Introduction (00:12:45) Learning, Mentorship, and Failure (00:29:34) Pentesting and Pwn2Own (00:40:05) Hacking methodology (01:01:57) Debuggers and shells in IoT Devices (01:35:40) Differences between ZDI and HackerOne (02:02:27) Pwn2Own Steps and Stories (02:14:06) Master of Pwn Title (02:29:54) Bug reports…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 79: The State of CSS Injection - Leaking Text Nodes & HTML Attributes 1:10:25
1:10:25 Play Later Play Later Lists Like Liked1:10:25
Play Later Play Later Lists Like LikedEpisode 79: In this episode of Critical Thinking - Bug Bounty Podcast we deepdive CSS injection, and explore topics like sequential import chaining, font ligatures, and attribute exfiltration. Follow us on twitter at: @ctbbpodcast Send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Resources: SpaceRaccoon's Universal Code Execution Extensions Escalating Client Side Path Traversal Full-time Bug Bounty Blueprint Sequential Import Chaining CSS Exfiltation Link that Justin was talking about Font Ligatures Lava Dome bypass Stealing Data in Great Style Steal Script Contents Masato Kinugawa's tweet Attacking with Just CSS CSS Injection Primitives Timestamps: (00:00:00) Introduction (00:02:32) Universal Code Execution (00:11:32) Escalating Client Side Path Traversal (00:16:56) Justin's Defcon talk & Bug Bounty Blueprint (00:23:32) CSS Injection (00:39:23) Font Ligatures (00:54:30) Descent Override and display:block…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 78: Less Writing, More Hacking - Reporting Efficiency Techniques 1:06:25
1:06:25 Play Later Play Later Lists Like Liked1:06:25
Play Later Play Later Lists Like LikedEpisode 78: In this episode of Critical Thinking - Bug Bounty Podcast we’re talking about writing reports. We share some tips that we’ve learned, and discuss ways that AI can (and can’t) help with that process. We also talk about the benefit of using tools like Fabric, Loom, and ShareX. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s Sponsor - ThreatLocker Resources: XSS WAF Bypass by multi-char HTML entities Shazzer Next.js and cache poisoning Nagli's Nuclei Template hey why can't you fix this one bug Justin's reporting templating software Fabric BB Report Formatter 2to3 Automated Python Converter ShareX Skitch Timestamps: (00:00:00) Introduction (00:04:00) XSS WAF Bypass by Multi-char HTML Entities (00:11:59) Next.js and Cache Poisoning (00:18:03) Nagli's Nuclei Template and Sean Yeoh's Blog (00:27:34) Report Writing and AI (00:50:02) Reporting tips…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 77: Bug Bounty Mental - Practical Tips for Staying Sharp & Motivated 1:50:26
1:50:26 Play Later Play Later Lists Like Liked1:50:26
Play Later Play Later Lists Like LikedEpisode 77: In this episode of Critical Thinking - Bug Bounty Podcast Joel and Justin discuss some fresh writeups including some MongoDB injections, ORMs, and exploits in Kakao and iOS before pivoting into a conversation about staying motivated and avoiding burnout while hunting. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Resources: MongoDB NoSQL Injection https://soroush.me/blog/2024/06/mongodb-nosql-injection-with-aggregation-pipelines/ Mongo DB Is Web Scale https://www.youtube.com/watch?v=b2F-DItXtZs 1-click Exploit in Kakao https://stulle123.github.io/posts/kakaotalk-account-takeover/ Unsecure time-based secret and Sandwich Attack https://www.aeth.cc/public/Article-Reset-Tolkien/secret-time-based-article-en.html Reset Tolkien https://github.com/AethliosIK/reset-tolkien iOS URL Scheme Hijacking Revamped https://evanconnelly.github.io/post/ios-oauth/ PLORMBING YOUR DJANGO ORM https://www.elttam.com/blog/plormbing-your-django-orm/#content Timestamps: (00:00:00) Introduction (00:02:07) MongoDB NoSQL Injection (00:12:42) 1-click Exploit in Kakao (00:33:21) Time-based secrets and Reset Tolkien (00:39:26) iOS URL Scheme Hijacking Revamped (00:51:42) ORMs (00:58:57) Community Bug Submission (01:07:45) Motivation, Mental Sharpness, and Burnout avoidance…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 76: Match & Replace - HTTP Proxies' Most Underrated Feature 1:34:43
1:34:43 Play Later Play Later Lists Like Liked1:34:43
Play Later Play Later Lists Like LikedEpisode 76: In this episode of Critical Thinking - Bug Bounty Podcast we’re talking about Match and Replace and the often overlooked use cases for it, like bypassing paywalls, modifying host headers, and storing payloads. We also talk about the HackerOne Ambassador World Cup and the issues with dupe submissions, and go through some write-ups. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today's Sponsor - Project Discovery: https://nux.gg/podcast Resources Zoom Session Takeover https://nokline.github.io/bugbounty/2024/06/07/Zoom-ATO.html SharePoint XXE https://x.com/thezdi/status/1796207012520366552 Shazzer https://shazzer.co.uk/ Timestamps: (00:00:00) Introduction (00:05:06) H1 Ambassador World Cup (00:13:57) Zoom ATO bug (00:33:28) SharePoint XXE (00:39:36) Shazzer (00:46:36) Match and Replace (01:13:01) Match and Replace in Mobile (01:21:13) Header Replacements…
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.
Daily Deals
Similar to Critical Thinking - Bug Bounty Podcast
BBC Radio 5 live’s award winning gaming podcast, discussing the world of video games and games culture.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
T
There’s a Better Way: Smart Talk on Healthcare and Technology
1
There’s a Better Way: Smart Talk on Healthcare and Technology
Surescripts
12k30
The American healthcare system is one of the most innovative in the world. But it’s also riddled with complex challenges, such as access to affordable medications, inefficiency and administrative burdens, and communication barriers between providers. There’s clearly a better way—and at Surescripts, we have a unique sightline into what that may be. In this series, host Melanie Marcus, Chief Marketing Officer of Surescripts, sits down with today’s most inspiring and innovative leaders in healt ...
…
continue reading
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
T
The Talk Show With John Gruber
1
The Talk Show With John Gruber
Daring Fireball / John Gruber
2k341
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
We help founders make something people want.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
