Podcasts about YTCracker

  • 29PODCASTS
  • 164EPISODES
  • 1h 17mAVG DURATION
  • 1WEEKLY EPISODE
  • Jun 19, 2025LATEST
YTCracker

POPULARITY

20172018201920202021202220232024


Best podcasts about YTCracker

Latest podcast episodes about YTCracker

Critical Thinking - Bug Bounty Podcast
Episode 127: Drama, PDF as JS Chaos, Bounty Profile Apps, And More

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later Jun 19, 2025 67:25


Episode 127: In this episode of Critical Thinking - Bug Bounty Podcast we address some recent bug bounty controversy before jumping into a slew of news itemsFollow us on XShoutout to YTCracker for the awesome intro music!Today's Sponsor: Adobe====== This Week In Bug Bounty ======Hackers Guide to Google dorkingYesWeCaidoNew Dojo ChallengeSmart Contract BB tipsRed Team AAS====== Resources ======DisclosedPDF csp bypassBypassing File Upload Restrictions To Exploit Client-Side Path TraversalOBS WebSocket to RCETime in a bottle (or knapsack)How to Differentiate Yourself as a Bug Bounty HunterDisclosed. Onlinehacked-in‘EchoLeak'Piloting Edge CopilotNewtownerTips for agent promptingFirefox XSS vectorsTweet from Masato KinugawaChrome debug() function

Critical Thinking - Bug Bounty Podcast
Episode 126: Hacking AI Series: Vulnus ex Machina - Part 3

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later Jun 12, 2025 38:32


Episode 126: In this episode of Critical Thinking - Bug Bounty Podcast we wrap up Rez0's AI miniseries ‘Vulnus Ex Machina'. Part 3 includes a showcase of AI Vulns that Rez0 himself has found, and how much they paid out.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor - ThreatLocker Web Controlhttps://www.criticalthinkingpodcast.io/tl-webcontrol====== Resources ======Claude Code System PromptAttacking AI AgentsProbability of HacksNew Gemini for Workspace Vulnerability Enabling Phishing & Content ManipulationHow to Hack AI Agents and Applications====== Timestamps ======(00:00:00) Introduction(00:02:53) NahamCon Recap, Claude news, and wunderwuzzi writeups (00:08:57) Probability of Hacks(00:11:27) First AI Vulnerabilities(00:18:57) AI Vulns on Google (00:25:11) Invisible prompt Injection

Critical Thinking - Bug Bounty Podcast
Episode 125: How to Win Live Hacking Events

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later Jun 5, 2025 47:04


Episode 125: In this episode of Critical Thinking - Bug Bounty Podcast Justin shares insights on how to succeed at live hacking events. We cover pre-event preparations, challenges of collaboration, on-site strategies, and the importance of maintaining a healthy mindset throughout the entire process.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!====== This Week in Bug Bounty ======Decathlon Public Bug Bounty Program on YesWeHack====== Resources ======The Ultimate Double-Clickjacking PoCGrafana Full read SSRF and Account Takeover: CVE-2025-4123Grafana CVE-2025-4123 ExploitWhat I learned from my first 100 HackerOne ReportsRoot for your friends====== Timestamps ======(00:00:00) Introduction(00:02:30) The Ultimate Double-Clickjacking PoC, Grafana CVE, & Evan Connelly's first 100 bugs(00:10:23) How to win at Live Hacking Events(00:11:53) Pre-event(00:11:45) Scope Call(00:33:11) Dupe window Ends(00:36:00) Onsite & and Day of Event(00:42:46) Don't define your identity on the outcome

Critical Thinking - Bug Bounty Podcast
Episode 124: Bug Bounty Lifestyle = Less Hacking Time?

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later May 29, 2025 45:26


Episode 124: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph cover some news from around the community, hitting on Joseph's Anthropic safety testing, Justin's guest appearance on For Crying Out Cloud, and several fascinating tweets. Then they have a quick Full-time Bug Bounty check-in.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor - ThreatLocker Web Controlhttps://www.criticalthinkingpodcast.io/tl-webcontrol====== This Week in Bug Bounty ======Louis Vuitton Public Bug Bounty ProgramCVE-2025-47934 was discovered on one of our Bug Bounty program : OpenPGP.jsStored XSS in File Upload Leads to Privilege Escalation and Full Workspace Takeover====== Resources ======Jorian tweetClipjacking: Hacked by copying text - Clickjacking but betterCrying out Cloud AppearanceWiz Research takes 1st place in Pwn2Own AI categoryNew XSS vector with image tag====== Timestamps ======(00:00:00) Introduction(00:10:50) Supabase(00:13:47) Tweet-research from Jorian and Wyatt Walls.(00:20:24) Anthropic safety testing challenge & Wiz Podcast guest appearance(00:27:44) New XSS vector, Google i/o, and coding agents(00:35:48) Full Time Bug Bounty

Critical Thinking - Bug Bounty Podcast
Episode 123: Hacking AI Series: Vulnus ex Machina - Part 2

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later May 22, 2025 44:12


Episode 123: In this episode of Critical Thinking - Bug Bounty Podcast we're back with part 2 of Rez0's miniseries. Today we talk about mastering Prompt Injection, taxonomy of impact, and both triggering traditional Vulns and exploiting AI-specific features.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter:https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor - ThreatLocker User Storehttps://www.criticalthinkingpodcast.io/tl-userstore====== This Week in Bug Bounty ======Earning a HackerOne 2025 Live Hacking Invitehttps://www.hackerone.com/blog/earning-hackerone-2025-live-hacking-inviteHTTP header hacks: basic and advanced exploit techniques exploredhttps://www.yeswehack.com/learn-bug-bounty/http-header-exploitation====== Resources ======Grep.apphttps://vercel.com/blog/migrating-grep-from-create-react-app-to-next-jsGemini 2.5 Pro prompt leakhttps://x.com/elder_plinius/status/1913734789544214841Pliny's CL4R1T4Shttps://github.com/elder-plinius/CL4R1T4SO3https://x.com/pdstat/status/1913701997141803329====== Timestamps ======(00:00:00) Introduction(00:05:25) Grep.app, O3, and Gemini 2.5 Pro prompt leak(00:11:09) Delivery and impactful action(00:20:44) Mastering Prompt Injection(00:30:36) Traditional vulns in Tool Calls, and AI Apps(00:37:32) Exploiting AI specific features

Critical Thinking - Bug Bounty Podcast
Episode 122: We Won Google's AI Hacking Event in Tokyo - Main Takeaways

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later May 15, 2025 105:30


Episode 122: In this episode of Critical Thinking - Bug Bounty Podcast your boys are MVH winners! First we're joined by Zak, to discuss the Google LHE as well as surprising us with a bug of his own! Then, we sit down with Lupin and Monke for a winners roundtable and retrospective of the event.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter:https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Check out the CTBB Job Board: https://jobs.ctbb.show/Today's Guests:Zak Bennett : https://www.linkedin.com/in/zak-bennett/Ciarán Cotter: https://x.com/monkehackRoni Carta: https://x.com/0xLupin====== Resources ======We hacked Google's A.I Gemini and leaked its source codehttps://www.landh.tech/blog/20250327-we-hacked-gemini-source-code====== Timestamps ======(00:00:00) Introduction(00:03:02) An RCE via memory corruption(00:07:45) Zak's role at Google and Google's AI LHE(00:15:25) Different Components of AI Vulnerabilities(00:24:58) MHV Winner Debrief(01:08:47) Technical Takeaways And Team Strategies(01:28:49) LHE Experience and Google VRP & Abuse VRP

Critical Thinking - Bug Bounty Podcast
Episode 121: Slonser's Image Injection 0-day -> ATO & New Caido Collab Plugin

