BBC Radio 5 live’s award winning gaming podcast, discussing the world of video games and games culture.
…
continue reading
Content provided by Justin Gardner (Rhynorater) & Joseph Thacker (Rez0), Justin Gardner (Rhynorater), and Joseph Thacker (Rez0). All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Justin Gardner (Rhynorater) & Joseph Thacker (Rez0), Justin Gardner (Rhynorater), and Joseph Thacker (Rez0) or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
Similar to Critical Thinking - Bug Bounty Podcast
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Redefining AI is the 2024 New York Digital Award winning tech podcast! Discover a whole new take on Artificial Intelligence in joining host Lauren Hawker Zafer, a top voice in Artificial Intelligence on LinkedIn, for insightful chats that unravel the fascinating world of tech innovation, use case exploration and AI knowledge. Dive into candid discussions with accomplished industry experts and established academics. With each episode, you'll expand your grasp of cutting-edge technologies and ...
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
))
Episode 76: Match & Replace - HTTP Proxies' Most Underrated Feature
Manage episode 424559731 series 3435922
Content provided by Justin Gardner (Rhynorater) & Joseph Thacker (Rez0), Justin Gardner (Rhynorater), and Joseph Thacker (Rez0). All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Justin Gardner (Rhynorater) & Joseph Thacker (Rez0), Justin Gardner (Rhynorater), and Joseph Thacker (Rez0) or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
Episode 76: In this episode of Critical Thinking - Bug Bounty Podcast we’re talking about Match and Replace and the often overlooked use cases for it, like bypassing paywalls, modifying host headers, and storing payloads. We also talk about the HackerOne Ambassador World Cup and the issues with dupe submissions, and go through some write-ups.
Follow us on twitter at: @ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
------ Ways to Support CTBBPodcast ------
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Today's Sponsor - Project Discovery: https://nux.gg/podcast
Resources
Zoom Session Takeover
https://nokline.github.io/bugbounty/2024/06/07/Zoom-ATO.html
SharePoint XXE
https://x.com/thezdi/status/1796207012520366552
Shazzer
Timestamps:
(00:00:00) Introduction
(00:05:06) H1 Ambassador World Cup
(00:13:57) Zoom ATO bug
(00:33:28) SharePoint XXE
(00:39:36) Shazzer
(00:46:36) Match and Replace
(01:13:01) Match and Replace in Mobile
(01:21:13) Header Replacements
120 episodes
Share
Manage episode 424559731 series 3435922
Content provided by Justin Gardner (Rhynorater) & Joseph Thacker (Rez0), Justin Gardner (Rhynorater), and Joseph Thacker (Rez0). All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Justin Gardner (Rhynorater) & Joseph Thacker (Rez0), Justin Gardner (Rhynorater), and Joseph Thacker (Rez0) or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
Episode 76: In this episode of Critical Thinking - Bug Bounty Podcast we’re talking about Match and Replace and the often overlooked use cases for it, like bypassing paywalls, modifying host headers, and storing payloads. We also talk about the HackerOne Ambassador World Cup and the issues with dupe submissions, and go through some write-ups.
Follow us on twitter at: @ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
------ Ways to Support CTBBPodcast ------
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Today's Sponsor - Project Discovery: https://nux.gg/podcast
Resources
Zoom Session Takeover
https://nokline.github.io/bugbounty/2024/06/07/Zoom-ATO.html
SharePoint XXE
https://x.com/thezdi/status/1796207012520366552
Shazzer
Timestamps:
(00:00:00) Introduction
(00:05:06) H1 Ambassador World Cup
(00:13:57) Zoom ATO bug
(00:33:28) SharePoint XXE
(00:39:36) Shazzer
(00:46:36) Match and Replace
(01:13:01) Match and Replace in Mobile
(01:21:13) Header Replacements
120 episodes
All episodes
×
C
Critical Thinking - Bug Bounty Podcast
1 Episode 120: SpaceRaccoon - From Day Zero to Zero Day 1:36:57
1:36:57 
Play Later 
Play Later 
Lists 
Like 
Liked1:36:57
