Episode 75: In this episode of Critical Thinking - Bug Bounty Podcast, Justin and Joel are sick, So instead of a new full episode, we're going back 30 episodes to review.

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord at https://ctbb.show/discord!

Today's Guest: https://twitter.com/fransrosen

Detectify

Discovering s3 subdomain takeovers

https://labs.detectify.com/writeups/hostile-subdomain-takeover-using-heroku-github-desk-more/

bucket-disclose.sh

https://gist.github.com/fransr/a155e5bd7ab11c93923ec8ce788e3368

A deep dive into AWS S3 access controls

Attacking Modern Web Technologies

Live Hacking like a MVH

Account hijacking using Dirty Dancing in sign-in OAuth flows

Timestamps:

(00:00:00) Introduction

(00:11:41) Franz Rosen's Bug Bounty Journey and Detectify

(00:20:21) Pseudo-code, typing, and thinking like a dev

(00:27:11) Hunter Methodologies and automationists

(00:42:31) Time on targets, Iteration vs. Ideation

(00:58:01) S3 subdomain takeovers

(01:11:53) Blog posting and hosting motivations

(01:20:21) Detectify and entrepreneurial endeavors

(01:36:41) Attacking Modern Web Technologies

(01:52:51) postMessage and MessagePort

(02:05:00) Live Hacking and Collaboration

(02:20:41) Account Hijacking and OAuth Flows

(02:35:39) Hacking + Parenthood