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later May 8, 2025 57:27


Episode 121: In this episode of Critical Thinking - Bug Bounty Podcast we cover so much news and research that we ran out of room in the description...Follow us on XShoutout to YTCracker for the awesome intro music!====== Links ======Follow Rhynorater and Rez0 on X:====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord!We also have hacker swag!====== This Week in Bug Bounty ======Hacker spotlight: RhynoraterUltra Mobile BB Program - Mobile AppsUltra Mobile BB Program - (Public)John Deere ProgramJD's's BB Program Boosts CybersecurityDojo #41 - Ruby treasure====== Resources ======slonser 0-day in chromeCT Additional useful primitivesHow I made $64k from deleted filesCTBB episode with Sharon BrizinovRez0's Subdomain Link LauncherQwen3 Local ModelMay Cause Pwnageimport WAF bypassCaido DropAndre's tweet about encoded wordNahamconGemini prompt leakSVG Onload Handlers

Critical Thinking - Bug Bounty Podcast
Episode 120: SpaceRaccoon - From Day Zero to Zero Day

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later May 1, 2025 96:57


Episode 120: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner welcomes Eugene to talk (aka fanboy) about his new book, 'From Day Zero to Zero Day.' We walk through what to expect in each chapter, including Binary Analysis, Source and Sink Discovery, and Fuzzing everything.Then we give listeners a special deal on the book.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter:https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor - ThreatLocker User Storehttps://www.criticalthinkingpodcast.io/tl-userstoreToday's guest: https://x.com/spaceraccoonsec====== Resources ======Buy SpaceRaccoon's Book: From Day Zero to Zero Dayhttps://nostarch.com/zero-dayUSE CODE 'ZERODAYDEAL' for 30% OFFPwning Millions of Smart Weighing Machines with API and Hardware Hackinghttps://spaceraccoon.dev/pwning-millions-smart-weighing-machines-api-hardware-hacking/====== Timestamps ======(00:00:00) Introduction(00:04:58) From Day Zero to Zero Day(00:12:06) Mapping Code to Attack Surface(00:17:59) Day Zero and Taint Analysis(00:22:43) Automated Variant Analysis & Binary Taxonomy(00:31:35) Source and Sink Discovery(00:40:22) Hybrid Binary Analysis & Quick and Dirty Fuzzing(00:56:00) Coverage-Guided Fuzzing, Fuzzing Everything, & Beyond Day Zero(01:02:16) Bug bounty, Vuln research, & Governmental work(01:10:23) Source Code Review & Pwning Millions of Smart Weighing Machines

Critical Thinking - Bug Bounty Podcast
Episode 119: Abusing Iframes from a client-side hacker

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later Apr 17, 2025 33:54


Episode 119: In this episode of Critical Thinking - Bug Bounty Podcast Justin does a mini deep dive into the world of iframes, starting with why they're significant, their attributes, and how to attack them.CORRECTION: Some of my comments on the latest episode of the pod were woefully inaccurate about the `csp` attribute of an iframe. Def should have read the spec more thoroughly. Please see the #corrections channel in Discord for the deets.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter:https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!====== Resources ======Episode with JR0ch17ctbb.show/61Exacerbating Cross-Site Scripting: The Iframe Sandwichhttps://coopergyoung.com/exacerbating-cross-site-scripting-the-iframe-sandwich/====== Timestamps ======(00:00:00) Introduction(00:01:20) Why are Iframes useful(00:05:11) Attributes of Iframes(00:21:39) Iframe Attacks(00:29:53) Iframe Fun Facts

Critical Thinking - Bug Bounty Podcast
Episode 118: Hacking Happy Hour: 0days on Tap and SQLi Shots

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later Apr 10, 2025 58:29


Episode 118: In this episode of Critical Thinking - Bug Bounty Podcast we cover a host of news, including clientside tidbits, “Credentialless” iframes, prototype pollution, and what constitutes a polyglot in llms.txt.Follow us on XShoutout to YTCracker for the awesome intro music!====== Links ======Follow Rhynorater and Rez0 on X====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!You can also find some hacker swag!====== Resources ======p4fg passed 1 Million!/reports/:id.json - $25K CritHacking Crypto pt1The art of payload obfuscationAnalyzing the Next.js Middleware BypassNahamsec's Merch storellms.txt polyglot prompt injectionReact Router and the Remix'ed pathPre-Authentication SQL Injection in Halo ITSMPwning Millions of Smart Weighing MachinesMCP Server OauthCline“Credentialless” iframesTiny XSS PayloadsTypes of Pollution====== Timestamps ======(00:00:00) Introduction(00:05:56) Next.js Middleware bypass & Polyglots in llms.txt(00:16:35) CPDoS on React Router(00:24:26) Loose Types Sink Ships & Pwning Smart Scales(00:32:30) MCP Server Oauth & Cline(00:39:40) Clientside Tidbits & Prototype Pollutions

Critical Thinking - Bug Bounty Podcast
Hacking AI Series: Vulnus ex Machina - Part 1

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later Apr 3, 2025 32:20


Episode 117: In this episode of Critical Thinking - Bug Bounty Podcast Joseph introduces Vulus Ex Machina: A 3-part mini-series on hacking AI applications. In this part, he lays the groundwork and focuses on AI reconnaissance. Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!====== Resources ======Building Reliable Web Agentshttps://x.com/pk_iv/status/190417889272394177717 security checks from VIBE to PRODUCTIONhttps://x.com/Kaamiiaar/status/1902342578185630000How to Hack AI Agents and Applicationshttps://josephthacker.com/hacking/2025/02/25/how-to-hack-ai-apps.htmlAI Crash Course Repohttps://github.com/henrythe9th/ai-crash-courseDeep Dive into LLMs like ChatGPThttps://www.youtube.com/watch?v=7xTGNNLPyMI====== Timestamps ======(00:00:00) Introduction(00:01:54) AI News(00:08:09) How to Hack AI Agents and Applications(00:14:26) The Recon Process(00:25:06) Initial Probing & Steering

Critical Thinking - Bug Bounty Podcast
Episode 116: Auth Bypasses and Google VRP Writeups

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later Mar 27, 2025 26:48


Episode 116: In this episode of Critical Thinking - Bug Bounty Podcast Justin gives a quick rundown of Portswigger's SAML Roulette writeup, as well as some Google VRP reports, and a Next.js middleware exploit.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor: ThreatLocker Cloud Control - https://www.threatlocker.com/platform/cloud-control====== Resources ======SAML roulette: the hacker always winshttps://portswigger.net/research/saml-roulette-the-hacker-always-winsLoophole of getting Google Form associated with Google Spreadsheet with no editor/owner accesshttps://bughunters.google.com/reports/vrp/yBeFmSrJiLoophole to see the editors of a Google Document with no granted access(owner/editor) with just the fileid (can be obtained from publicly shared links with 0 access)https://bughunters.google.com/reports/vrp/7EhAw2hurCloud Tools for Eclipse - Chaining misconfigured OAuth callback redirection with open redirect vulnerability to leak Google OAuth Tokens with full GCP Permissionshttps://bughunters.google.com/reports/vrp/F8GFYGv4gNext.js, cache, and chains: the stale elixirhttps://zhero-web-sec.github.io/research-and-things/nextjs-cache-and-chains-the-stale-elixirNext.js and the corrupt middleware: the authorizing artifacthttps://zhero-web-sec.github.io/research-and-things/nextjs-and-the-corrupt-middleware====== Timestamps ======(00:00:00) Introduction(00:02:59) SAML roulette(00:13:08) Google bugs(00:20:16) Next.js and the corrupt middleware

Critical Thinking - Bug Bounty Podcast
Episode 114: Single Page Application Hacking Playbook

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later Mar 13, 2025 82:25


Episode 114: In this episode of Critical Thinking - Bug Bounty Podcast we're diving into SPA and how to attack them.We also cover a host of news items, including some bug write-ups, AI updates, and a new tool called Hackadvisor.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor: ThreatLocker Cloud Control====== Resources ======Hacking High-Profile Bug Bounty Targets: Deep Dive into a Client-Side ChainResearch finds 12,000 ‘Live' API Keys and Passwords in DeepSeek's Training DataHackadvisorWP ExtensionsNotebook LMPressing Buttons with PopupsResponse to @RenwaX23Prompt Injection Attacks for DummiesShadow Repeaterparallel-prettier====== Timestamps ======(00:00:00) Introduction(00:02:15) Bug Write-up from @busf4ctor(00:09:44) Scanning Common Crawl(00:16:30) Hackadvisor and WP/Chrome Extension News(00:24:15) Notebook LM, and Recent AI Updates(00:31:58) Write-up from @J0R1AN and Related POC from @RenwaX23(00:38:10) Prompt Injection Attacks for Dummies(00:42:29) ShadowRepeater(00:47:04) Single-page applications