Play Later Play Later Lists Like LikedEpisode 120: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner welcomes Eugene to talk (aka fanboy) about his new book, 'From Day Zero to Zero Day.' We walk through what to expect in each chapter, including Binary Analysis, Source and Sink Discovery, and Fuzzing everything.Then we give listeners a special deal on the book. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater https://x.com/rez0__ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch ! Today’s Sponsor - ThreatLocker User Store https://www.criticalthinkingpodcast.io /tl-userstore Today’s guest: https://x.com/spaceraccoonsec ====== Resources ====== Buy SpaceRaccoon's Book: From Day Zero to Zero Day https://nostarch.com/zero-day USE CODE 'ZERODAYDEAL' for 30% OFF Pwning Millions of Smart Weighing Machines with API and Hardware Hacking https://spaceraccoon.dev/pwning-millions-smart-weighing-machines-api-hardware-hacking/ ====== Timestamps ====== (00:00:00) Introduction (00:04:58) From Day Zero to Zero Day (00:12:06) Mapping Code to Attack Surface (00:17:59) Day Zero and Taint Analysis (00:22:43) Automated Variant Analysis & Binary Taxonomy (00:31:35) Source and Sink Discovery (00:40:22) Hybrid Binary Analysis & Quick and Dirty Fuzzing (00:56:00) Coverage-Guided Fuzzing, Fuzzing Everything, & Beyond Day Zero (01:02:16) Bug bounty, Vuln research, & Governmental work (01:10:23) Source Code Review & Pwning Millions of Smart Weighing Machines…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 119: Abusing Iframes from a client-side hacker 33:54
33:54 Play Later Play Later Lists Like Liked33:54
Play Later Play Later Lists Like LikedEpisode 119: In this episode of Critical Thinking - Bug Bounty Podcast Justin does a mini deep dive into the world of iframes, starting with why they’re significant, their attributes, and how to attack them. CORRECTION: Some of my comments on the latest episode of the pod were woefully inaccurate about the `csp` attribute of an iframe. Def should have read the spec more thoroughly. Please see the #corrections channel in Discord for the deets. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater https://x.com/rez0__ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch ! ====== Resources ====== Episode with JR0ch17 ctbb.show/61 Exacerbating Cross-Site Scripting: The Iframe Sandwich https://coopergyoung.com/exacerbating-cross-site-scripting-the-iframe-sandwich/ ====== Timestamps ====== (00:00:00) Introduction (00:01:20) Why are Iframes useful (00:05:11) Attributes of Iframes (00:21:39) Iframe Attacks (00:29:53) Iframe Fun Facts…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 118: Hacking Happy Hour: 0days on Tap and SQLi Shots 58:29
58:29 Play Later Play Later Lists Like Liked58:29
Play Later Play Later Lists Like LikedEpisode 118: In this episode of Critical Thinking - Bug Bounty Podcast we cover a host of news, including clientside tidbits, “Credentialless” iframes, prototype pollution, and what constitutes a polyglot in llms.txt. Follow us on X Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow Rhynorater and Rez0 on X ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord ! You can also find some hacker swag ! ====== Resources ====== p4fg passed 1 Million! /reports/:id.json - $25K Crit Hacking Crypto pt1 The art of payload obfuscation Analyzing the Next.js Middleware Bypass Nahamsec's Merch store llms.txt polyglot prompt injection React Router and the Remix’ed path Pre-Authentication SQL Injection in Halo ITSM Pwning Millions of Smart Weighing Machines MCP Server Oauth Cline “Credentialless” iframes Tiny XSS Payloads Types of Pollution ====== Timestamps ====== (00:00:00) Introduction (00:05:56) Next.js Middleware bypass & Polyglots in llms.txt (00:16:35) CPDoS on React Router (00:24:26) Loose Types Sink Ships & Pwning Smart Scales (00:32:30) MCP Server Oauth & Cline (00:39:40) Clientside Tidbits & Prototype Pollutions…
C
Critical Thinking - Bug Bounty Podcast
1 Hacking AI Series: Vulnus ex Machina - Part 1 32:20
32:20 Play Later Play Later Lists Like Liked32:20
Play Later Play Later Lists Like LikedEpisode 117: In this episode of Critical Thinking - Bug Bounty Podcast Joseph introduces Vulus Ex Machina: A 3-part mini-series on hacking AI applications. In this part, he lays the groundwork and focuses on AI reconnaissance. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater https://x.com/rez0__ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch ! ====== Resources ====== Building Reliable Web Agents https://x.com/pk_iv/status/1904178892723941777 17 security checks from VIBE to PRODUCTION https://x.com/Kaamiiaar/status/1902342578185630000 How to Hack AI Agents and Applications https://josephthacker.com/hacking/2025/02/25/how-to-hack-ai-apps.html AI Crash Course Repo https://github.com/henrythe9th/ai-crash-course Deep Dive into LLMs like ChatGPT https://www.youtube.com/watch?v=7xTGNNLPyMI ====== Timestamps ====== (00:00:00) Introduction (00:01:54) AI News (00:08:09) How to Hack AI Agents and Applications (00:14:26) The Recon Process (00:25:06) Initial Probing & Steering…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 116: Auth Bypasses and Google VRP Writeups 26:48