Critical Thinking - Bug Bounty Podcast
Best Technical Takeaways from Portswigger Top 10 2024

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later Mar 6, 2025 89:19


Episode 113: In this episode of Critical Thinking - Bug Bounty Podcast we're breaking down the Portswigger Top 10 from 2024. There's some bangers in here!Follow us on X at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on X: ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag!====== Resources ======Hijacking OAUTH flows via Cookie TossingChatGPT Account Takeover - Wildcard Web Cache DeceptionOAuth Non-Happy Path to ATOCVE-2024-4367 - Arbitrary JavaScript execution in PDF.jsDoubleClickjacking: A New Era of UI RedressingWorstFit: Unveiling Hidden Transformers in Windows ANSISQL Injection Isn't Dead: Smuggling Queries at the Protocol LevelConfusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP ServerMiddleware, middleware everywhere – and lots of misconfigurations to fix====== Timestamps ======(00:00:00) Introduction(00:09:56) Hijacking OAuth flows via Cookie Tossing(00:17:30) ChatGPT Account Takeover(00:25:28) OAuth Non-Happy Path to ATO(00:29:24) CVE-2024-4367(00:37:37) DoubleClickjacking:(00:44:54) Exploring the DOMPurify library(00:48:01) WorstFit(00:56:29) Unveiling TE.0 HTTP Request Smuggling(01:06:40) SQL Injection Isn't Dead: Smuggling Queries at the Protocol Level (01:14:05) Confusion Attacks

Critical Thinking - Bug Bounty Podcast
Episode 112: Interview with Ciarán Cotter (MonkeHack) - Critical Lab Researcher and Full-time Hunter

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later Feb 27, 2025 67:37


Episode 112: In this episode of Critical Thinking - Bug Bounty Podcast Joseph Thacker is joined by Ciarán Cotter (Monke) to share his bug hunting journey and give us the rundown on some recent client-side and server-side bugs. Then they discuss WebSockets, SaaS security, and cover some AI news including Grok 3, Nuclei -AI Flag, and some articles by Johann Rehberger.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter:https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Guest - Ciarán Cotterhttps://x.com/monkehack====== Resources ======Mstyhttps://msty.app/From Day Zero to Zero Dayhttps://nostarch.com/zero-dayNuclei - ai flaghttps://x.com/pdiscoveryio/status/1890082913900982763ChatGPT Operator: Prompt Injection Exploits & Defenseshttps://embracethered.com/blog/posts/2025/chatgpt-operator-prompt-injection-exploits/Hacking Gemini's Memory with Prompt Injection and Delayed Tool Invocationhttps://embracethered.com/blog/posts/2025/gemini-memory-persistence-prompt-injection/====== Timestamps ======(00:00:00) Introduction(00:01:04) Bug Rundowns(00:13:05) Monke's Bug Bounty Background(00:20:03) Websocket Research(00:34:01) Connecting Hackers with Companies(00:34:56) Grok 3, Msty, From Day Zero to Zero Day(00:42:58) Full time Bug Bounty, SaaS security, and Threat Modeling while AFK(00:54:49) Nuclei - ai flag, ChatGPT Operator, and Hacking Gemini's Memory

Critical Thinking - Bug Bounty Podcast
Episode 111: How to Bypass DOMPurify in Bug Bounty with Kevin Mizu

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later Feb 20, 2025 109:15


Episode 111: In this episode of Critical Thinking - Bug Bounty Podcast Justin interviews Kevin Mizu to showcase his knowledge regarding DOMPurify and its misconfigurations. We walk through some of Kevin's research, highlighting things like Dangerous allow-lists and URI Attributes, DOMPurify hooks, node manipulation, and DOM Clobbering.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter:https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!====== Resources ======Exploring the DOMPurify library: Bypasses and Fixes (1/2)https://mizu.re/post/exploring-the-dompurify-library-bypasses-and-fixesExploring the DOMPurify library: Hunting for Misconfigurations (2/2)https://mizu.re/post/exploring-the-dompurify-library-hunting-for-misconfigurationsDom-Explorer toolhttps://yeswehack.github.io/Dom-Explorer/shared?id=772a440c-b0c2-4991-be71-3e271cf7954fCT Episode 61: A Hacker on Wall Street - JR0ch17https://www.criticalthinkingpodcast.io/episode-61-a-hacker-on-wall-street-jr0ch17/====== Timestamps ======(00:00:00) Introduction(00:01:44) Kevin Mizu - Background and Bring-a-bug(00:15:09) DOMPurify(00:29:04) Misconfigurations - Dangerous allow-lists(00:39:09) Dangerous URI attributes configuration(00:46:08) Bad usage(00:59:55) DOMPurify Hooks: before, after, and upon SanitizeAttribute(01:29:15) Node manipulation, nodeName namespace case confusion, & DOM Clobbering DOS(01:36:51) Misc concepts for future research

Critical Thinking - Bug Bounty Podcast
Episode 106: Announcing our new cohost...

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later Jan 16, 2025 58:10


Episode 106: In this episode of Critical Thinking - Bug Bounty Podcast we are pleased to announce our new co-host of the podcast: Joseph Thacker Aka Rez0! We discuss Joseph's transition to full-time bug bounty hunting, his goals, and what he's looking forward to bringing to the pod. We also cover some news items including doubleclickjacking, character set attacks, SVG XSS, and more.Follow us on twitter at: @ctbbpodcastFeel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Rez0 on twitter:https://x.com/Rhynoraterhttps://x.com/rez0__------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Check out our new SWAG store at https://ctbb.show/swag!ResourcesDoubleClickjacking: A New Era of UI Redressinghttps://www.paulosyibelo.com/2024/12/doubleclickjacking-what.htmlXBOW Validation Benchmarkshttps://github.com/xbow-engineering/validation-benchmarksJorian tweethttps://x.com/J0R1AN/status/1871586792455163975Simplified Payloadhttps://portswigger-labs.net/xss/charset.php?x=%1b$B%1b(B%3Ca%20href=javas%1B(Jcript:alert(1)%3Etest%3C/a%3E&charset=SVG XSS Payloadhttps://x.com/garethheyes/status/1876953751245783534curl-cffihttps://pypi.org/project/curl-cffi/Bypassing File Upload Restrictions To Exploit CSPThttps://blog.doyensec.com/2025/01/09/cspt-file-upload.htmlAI-Crash-Coursehttps://github.com/henrythe9th/AI-Crash-Course?tab=readme-ov-fileTimestamps(00:00:00) Introduction(00:02:15) Rez0's journey to Full-time hunter, Tool developer, and new Co-host(00:21:04) DoubleClickjacking(00:31:48) XBOW Validation Benchmarks, Charset Thoughts, and SVG XSS(00:42:28) curl-cffi, CSPT, and AI Crash Course

Critical Thinking - Bug Bounty Podcast
Episode 105: Best Critical Thinking Moments from 2024

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later Jan 9, 2025 137:47


Episode 105: In this episode of Critical Thinking - Bug Bounty Podcast we're back with another Best-of episode recapping some of our top moments of 2024.Follow us on twitter at: @ctbbpodcastSsend us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Rez0 on twitter:https://x.com/Rhynoraterhttps://x.com/rez0__------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Check out our new SWAG store at https://ctbb.show/swag!Today's Sponsor - ThreatLocker. Check out their Elevation Control! https://www.criticalthinkingpodcast.io/tl-ecResourcesEpisode 53ctbb.show/53Episode 59ctbb.show/59Episode 65ctbb.show/65Episode 69ctbb.show/69Episode 80ctbb.show/80Episode 81ctbb.show/81Episode 86ctbb.show/86Episode 87ctbb.show/87Episode 91ctbb.show/91Episode 93ctbb.show/93Episode 99ctbb.show/99Timestamps(00:00:00) Introduction(00:03:59) Episode 53(00:17:12) Episode 59(00:32:45) Episode 65(00:48:08) Episode 69(01:02:37) Episode 80(01:18:09) Episode 81(01:28:59) Episode 86(01:41:04) Episode 87(01:54:48) Episode 91(02:01:48) Episode 93(02:09:37) Episode 99

Critical Thinking - Bug Bounty Podcast
Episode 104: 2024 Hacker Stats & 2025 Goals

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later Jan 2, 2025 29:00


Episode 104: In this episode of Critical Thinking - Bug Bounty Podcast Justin reflects upon the past year and walks through some of the bug bounty goals he had for 2024, and how he feels like he did. Then he sets some goals for 2025, as well as some exciting CT news for the coming year.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Rez0 on X:https://x.com/rhynoraterhttps://x.com/rez0__------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Check out our new SWAG store at https://ctbb.show/swag!ResourcesCTBB Full Time Guildctbb.show/ftCritical Research Labctbb.show/crlCT Episode 51 - 2024 Goalshttps://www.criticalthinkingpodcast.io/episode-51-hacker-stats-2023-2024-goals/Personal BB inventory and goalshttps://ctbb.show/blogTimestamps(00:00:00) introduction(00:00:57) Critical Thinking 2025 Announcements(00:04:21) Personal Inventory of 2024(00:24:05) Goals for 2025

Critical Thinking - Bug Bounty Podcast
Episode 103: Getting ANSI about Unicode Normalization

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later Dec 26, 2024 60:30


Episode 103: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph delve into the vulnerabilities associated with ANSI codes and large language models (LLMs), as well as talk through some new research and the value of micro-blogging in general.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord!We offer Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Check out our new SWAG store!Join our Shift waitlist!Today's Sponsor - ThreatLocker. Check out their Elevation Control! https://www.criticalthinkingpodcast.io/tl-ecResources_json Juggling AttackCross-Site POST Requests Without a Content-Type HeaderWorst FitOrange Tsai on Worst FitHandling Cookies is a MinefieldTerminal DiLLMaXS-Leaking flags with CSS: A CTFd 0dayHacking Back the AI-HackerJohann Computer use demoHow I Became The Most Valuable HackerTimestamps(00:00:00) Introduction(00:01:39) _json Juggling Attack and Cross-Site POST Requests Without a Content-Type Header(00:10:55) Worst Fit and Unicode Mapping(00:20:08) Handling Cookies is a Minefield(00:28:11) Terminal DiLLMa & CTFd 0day(00:41:18) Hacking Back the AI-Hacker(00:47:30) Becoming Most Valuable Hacker

Critical Thinking - Bug Bounty Podcast
Episode 102: Building Web Hacking Micro Agents with Jason Haddix

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later Dec 19, 2024 62:49


Episode 102: In this episode of Critical Thinking - Bug Bounty Podcast Justin grabs Jason Haddix to help brainstorm the concept of AI micro-agents in hacking, particularly in terms of web fuzzing, WAF bypasses, report writing, and more.They discuss the importance of contextual knowledge, the cost implications, and the strengths of different LLM Models.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Check out our new SWAG store at https://ctbb.show/swag!Today's Guest - https://x.com/JhaddixResourcesKeynote: Red, Blue, and Purple AI - Jason Haddixhttps://www.youtube.com/watch?v=XHeTn7uWVQMAttention in transformers,https://www.youtube.com/watch?v=eMlx5fFNoYcShifthttps://shiftwaitlist.com/The Darkest Side of Bug Bountyhttps://www.youtube.com/watch?v=6SNy0u6pYOcTimestamps(00:00:00) Introduction(00:01:25) Micro-agents and Weird Machine Tricks(00:11:05) Web fuzzing with AI(00:18:15) Brainstorming Shift and micro-agents(00:34:40) Strengths of different AI Models, and using AI to write reports(00:54:21) The Darkest Side of Bug Bounty

Cybercrime Magazine Podcast
YTCracker: Hacking Like it's 1999. Computer Security is His First Love.

Cybercrime Magazine Podcast

Play Episode Listen Later Dec 16, 2024 2:14


Bryce Case Jr., otherwise known as YTCracker, is an American rapper from La Mirada, California, according to Wikipedia. His stage name derives from having formerly been a black hat hacker. Case is best known for his contributions to the hacking community along with nerdcore hip hop subculture. During his criminal career, he became known for defacing the webpages of several federal and municipal government websites in the United States, as well as several in the private industry at the age of 17. Case performs as an MC and a DJ under the name YTCracker and he runs an independent record label, Nerdy South Records. YTCracker tells Cybercrime Magazine that computer security is his first love. Learn more about YTCracker at https://en.wikipedia.org/wiki/YTCracker. Visit YTCracker's official website at https://ytcracker.com/v2020.

Critical Thinking - Bug Bounty Podcast
Episode 101: CTBB Hijacked: Rez0__ on AI Attack Vectors with Johann Rehberger

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later Dec 12, 2024 51:24


Episode 101: In this episode of Critical Thinking - Bug Bounty Podcast we've been hijacked! Rez0 takes control of this episode, and sits down with Johann Rehberger to discuss the intricacies of AI application vulnerabilities. They talk through the importance of understanding system prompts, and various obfuscation techniques used to bypass security measures, the best AI platforms, and the evolving landscape of AI security.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Today's Sponsor - ThreatLocker. Check out their Elevation Control! https://www.criticalthinkingpodcast.io/tl-ecToday's Guest: https://x.com/wunderwuzzi23ResourcesJohann's bloghttps://embracethered.com/blog/zombaishttps://embracethered.com/blog/posts/2024/claude-computer-use-c2-the-zombais-are-coming/Copiratehttps://embracethered.com/blog/posts/2024/m365-copilot-prompt-injection-tool-invocation-and-data-exfil-using-ascii-smuggling/Timestamps(00:00:00) Introduction(00:01:59) Biggest things to look for in AI hacking(00:11:58) Best AI companies to hack on(00:15:59) URL Redirects and Obfuscation Techniques(00:24:05) Copirate(00:35:50) prompt injection guardrails and threats

Critical Thinking - Bug Bounty Podcast
Ep 100 - 8 Fav Bugs of 2024, Farewell Joel, Hello Shift - Cursor of Hacking

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later Dec 5, 2024 101:40


Episode 100: In this episode of Critical Thinking - Bug Bounty Podcast we have a mixed bag. We celebrate 100 episodes of Critical Thinking, but also bid farewell to Joel, who will be leaving the show as a co-host, but returning as guest. Then we hear from a bunch of friends about their 'best bug of the year', before capping the episode with the announcement of a new AI tool we've been working on!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.ResourcesLHE-30-hours-speed-run-to-rcehttps://docs.google.com/presentation/d/1i68-KMpqBuHS2sfOjdacH1HF4oXRIsalXFPrG5vhMo4/edit#slide=id.p21Deloreanhttps://github.com/jselvi/DeloreanShiftshiftwaitlist.comTimestamps(00:00:00) Introduction(00:07:32) Nagli(00:19:09) Shubs(00:35:00) Matt Brown(00:39:42) Matanber(00:57:52) Douglas Day(01:05:18) Alex Chapman(01:15:02) Nahamsec(01:25:45) Rez0(01:28:20) Shift Announcement

Critical Thinking - Bug Bounty Podcast
Episode 99: Back to the Basics - Web Fundamental to 100k a Year in Bug Bounty