26:48 Play Later Play Later Lists Like Liked26:48
Play Later Play Later Lists Like LikedEpisode 116: In this episode of Critical Thinking - Bug Bounty Podcast Justin gives a quick rundown of Portswigger’s SAML Roulette writeup, as well as some Google VRP reports, and a Next.js middleware exploit. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater https://x.com/rez0__ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch ! Today’s Sponsor: ThreatLocker Cloud Control - https://www.threatlocker.com/platform/cloud-control ====== Resources ====== SAML roulette: the hacker always wins https://portswigger.net/research/saml-roulette-the-hacker-always-wins Loophole of getting Google Form associated with Google Spreadsheet with no editor/owner access https://bughunters.google.com/reports/vrp/yBeFmSrJi Loophole to see the editors of a Google Document with no granted access(owner/editor) with just the fileid (can be obtained from publicly shared links with 0 access) https://bughunters.google.com/reports/vrp/7EhAw2hur Cloud Tools for Eclipse - Chaining misconfigured OAuth callback redirection with open redirect vulnerability to leak Google OAuth Tokens with full GCP Permissions https://bughunters.google.com/reports/vrp/F8GFYGv4g Next.js, cache, and chains: the stale elixir https://zhero-web-sec.github.io/research-and-things/nextjs-cache-and-chains-the-stale-elixir Next.js and the corrupt middleware: the authorizing artifact https://zhero-web-sec.github.io/research-and-things/nextjs-and-the-corrupt-middleware ====== Timestamps ====== (00:00:00) Introduction (00:02:59) SAML roulette (00:13:08) Google bugs (00:20:16) Next.js and the corrupt middleware…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 115: Mentee to Career Hacker - Mokusou (So Sakaguchi) 1:40:58
1:40:58 Play Later Play Later Lists Like Liked1:40:58
Play Later Play Later Lists Like LikedEpisode 115: In this episode of Critical Thinking - Bug Bounty Podcast Justin and So Sakaguchi sit down to walk through some recent bugs, before having a live mentorship session. They also talk about Reflector, and finish up by doing a bonus podcast segment in Japanese! Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to https://x.com/realytcracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater https://x.com/rez0__ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch ! Today’s Sponsor: ThreatLocker Cloud Control - https://www.threatlocker.com/platform/cloud-control Today’s Guest: https://x.com/Mokusou4 ====== Resources ====== So's last appearance in episode 40 ctbb.show/40 ====== Timestamps ====== (00:00:00) Introduction (00:04:11) So's Facebook Bug (00:14:37) So and Justin's Google Bug (00:33:39) Live Mentorship Session (00:56:29) Reflector (01:13:22) Bonus - Podcast in Japanese…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 114: Single Page Application Hacking Playbook 1:22:25
1:22:25 Play Later Play Later Lists Like Liked1:22:25
Play Later Play Later Lists Like LikedEpisode 114: In this episode of Critical Thinking - Bug Bounty Podcast we’re diving into SPA and how to attack them.We also cover a host of news items, including some bug write-ups, AI updates, and a new tool called Hackadvisor. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater https://x.com/rez0__ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch ! Today’s Sponsor: ThreatLocker Cloud Control ====== Resources ====== Hacking High-Profile Bug Bounty Targets: Deep Dive into a Client-Side Chain Research finds 12,000 ‘Live’ API Keys and Passwords in DeepSeek's Training Data Hackadvisor WP Extensions Notebook LM Pressing Buttons with Popups Response to @RenwaX23 Prompt Injection Attacks for Dummies Shadow Repeater parallel-prettier ====== Timestamps ====== (00:00:00) Introduction (00:02:15) Bug Write-up from @busf4ctor (00:09:44) Scanning Common Crawl (00:16:30) Hackadvisor and WP/Chrome Extension News (00:24:15) Notebook LM, and Recent AI Updates (00:31:58) Write-up from @J0R1AN and Related POC from @RenwaX23 (00:38:10) Prompt Injection Attacks for Dummies (00:42:29) ShadowRepeater (00:47:04) Single-page applications…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 113: Best Technical Takeaways from Portswigger Top 10 2024 1:29:19