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later Nov 28, 2024 102:54


Episode 99: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Roni dissect an old thread of Justin's talking about how best to start bug bounty with the goal of making $100k in the first year.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Today's Sponsor - AssetNote: Check out their ASMR board (no not that kind!)https://assetnote.io/asmrToday's Guest - https://x.com/0xLupinResourcesJustin's Twitter Threadhttps://x.com/Rhynorater/status/1699395452481769867Timestamps(00:00:00) Introduction(00:03:00) Web Fundamentals Education(00:46:01) Threat Modeling and Hacking Goals(01:18:58) Vuln Types and finding Specialization

Critical Thinking - Bug Bounty Podcast
Episode 98: Team 82 Sharon Brizinov - The Live Hacking Polymath

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later Nov 21, 2024 103:57


Episode 98: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner sits down with Sharon,to discuss his journey from early iOS development to leading a research team at Claroty. They address the differences between HackerOne and Pwn2Own, and talk through some intricacies of IoT security, and some less common IoT attack surfaces.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Today's Sponsor - ThreatLocker: Check out Network Control!https://www.criticalthinkingpodcast.io/tl-ncAnd AssetNote: Check out their ASMR board (no not that kind!)https://assetnote.io/asmrToday's Guest: https://sharonbrizinov.com/ResourcesThe Claroty Research Teamhttps://claroty.com/team82Pwntoolshttps://github.com/Gallopsled/pwntoolsScan My SMShttp://scanmysms.comGotta Catch 'Em All: Phishing, Smishing, and the birth of ScanMySMShttps://www.youtube.com/watch?v=EhNsXXbDp3UTimestamps(00:00:00) Introduction(00:03:31) Sharon's Origin Story(00:21:58) Transition to Bug Bounty and Pwn2Own vs HackerOne(00:47:05) IoT/ICS Hacking Methodology(01:10:13) Cloud to Device Communication(01:18:15) Bug replication and uncommon attack surfaces(01:30:58) Documentation tracker, reCaptcha bypass, and ScanMySMS

Critical Thinking - Bug Bounty Podcast
Episode 97: Bcrypt Hash Input Truncation & Mobile Device Threat Modeling

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later Nov 14, 2024 53:05


Episode 97: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel jump into some cool news items, including a recent Okta Bcrypt vulnerability, insights into crypto bugs, and some intricacies of Android and Chrome security. They also explore the latest research from Portswigger on payload concealment techniques, and the introduction of the Lightyear tool for PHP exploits.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Today's Sponsor - ThreatLocker: Check out Network Control!https://www.criticalthinkingpodcast.io/tl-ncResourcesOkta bcryptAndroid Web Attack Surface WriteupsConcealing payloads in URL credentialsDumping PHP files with LightyearLimit maximum number of filter chainsDom-Explorer tool launchedMultiHTMLParseJSON CrackCaido/Burp notes pluginTimestamps(00:00:00) Introduction(00:02:43) Okta Release and bcrypt(00:10:26) Android Web Attack Surface Writeups(00:20:21) More Portswigger Research(00:28:29) Lightyear and PHP filter chains(00:35:09) Dom-Explorer(00:45:24) The JSON Debate(00:49:59) Notes plugin for Burp and Caido

Critical Thinking - Bug Bounty Podcast
Episode 96: Cookies & Caching with MatanBer

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later Nov 7, 2024 49:09


Episode 96: In this episode of Critical Thinking - Bug Bounty Podcast we're back with Matanber to hit some stuff we ran out of time on last episode. We talk about advanced cookie parsing techniques and exploitation methods, Safari's unique behaviors regarding cookie handling and debugging methods, and some of the writeups from the HeroCTF v6.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Today's Guest: https://x.com/MtnBerResources:Cookie Bugs - Smuggling & Injectionhttps://blog.ankursundara.com/cookie-bugs/#:~:text=Cookie%20SmugglingiOS Webkit Debug Proxyhttps://github.com/google/ios-webkit-debug-proxyHeroCTF v6 Writeupshttps://mizu.re/post/heroctf-v6-writeupsTimestamps(00:00:00) Introduction(00:01:29) Cookie exploits(00:21:32) Matan's Safari Adventure(00:29:49) HeroCTF 6 writeups

Critical Thinking - Bug Bounty Podcast
Episode 95: Attacking Chrome Extensions with MatanBer - Big Impact on the Client-Side

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later Oct 31, 2024 116:23


Episode 95: In this episode of Critical Thinking - Bug Bounty Podcast In this episode, Justin is joined by MatanBer to delve into the intricacies of browser extensions. We talk about the structure and threat models, and cover things like service workers, extension pages, and isolated worlds.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Today's Sponsor - AssetNote. Listen to their podcast https://www.criticalthinkingpodcast.io/sspodToday's Guest: https://x.com/MtnBerResourcesUniversal Code Execution by Chaining Messages in Browser Extensionshttps://spaceraccoon.dev/universal-code-execution-browser-extensions/DOMLogger++https://github.com/kevin-mizu/domloggerppBBRE Metamask bughttps://youtu.be/HnI0w156rtw?si=QixP8SX6JuRFz6PABench Press: Leaking Text Nodes with CSShttps://blog.pspaul.de/posts/bench-press-leaking-text-nodes-with-css/Timestamps:(00:00:00) Introduction(00:03:08) Structure & Threat Model for Browser Extension(00:28:28) Extension Attack scenarios(01:01:26) Attacking Extension Pages(01:26:35) Attacking Service Workers(01:46:23) Getting source code and dynamic debugging

Critical Thinking - Bug Bounty Podcast
Episode 94: Zendesk Fiasco & the CTBB Naughty List

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later Oct 24, 2024 49:29


Episode 94: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel give their perspectives on the recent Zendesk fiasco and the ethical considerations surrounding it. They also highlight the launch of AuthzAI and some research from Ophion SecurityFollow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Today's Sponsor - AssetNote. Listen to their podcast https://www.criticalthinkingpodcast.io/sspodResources:New music drop from our Boi YThttps://x.com/realytcracker/status/1847599657569956099AuthzAIhttps://authzai.com/ Ron Chanhttps://x.com/ngalongcMisconfigured User Auth Leads to Customer Messageshttps://www.ophionsecurity.com/post/live-chat-blog-1-misconfigured-user-auth-leads-to-customer-messagesZendesk Write-uphttps://gist.github.com/hackermondev/68ec8ed145fcee49d2f5e2b9d2cf2e52Response from Zendeskhttps://gist.github.com/hackermondev/68ec8ed145fcee49d2f5e2b9d2cf2e52?permalink_comment_id=5232589#gistcomment-5232589Timestamps(00:00:00) Introduction(00:05:29) AuthzAI and the return of Ron Chan(00:13:50) Ophion Security Research(00:18:12) Zendesk Drama

Critical Thinking - Bug Bounty Podcast
Episode 93: A Chat with Dr. Bouman - Life as a Hacker and a Doctor

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later Oct 17, 2024 101:29


Episode 93: In this episode of Critical Thinking - Bug Bounty Podcast we're joined by Dr. Jonathan Bouman to discuss his unique journey as both a Hacker and a Healthcare Professional. We talk through how he balances his dual careers, some ethical considerations of hacking in the context of healthcare, and highlight some experiences he's had with Amazon's bug bounty program.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Find the Hackernotes: https://blog.criticalthinkingpodcast.io/Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Today's Sponsor - ThreatLocker. Checkout their ThreatLocker Detect! https://www.criticalthinkingpodcast.io/tl-detectToday's Guest - https://x.com/jonathanbouman?lang=enResourcesAnyone can Access Deleted and Private Repository Data on GitHubFilesender GithubRemote Code execution at ws1.aholdusa .comAPK-MITMHacking Dutch healthcare systemFitness Youtube Channelshttps://www.youtube.com/channel/UCpQ34afVgk8cRQBjSJ1xuJQhttps://www.youtube.com/@BullyJuiceTimestamps(00:00:00) Introduction(00:07:28) Medicine and Hacking(00:19:36) Hacking on Amazon(00:34:33) Collaboration and consistency (00:44:13) SSTI Methodology(01:06:10) iOS Hacking Methodology(01:13:23) Hacking Healthcare(01:32:19) Health tips for hacking