1:29:19 Play Later Play Later Lists Like Liked1:29:19
Play Later Play Later Lists Like LikedEpisode 113: In this episode of Critical Thinking - Bug Bounty Podcast we’re breaking down the Portswigger Top 10 from 2024. There’s some bangers in here! Follow us on X at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on X: ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag ! ====== Resources ====== Hijacking OAUTH flows via Cookie Tossing ChatGPT Account Takeover - Wildcard Web Cache Deception OAuth Non-Happy Path to ATO CVE-2024-4367 - Arbitrary JavaScript execution in PDF.js DoubleClickjacking: A New Era of UI Redressing WorstFit: Unveiling Hidden Transformers in Windows ANSI SQL Injection Isn't Dead: Smuggling Queries at the Protocol Level Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server Middleware, middleware everywhere – and lots of misconfigurations to fix ====== Timestamps ====== (00:00:00) Introduction (00:09:56) Hijacking OAuth flows via Cookie Tossing (00:17:30) ChatGPT Account Takeover (00:25:28) OAuth Non-Happy Path to ATO (00:29:24) CVE-2024-4367 (00:37:37) DoubleClickjacking: (00:44:54) Exploring the DOMPurify library (00:48:01) WorstFit (00:56:29) Unveiling TE.0 HTTP Request Smuggling (01:06:40) SQL Injection Isn't Dead: Smuggling Queries at the Protocol Level (01:14:05) Confusion Attacks…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 112: Interview with Ciarán Cotter (MonkeHack) - Critical Lab Researcher and Full-time Hunter 1:07:37
1:07:37 Play Later Play Later Lists Like Liked1:07:37
Play Later Play Later Lists Like LikedEpisode 112: In this episode of Critical Thinking - Bug Bounty Podcast Joseph Thacker is joined by Ciarán Cotter (Monke) to share his bug hunting journey and give us the rundown on some recent client-side and server-side bugs. Then they discuss WebSockets, SaaS security, and cover some AI news including Grok 3, Nuclei -AI Flag, and some articles by Johann Rehberger. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater https://x.com/rez0__ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch ! Today’s Guest - Ciarán Cotter https://x.com/monkehack ====== Resources ====== Msty https://msty.app/ From Day Zero to Zero Day https://nostarch.com/zero-day Nuclei - ai flag https://x.com/pdiscoveryio/status/1890082913900982763 ChatGPT Operator: Prompt Injection Exploits & Defenses https://embracethered.com/blog/posts/2025/chatgpt-operator-prompt-injection-exploits/ Hacking Gemini's Memory with Prompt Injection and Delayed Tool Invocation https://embracethered.com/blog/posts/2025/gemini-memory-persistence-prompt-injection/ ====== Timestamps ====== (00:00:00) Introduction (00:01:04) Bug Rundowns (00:13:05) Monke's Bug Bounty Background (00:20:03) Websocket Research (00:34:01) Connecting Hackers with Companies (00:34:56) Grok 3, Msty, From Day Zero to Zero Day (00:42:58) Full time Bug Bounty, SaaS security, and Threat Modeling while AFK (00:54:49) Nuclei - ai flag, ChatGPT Operator, and Hacking Gemini's Memory…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 111: How to Bypass DOMPurify in Bug Bounty with Kevin Mizu 1:49:15
1:49:15 Play Later Play Later Lists Like Liked1:49:15
Play Later Play Later Lists Like LikedEpisode 111: In this episode of Critical Thinking - Bug Bounty Podcast Justin interviews Kevin Mizu to showcase his knowledge regarding DOMPurify and its misconfigurations. We walk through some of Kevin’s research, highlighting things like Dangerous allow-lists and URI Attributes, DOMPurify hooks, node manipulation, and DOM Clobbering. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater https://x.com/rez0__ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch ! ====== Resources ====== Exploring the DOMPurify library: Bypasses and Fixes (1/2) https://mizu.re/post/exploring-the-dompurify-library-bypasses-and-fixes Exploring the DOMPurify library: Hunting for Misconfigurations (2/2) https://mizu.re/post/exploring-the-dompurify-library-hunting-for-misconfigurations Dom-Explorer tool https://yeswehack.github.io/Dom-Explorer/shared?id=772a440c-b0c2-4991-be71-3e271cf7954f CT Episode 61: A Hacker on Wall Street - JR0ch17 https://www.criticalthinkingpodcast.io/episode-61-a-hacker-on-wall-street-jr0ch17/ ====== Timestamps ====== (00:00:00) Introduction (00:01:44) Kevin Mizu - Background and Bring-a-bug (00:15:09) DOMPurify (00:29:04) Misconfigurations - Dangerous allow-lists (00:39:09) Dangerous URI attributes configuration (00:46:08) Bad usage (00:59:55) DOMPurify Hooks: before, after, and upon SanitizeAttribute (01:29:15) Node manipulation, nodeName namespace case confusion, & DOM Clobbering DOS (01:36:51) Misc concepts for future research…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 110: Oauth Gadget Correlation and Common Attacks 49:41