Critical Thinking - Bug Bounty Podcast
Episode 92 - SAML XPath Confusion, Chinese DNS Poisoning, and AI Powered 403 Bypasser

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later Oct 10, 2024 47:38


Episode 92: In this episode of Critical Thinking - Bug Bounty Podcast In this episode Justin and Joel tackle a host of new research and write-ups, including Ruby SAML, 0-Click exploits in MediaTek Wi-Fi, and Vulnerabilities caused by The Great FirewallFollow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Find the Hackernotes: https://blog.criticalthinkingpodcast.io/Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Today's Sponsor - ThreatLocker. Checkout their ThreatLocker Detect! https://www.criticalthinkingpodcast.io/tl-detectResources:Insecurity through CensorshipRuby-SAML / GitLab Authentication Bypass0-Click exploit discovered in MediaTek Wi-Fi chipsetsNew Caido Plugin to Generate WordlistsBebik's 403 BypassorCSPBypassArb Read & Arb write on LLaMa.cpp by SideQuestXSS WAF Bypass One payload for allTimestamps(00:00:00) Introduction(00:02:08) Vulnerabilities Caused by The Great Firewall(00:07:25) Ruby SAML Bypass(00:19:55) 0-Click exploit discovered in MediaTek Wi-Fi chipsets(00:24:36) New Caido Wordlist Plugin(00:31:00) CSPBypass.com(00:35:37) Arb Read & Arb write on LLaMa.cpp by SideQuest(00:43:10) Helpful WAF Bypass

Critical Thinking - Bug Bounty Podcast
Episode 91: Zero to LHE in 9 Months (feat gr3pme)

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later Oct 3, 2024 82:50


Episode 91: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner sits down with Critical Thinking's own HackerNotes writer Brandyn Murtagh (gr3pme) to talk about his journey with Bug Bounty. We cover mentorship, networking and LHEs, ecosystem hacking, emotional regulation, and the need for self-care. Then we wrap up with some fun bugs.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Find the Hackernotes: https://blog.criticalthinkingpodcast.io/Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Shop our new swag store at ctbb.show/swagToday's Sponsor: Project Discovery - tldfinder: https://www.criticalthinkingpodcast.io/tldfinderToday's guest: https://x.com/gr3pmeResources:Lessons Learned for LHEshttps://x.com/Rhynorater/status/1579499221954473984Timestamps:(00:00:00) Introduction(00:07:02) Mentorship in Bug Bounty(00:16:30) LHE lessons, takeaways, and the benefit of feedback and networking(00:41:28) Choosing Targets(00:49:03) Vuln Classes(00:58:54) Bug Reports

Critical Thinking - Bug Bounty Podcast
Episode 90: 5k Clickjacking, Encryption Oracles, and Cursor for PoCs

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later Sep 26, 2024 51:42


Episode 90: In this episode of Critical Thinking - Bug Bounty Podcast Joel and Justin recap some of their recent hacking ups and downs and have a lively chat about Cursor.Then they cover some some research about SQL Injections, Clikjacking in Google Docs, and how to steal your Telegram account in 10 seconds.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Find the Hackernotes: https://blog.criticalthinkingpodcast.io/Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Shop our new swag store at ctbb.show/swagToday's Sponsor: Project Discovery - tldfinder: https://www.criticalthinkingpodcast.io/tldfinderResources:Breaking Down Barriers: Exploiting Pre-Auth SQL Injection in WhatsUp GoldContent-Type that can be used for XSSClikjacking Bug in Google DocsJustin's Gadget Linkhttps://www.youtube.com/signin?next=https%3A%2F%2Faccounts.youtube.com%2Faccounts%2FSetSID%3Fcontinue%3Dhttps%3A%2F%2Fwww.google.com%252Famp%252fpoc.rhynorater.comStealing your Telegram account in 10 seconds flatTimestamps(00:00:00) Introduction(00:08:28) Recent Hacks and Dupes (00:14:00) Cursor(00:25:02) Exploiting Pre-Auth SQL Injection in WhatsUp Gold(00:34:17) Content-Type that can be used for XSS(00:40:25) Caido updates(00:43:14) Clikjacking in Google Docs, and Stealing Telegram account

Critical Thinking - Bug Bounty Podcast
Episode 89: The Untapped Bug Bounty Landscape of IoT w/ Matt Brown

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later Sep 19, 2024 118:03


Episode 89: In this episode of Critical Thinking - Bug Bounty Podcast We're joined live by Matt Brown to talk about his journey with hacking in the IoT. We cover the specializations and challenges in hardware hacking, and Matt's personal Methodology. Then we switch over to touch on BGA Reballing, Certificate Pinning and Validation, and some of his own bug stories.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Find the Hackernotes: https://blog.criticalthinkingpodcast.io/Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Today's Sponsor: Project Discovery - tldfinder: https://www.criticalthinkingpodcast.io/tldfinderToday's Guess Matt Brown: https://x.com/nmatt0Resources:Decrypting SSL to Chinese Cloud Servershttps://www.youtube.com/watch?v=3qSxxNvuEtgmitmrouterhttps://github.com/nmatt0/mitmroutercertmitm Automatic Exploitation of TLS Certificate Validation Vulnshttps://www.youtube.com/watch?v=w_l2q_Gyqfoandhttps://media.defcon.org/DEF%20CON%2031/DEF%20CON%2031%20presentations/Aapo%20Oksman%20-%20certmitm%20automatic%20exploitation%20of%20TLS%20certificate%20validation%20vulnerabilities.pdfhttps://github.com/aapooksman/certmitmHackerOne Detailed Platform Standardshttps://docs.hackerone.com/en/articles/8369826-detailed-platform-standardsTimestamps:(00:00:00) Introduction(00:13:33) Specialization and Challenges of IOT Hacking(00:33:03) Decrypting SSL to Chinese Cloud Servers(00:47:00) General IoT Hacking Methodology(01:26:00) Certificate Pinning and Certificate Validation(01:34:35) BGA Reballing(01:43:26) Bug Stories

Critical Thinking - Bug Bounty Podcast
Episode 88: News, Tools, and Writeups

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later Sep 12, 2024 66:08


Episode 88: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel tackle a whole slate of new research including a new cheat sheet for URL validation bypass from Portswigger, the introduction of Sanic DNS as a high-speed DNS resolver, xsstools, and the Dockerization of Orange Confusion Attacks. Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Find the Hackernotes: https://blog.criticalthinkingpodcast.io/ Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Shop our new swag store at ctbb.show/swagResourcesURL Validation Bypass cheat sheetSanicDNSOrange Confusion AttacksWordPress GiveWP POP to RCEXsstoolsBypassing browser tracking protectionAdvanced iframe MagicDOM Clobberinghttps://www.ruhrsec.de/downloads/slides/Everything-You-Wanted-to-Know-About-DOM-Clobbering-But-Were-Afraid-to-Ask-Soheil-Khodayari-RuhrSec.pdfAndhttps://domclob.xyz/domc_payload_generator/Timestamps:(00:00:00) Introduction(00:02:00) URL validation bypass(00:07:41) SanicDNS and Orange confusion attacks(00:20:06) WordPress GiveWP POP to RCE(00:31:29) Xsstools(00:43:56) Bypassing browser tracking protection(00:52:06) DOM Clobbering and mixing up your approach

Critical Thinking - Bug Bounty Podcast
Episode 87: 'Hacker Wife' Mariah Garder on Bug Bounty mentality and relationships

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later Sep 5, 2024 86:41


Episode 87: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with none other than his wife Mariah to talk about Bug Bounty from the perspective of a Significant Other. They share how they've traversed travel and Live Hacking Events, household chores, hobbies, goals, rewards, as well as how best to encourage and support the hacker/non-hacker in your life.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Find the Hackernotes: https://blog.criticalthinkingpodcast.io/Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Shop our new swag store at ctbb.show/swagToday's Guest: https://x.com/MariahG017Resources:Ruby Nealon's songhttps://x.com/_ruby/status/835306502546149376Don't Force Yourself to Become a Bug Bounty Hunterhttps://samcurry.net/dont-force-yourself-to-become-a-bug-bounty-hunterTimestamps(00:00:00) Introduction(00:03:12) Technical Questions for a Bug Bounty Wife(00:16:11) Mariah's First LHE experience(00:31:12) LHEs as a Couple(00:41:57) Encouragement and Risk(00:55:55) Hacker Family Dynamics, goals, and keeping promises(01:17:35) How to care for your Hacker/Hacker Wife

Critical Thinking - Bug Bounty Podcast
Episode 86: The X-Correlation between Frans & RCE - Research Drop

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later Aug 29, 2024 42:09


Episode 86: In this episode of Critical Thinking - Bug Bounty Podcast Frans blows Justin's mind with a sneak peak of his new presentation. Note: This is a little different from our normal episode, and video is recommended. So head over to ctbb.show/yt if you feel like you're missing something.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Find the Hackernotes: https://blog.criticalthinkingpodcast.io/Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Shop our new swag store at ctbb.show/swagWatch this Episode on Youtube - ctbb.show/ytToday's Guest: Frans Rosen - https://x.com/fransrosenView the slides of this presentation at https://speakerdeck.com/fransrosen/x-correlation-injections-or-how-to-break-server-side-contextsTimestamps(00:00:00) Introduction(00:04:09) x-correlation injection(00:21:10) Server-side JSON-Injection(00:32:10) Fuzz Blindly and Optimizing Blind RCE

Critical Thinking - Bug Bounty Podcast
Episode 85: Practical Applications of DEFCON 32 Web Research

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later Aug 22, 2024 90:30


Episode 85: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel talk through some of the research coming out of DEFCON, mainly from the PortSwigger team. Web timing attacks, cache exploitation, and exploits related to email protocols are all featured. Plus we also talk some fun Apache hacks from Orange TsaiFollow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Find the Hackernotes: https://blog.criticalthinkingpodcast.io/Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!Check out our new SWAG store at https://ctbb.show/swag!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Today's Sponsor - ThreatLockerResourcesListen to the whispershttps://portswigger.net/research/listen-to-the-whispers-web-timing-attacks-that-actually-workSplitting the email atomhttps://portswigger.net/research/splitting-the-email-atomGotta cache 'em allhttps://portswigger.net/research/gotta-cache-em-allHTTP Gardenhttps://github.com/narfindustries/http-gardenConfusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server! https://blog.orange.tw/2024/08/confusion-attacks-en.html#%E2%9C%94%EF%B8%8F-2-2-2-Local-Gadget-to-XSSTrusted API Typeshttps://developer.mozilla.org/en-US/docs/Web/API/Trusted_Types_APIUntrusted Typeshttps://github.com/filedescriptor/untrusted-types Timestamps:(00:00:00) Introduction(00:09:45) 'Listen to the whispers'(00:30:03) 'Splitting the email atom'(00:58:42) 'Gotta cache 'em all'(01:21:03) 'Confusion Attacks'

Critical Thinking - Bug Bounty Podcast
Episode 84: 0xLupin & Takeaways from Google's Las Vegas BugSwat

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later Aug 15, 2024 27:15


Episode 84: In this episode of Critical Thinking - Bug Bounty Podcast, Justin is joined by Roni Carta (@0xLupin) to discuss their MVH win at the recent Google LHE, and share some technical observations they had with the target and the event.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Find the Hackernotes: https://blog.criticalthinkingpodcast.io/Follow your hosts Rhynorater & Teknogeek on twitter:------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Today's Guest: https://x.com/0xLupinToday's Sponsor - ThreatLockerTimestamps:(00:00:00) Introduction(00:02:12) MHV Debrief(00:09:05) Sandboxes and Comfort Zones(00:13:24) SDKs and Legal Compliance(00:19:29) Age of Target and Platform-Exclusive Hunters

Critical Thinking - Bug Bounty Podcast
Episode 83: Brainstorming Proxy Plugins

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later Aug 8, 2024 54:50


Episode 83: In this episode of Critical Thinking - Bug Bounty Podcast Joel and Justin are brainstorming new features and improvements for Caido, such as the implementation of a 403 bypassing workflow, a text expander, Tracing Cookies, and more.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Resources:Post from Gareth Heyeshttps://x.com/garethheyes/status/1811084674988474417Wiki List of XML and HTMLhttps://en.wikipedia.org/wiki/List_of_XML_and_HTML_character_entity_references#List_of_character_entity_references_in_HTMLHackerOne Leaderboard Changeshttps://x.com/scarybeasts/status/1810813103354892666Espansohttps://espanso.org/Critical Thinkers Discordctbb.show/criticalthinkersOauth Scanhttps://portswigger.net/bappstore/8ef2db1173e8432c8797831c2e730727Timestamps:(00:00:00) Introduction(00:03:12) News(00:13:20) Into the Brainstorm(00:13:41) 403 Bypasser(00:20:34) "Expaido"(00:31:34) Trace Cookies(00:42:01) Highlight Decoding Expansion and AI integrations(00:49:08) OAuth Testing, API Highlighter, and Note-taking

Critical Thinking - Bug Bounty Podcast
Episode 82: Part-Time Bug Bounty

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later Aug 1, 2024 36:32


Episode 82: In this episode of Critical Thinking - Bug Bounty Podcast Joel Margolis discusses strategies and tips for part-time bug bounty hunting. He covers things like finding (and enforcing) balance, picking programs and goals, and streamlining your process to optimize productivity.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Resources:Evernote RCE Posthttps://0reg.dev/blog/evernote-rceServiceNow Bug Chainhttps://www.assetnote.io/resources/research/chaining-three-bugs-to-access-all-your-servicenow-dataDouglas Day's Talk on finding 'no's'https://youtu.be/G1RHa7l1Ys4?si=TY16ULsEIfJ9CMKkTimestamps:(00:01:37) Introduction(00:02:24) Evernote RCE Post(00:06:47) AssetNote ServiceNow Bug Chain(00:12:16) Part-Time Bug Bounty: Balance and Accountability(00:18:04) Picking programs: Impact and Payout(00:28:46) Streamline your process

Critical Thinking - Bug Bounty Podcast
Episode 81: Crushing Client-Side on Any Scope with MatanBer

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later Jul 25, 2024 124:48


Episode 81: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by MatanBer to go over some recent bug reports, as well as share some tips and tricks on client-side hacking and using DevTools effectively. Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Today's Guest: https://x.com/MtnBerResources:Beyond XSShttps://aszx87410.github.io/beyond-xss/en/Web VSCode XSShttps://gitlab.com/gitlab-org/gitlab/-/issues/461328Timestamps(00:00:00) Introduction(00:05:24) Learning and Labs(00:17:29) DevTools tips and tricks(00:49:49) General Client-Side hacking tips(01:09:59) Self-XSS Storytime(01:32:16) But Reports(01:46:37) Brainstorming a Client-side HUD

Critical Thinking - Bug Bounty Podcast
Episode 80: Pwn2Own VS H1 Live Hacking Event (feat SinSinology)

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later Jul 18, 2024 169:26


Episode 80: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by Sina Kheirkhah to talk about the start of his hacking journey and explore the differences between the Pwn2Own and HackerOne EventsFollow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Today's Guest: https://x.com/SinSinologyBlog: https://sinsinology.medium.com/Resources:WhatsUp Gold Pre-Auth RCEAdvanced .NET Exploitation TrainingdnSpyExQEMUUnicorn EngineQilinglibAFLAlex Plaskett interviewTippingPointFlashback TeamTimestamps:(00:00:00) Introduction(00:12:45) Learning, Mentorship, and Failure(00:29:34) Pentesting and Pwn2Own(00:40:05) Hacking methodology(01:01:57) Debuggers and shells in IoT Devices(01:35:40) Differences between ZDI and HackerOne(02:02:27) Pwn2Own Steps and Stories(02:14:06) Master of Pwn Title(02:29:54) Bug reports