49:41 Play Later Play Later Lists Like Liked49:41
Play Later Play Later Lists Like LikedEpisode 110: In this episode of Critical Thinking - Bug Bounty Podcast we hit some quick news items including a DOMPurify 3.2.3 Bypass, O3 mini updates, and a cool postLogger Chrome Extension. Then, we hone in on OAuth vulnerabilities, API keys, and innovative techniques hackers use to exploit these systems. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to https://x.com/realytcracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater https://x.com/rez0__ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch ! ====== Resources ====== DOMPurify 3.2.3 Bypass Jason Zhou's post about O3 mini Live Chat Blog #2: Cisco Webex Connect postLogger Chrome Extension postLogger Webstore Link Common OAuth Vulnerabilities nOAuth: How Microsoft OAuth Misconfiguration Can Lead to Full Account Takeover Account Takeover using SSO Logins Kai Greshake ====== Timestamps ====== (00:00:00) Introduction (00:01:44) DOMPurify 3.2.3 Bypass (00:06:37) O3 mini (00:10:29) Ophion Security: Cisco Webex Connect (00:15:54) Discord Community News (00:19:12) postLogger Chrome Extension (00:21:04) Common OAuth Vulnerabilities & Lessons learned from Google’s APIs…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 109: Creative Recon - Alternative Techniques 1:01:42
1:01:42 Play Later Play Later Lists Like Liked1:01:42
Play Later Play Later Lists Like LikedEpisode 109: In this episode of Critical Thinking - Bug Bounty Podcast we start off with a quick recap of some of the DeepSeek Drama that’s been going down, and discuss AI in CAPTCHA and 2FA as well. Then we switch to cover some other news before settling in to talk about Alternative Recon Techniques Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to https://x.com/realytcracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater https://x.com/rez0__ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch ! Today’s Sponsor - ThreatLocker. Check out their Managed Detection and Response! ====== Resources ====== Resources Wiz Research Uncovers Exposed DeepSeek Database Bypass Bot Detection Tweet from sw33tLie rsc 2fa Stealing HttpOnly cookies with the cookie sandwich technique Report Pointers for Collaborative Chains Clone2Leak: Your Git Credentials Belong To Us Deanonymization via cache GoogleChrome related-website-sets ====== Timestamps ====== (00:00:00) Introduction (00:02:03) DeepSeek debacle and Bypass Bot Detection (00:23:48) Stealing HttpOnly cookies with the cookie sandwich technique (00:30:54) Report Pointers for Collaborative Chains (00:34:43) Clone2Leak: Your Git Credentials Belong To Us (00:40:04) Deanonymization for Signal and Discord (00:41:53) Alternative Recon Techniques…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 108: How to Hack Salesforce, ServiceNow, and Other SaaS Products With Aaron Costello 1:31:08
1:31:08 Play Later Play Later Lists Like Liked1:31:08
Play Later Play Later Lists Like LikedEpisode 108: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph bring on Aaron Costello to discuss SaaS security and misconfigurations as a bug class. He also gives some in-depth examples from Salesforce, ServiceNow, and Power Pages. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to https://x.com/realytcracker for the awesome intro music! ====== Links ====== Follow your hosts on Twitter: https://x.com/Rhynorater https://x.com/rez0__ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch ! Today’s Sponsor: AppOmni. Get AppOmni's Definitive Guide to SaaS Security https://www.criticalthinkingpodcast.io/AppOmni Today’s Guest: https://x.com/ConspiracyProof ====== Resources ====== Aaron's Blog https://www.enumerated.ie/ Data Exposure and ServiceNow: The Elephant in the ITSM Room https://www.enumerated.ie/index/servicenow-data-exposure Salesforce Lightning - An in-depth look at exploitation vectors for the everyday community https://www.enumerated.ie/index/salesforce Lightning Components: A