Critical Thinking - Bug Bounty Podcast
Episode 79: The State of CSS Injection - Leaking Text Nodes & HTML Attributes

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later Jul 11, 2024 70:25


Episode 79: In this episode of Critical Thinking - Bug Bounty Podcast we deepdive CSS injection, and explore topics like sequential import chaining, font ligatures, and attribute exfiltration.Follow us on twitter at: @ctbbpodcastSend us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Resources:SpaceRaccoon's Universal Code Execution ExtensionsEscalating Client Side Path TraversalFull-time Bug Bounty BlueprintSequential Import ChainingCSS ExfiltationLink that Justin was talking aboutFont LigaturesLava Dome bypassStealing Data in Great StyleSteal Script ContentsMasato Kinugawa's tweetAttacking with Just CSSCSS Injection PrimitivesTimestamps:(00:00:00) Introduction(00:02:32) Universal Code Execution(00:11:32) Escalating Client Side Path Traversal(00:16:56) Justin's Defcon talk & Bug Bounty Blueprint(00:23:32) CSS Injection(00:39:23) Font Ligatures(00:54:30) Descent Override and display:block

Critical Thinking - Bug Bounty Podcast
Episode 78: Less Writing, More Hacking - Reporting Efficiency Techniques

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later Jul 4, 2024 66:25


Episode 78: In this episode of Critical Thinking - Bug Bounty Podcast we're talking about writing reports. We share some tips that we've learned, and discuss ways that AI can (and can't) help with that process. We also talk about the benefit of using tools like Fabric, Loom, and ShareX.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Resources:XSS WAF Bypass by multi-char HTML entitiesShazzerNext.js and cache poisoningNagli's Nuclei Templatehey why can't you fix this one bugJustin's reporting templating softwareFabricBB Report Formatter2to3 Automated Python ConverterShareXSkitchTimestamps:(00:00:00) Introduction(00:04:00) XSS WAF Bypass by Multi-char HTML Entities(00:11:59) Next.js and Cache Poisoning(00:18:03) Nagli's Nuclei Template and Sean Yeoh's Blog(00:27:34) Report Writing and AI(00:50:02) Reporting tips

Critical Thinking - Bug Bounty Podcast
Episode 77: Bug Bounty Mental - Practical Tips for Staying Sharp & Motivated

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later Jun 27, 2024 110:26


Episode 77: In this episode of Critical Thinking - Bug Bounty Podcast Joel and Justin discuss some fresh writeups including some MongoDB injections, ORMs, and exploits in Kakao and iOS before pivoting into a conversation about staying motivated and avoiding burnout while hunting.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Resources:MongoDB NoSQL Injectionhttps://soroush.me/blog/2024/06/mongodb-nosql-injection-with-aggregation-pipelines/Mongo DB Is Web Scalehttps://www.youtube.com/watch?v=b2F-DItXtZs1-click Exploit in Kakaohttps://stulle123.github.io/posts/kakaotalk-account-takeover/Unsecure time-based secret and Sandwich Attackhttps://www.aeth.cc/public/Article-Reset-Tolkien/secret-time-based-article-en.htmlReset Tolkienhttps://github.com/AethliosIK/reset-tolkieniOS URL Scheme Hijacking Revampedhttps://evanconnelly.github.io/post/ios-oauth/PLORMBING YOUR DJANGO ORMhttps://www.elttam.com/blog/plormbing-your-django-orm/#contentTimestamps:(00:00:00) Introduction(00:02:07) MongoDB NoSQL Injection(00:12:42) 1-click Exploit in Kakao(00:33:21) Time-based secrets and Reset Tolkien(00:39:26) iOS URL Scheme Hijacking Revamped(00:51:42) ORMs(00:58:57) Community Bug Submission(01:07:45) Motivation, Mental Sharpness, and Burnout avoidance

Critical Thinking - Bug Bounty Podcast
Episode 76: Match & Replace - HTTP Proxies' Most Underrated Feature

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later Jun 20, 2024 94:42


Episode 76: In this episode of Critical Thinking - Bug Bounty Podcast we're talking about Match and Replace and the often overlooked use cases for it, like bypassing paywalls, modifying host headers, and storing payloads. We also talk about the HackerOne Ambassador World Cup and the issues with dupe submissions, and go through some write-ups.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.ResourcesZoom Session Takeoverhttps://nokline.github.io/bugbounty/2024/06/07/Zoom-ATO.htmlSharePoint XXEhttps://x.com/thezdi/status/1796207012520366552Shazzerhttps://shazzer.co.uk/Timestamps: (00:00:00) Introduction(00:05:06) H1 Ambassador World Cup(00:13:57) Zoom ATO bug(00:33:28) SharePoint XXE(00:39:36) Shazzer(00:46:36) Match and Replace(01:13:01) Match and Replace in Mobile(01:21:13) Header Replacements

Critical Thinking - Bug Bounty Podcast
Episode 75: *Rerun* of The OG Bug Bounty King - Frans Rosen

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later Jun 13, 2024 164:52


Episode 75: In this episode of Critical Thinking - Bug Bounty Podcast, Justin and Joel are sick, So instead of a new full episode, we're going back 30 episodes to review.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!Today's Guest: https://twitter.com/fransrosen DetectifyDiscovering s3 subdomain takeovershttps://labs.detectify.com/writeups/hostile-subdomain-takeover-using-heroku-github-desk-more/bucket-disclose.shhttps://gist.github.com/fransr/a155e5bd7ab11c93923ec8ce788e3368A deep dive into AWS S3 access controlsAttacking Modern Web TechnologiesLive Hacking like a MVHAccount hijacking using Dirty Dancing in sign-in OAuth flowsTimestamps:(00:00:00) Introduction(00:11:41) Franz Rosen's Bug Bounty Journey and Detectify (00:20:21) Pseudo-code, typing, and thinking like a dev(00:27:11) Hunter Methodologies and automationists(00:42:31) Time on targets, Iteration vs. Ideation(00:58:01) S3 subdomain takeovers(01:11:53) Blog posting and hosting motivations(01:20:21) Detectify and entrepreneurial endeavors(01:36:41) Attacking Modern Web Technologies(01:52:51) postMessage and MessagePort(02:05:00) Live Hacking and Collaboration(02:20:41) Account Hijacking and OAuth Flows(02:35:39) Hacking + Parenthood

Shawn Ryan Show
#85 Bryce Case Jr. on Developing Cyber Weapons and Hacking NASA, Miley Cyrus, and Paris Hilton

Shawn Ryan Show

Play Episode Listen Later Nov 23, 2023 357:12


Bryce Case Jr., aka YTCracker, is a hacker and musician. Bryce has been called "The Original Digital Gangster" for his early adoption and manipulation of all things online. Ryan Montgomery, a fan favorite on SRS, calls Bryce his mentor. In this special Holiday release, we cover Bryce's life story starting with his early exploits when the internet was just coming into itself. We discuss his aptitude for clever digital marketing and finding money-making opportunities in every corner of America Online. Bryce made a name for himself in the hacking community by digitally defacing government websites like NASA and propping up coalitions of hackers across the web. A "Black Hat" now turned "White Hat," Bryce Case Jr. has repurposed his unscrupulous skill-set into a leading force for cybersecurity, working with some of the largest tech companies in the world. Shawn Ryan Show Sponsors: https://lairdsuperfood.com - USE CODE "SRS" https://shopify.com/shawn https://gcu.edu/military https://puretalk.com/ryan https://1stphorm.com/srs https://bubsnaturals.com - USE CODE "SHAWN" https://blackbuffalo.com - USE CODE "SRS" Bryce Case Jr. Links: IG - https://instagram.com/y7cracker Twitter / X - https://twitter.com/realytcracker FB - https://facebook.com/ytcracker Website - https://ytcracker.com Please leave us a review on Apple & Spotify Podcasts. Vigilance Elite/Shawn Ryan Links: Website | Patreon | TikTok | Instagram | Download Learn more about your ad choices. Visit podcastchoices.com/adchoices