Treatise on Apex Security from an External Perspective https://go.appomni.com/hubfs/Collateral/AppOmni_Labs_White_Paper_Apex_Security.pdf?utm_campaign=Network%20Computing&utm_source=referral&utm_content=network_computing Microsoft Power Pages: Data Exposure Reviewed https://appomni.com/ao-labs/microsoft-power-pages-data-exposure-reviewed/ ====== Timestamps ====== (00:00:00) Introduction (00:03:00) Aaron Costello, Arbitrary File Upload, & App Cache Manifest Poison bug (00:13:37) SAAS Misconfigurations as a bug class (00:43:27) SalesForce Misconfigurations (01:11:30) Microsoft Power Pages…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 107: Bypassing Cross-Origin Browser Headers 1:06:17
1:06:17 Play Later Play Later Lists Like Liked1:06:17
Play Later Play Later Lists Like LikedEpisode 107: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph are tackling the subject of cross-origin security headers. They also cover some news items including Google’s OAuth login flaw, RAINK, and gift card hacking. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to https://x.com/realytcracker for the awesome intro music! ====== Links ====== Follow your hosts on Twitter: https://x.com/Rhynorater https://x.com/rez0__ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch ! Today’s Sponsor - ThreatLocker. Check out their Managed Detection and Response! https://www.criticalthinkingpodcast.io/tl-mdr ====== Resources ====== A Proud Dad's Tale of Two Bug Hunting Daughters and Their Responsible Disclosures Google’s OAuth login flaw Rez0's Ai tweet Rez0's Follow-up Raink from BishopFox Gift cards security research Top 10 web hacking techniques of 2024 Cross-Origin-Opener-Policy: preventing attacks from popups ====== Timestamps ====== (00:00:00) Introduction (00:05:13) Hacking with your kids (00:09:46) H1/bc pentests (00:12:23) Google’s OAuth login flaw (00:18:01) Raink & Rez0's AI tweets (00:28:46) Giftcard hacking & Portswigger top 10 voting (00:34:23) Cross Origin Web Headers…
C
Critical Thinking - Bug Bounty Podcast
Episode 106: In this episode of Critical Thinking - Bug Bounty Podcast we are pleased to announce our new co-host of the podcast: Joseph Thacker Aka Rez0! We discuss Joseph's transition to full-time bug bounty hunting, his goals, and what he’s looking forward to bringing to the pod. We also cover some news items including doubleclickjacking, character set attacks, SVG XSS, and more. Follow us on twitter at: @ctbbpodcast Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Rez0 on twitter: https://x.com/Rhynorater https://x.com/rez0__ ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Check out our new SWAG store at https://ctbb.show/swag ! Resources DoubleClickjacking: A New Era of UI Redressing https://www.paulosyibelo.com/2024/12/doubleclickjacking-what.html XBOW Validation Benchmarks https://github.com/xbow-engineering/validation-benchmarks Jorian tweet https://x.com/J0R1AN/status/1871586792455163975 Simplified Payload https://portswigger-labs.net/xss/charset.php?x=%1b$B%1b(B%3Ca%20href=javas%1B(Jcript:alert(1)%3Etest%3C/a%3E&charset= SVG XSS Payload https://x.com/garethheyes/status/1876953751245783534 curl-cffi https://pypi.org/project/curl-cffi/ Bypassing File Upload Restrictions To Exploit CSPT https://blog.doyensec.com/2025/01/09/cspt-file-upload.html AI-Crash-Course https://github.com/henrythe9th/AI-Crash-Course?tab=readme-ov-file Timestamps (00:00:00) Introduction (00:02:15) Rez0's journey to Full-time hunter, Tool developer, and new Co-host (00:21:04) DoubleClickjacking (00:31:48) XBOW Validation Benchmarks, Charset Thoughts, and SVG XSS (00:42:28) curl-cffi, CSPT, and AI Crash Course…
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.
Daily Deals
Similar to Critical Thinking - Bug Bounty Podcast
BBC Radio 5 live’s award winning gaming podcast, discussing the world of video games and games culture.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Redefining AI is the 2024 New York Digital Award winning tech podcast! Discover a whole new take on Artificial Intelligence in joining host Lauren Hawker Zafer, a top voice in Artificial Intelligence on LinkedIn, for insightful chats that unravel the fascinating world of tech innovation, use case exploration and AI knowledge. Dive into candid discussions with accomplished industry experts and established academics. With each episode, you'll expand your grasp of cutting-edge technologies and ...
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
