Critical Thinking - Bug Bounty Podcast Por arte de portada

Critical Thinking - Bug Bounty Podcast

De: Justin Gardner (Rhynorater) & Joel Margolis (teknogeek)
Escúchala gratis

  • Resumen

  • A "by Hackers for Hackers" podcast focused on technical content ranging from bug bounty tips, to write-up explanations, to the latest hacking techniques.
    Critical Thinking Podcast
    Más Menos
activate_primeday_promo_in_buybox_DT
Episodios
  • Episode 79: The State of CSS Injection - Leaking Text Nodes & HTML Attributes

    Episode 79: The State of CSS Injection - Leaking Text Nodes & HTML Attributes
    Jul 11 2024

    Episode 79: In this episode of Critical Thinking - Bug Bounty Podcast we deepdive CSS injection, and explore topics like sequential import chaining, font ligatures, and attribute exfiltration.

    Follow us on twitter at: @ctbbpodcast

    Send us any feedback here: info@criticalthinkingpodcast.io

    Shoutout to YTCracker for the awesome intro music!

    ------ Links ------

    Follow your hosts Rhynorater & Teknogeek on twitter:

    https://twitter.com/0xteknogeek

    https://twitter.com/rhynorater

    ------ Ways to Support CTBBPodcast ------

    Hop on the CTBB Discord at https://ctbb.show/discord!

    We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

    Resources:

    SpaceRaccoon's Universal Code Execution Extensions

    Escalating Client Side Path Traversal

    Full-time Bug Bounty Blueprint

    Sequential Import Chaining

    CSS Exfiltation

    Link that Justin was talking about

    Font Ligatures

    Lava Dome bypass

    Stealing Data in Great Style

    Steal Script Contents

    Masato Kinugawa's tweet

    Attacking with Just CSS

    CSS Injection Primitives

    Timestamps:

    (00:00:00) Introduction

    (00:02:32) Universal Code Execution

    (00:11:32) Escalating Client Side Path Traversal

    (00:16:56) Justin's Defcon talk & Bug Bounty Blueprint

    (00:23:32) CSS Injection

    (00:39:23) Font Ligatures

    (00:54:30) Descent Override and display:block
    Más Menos
    1 h y 10 m
  • Episode 78: Less Writing, More Hacking - Reporting Efficiency Techniques

    Episode 78: Less Writing, More Hacking - Reporting Efficiency Techniques
    Jul 4 2024

    Episode 78: In this episode of Critical Thinking - Bug Bounty Podcast we’re talking about writing reports. We share some tips that we’ve learned, and discuss ways that AI can (and can’t) help with that process. We also talk about the benefit of using tools like Fabric, Loom, and ShareX.

    Follow us on twitter at: @ctbbpodcast

    We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

    Shoutout to YTCracker for the awesome intro music!

    ------ Links ------

    Follow your hosts Rhynorater & Teknogeek on twitter:

    ------ Ways to Support CTBBPodcast ------

    Hop on the CTBB Discord at https://ctbb.show/discord!

    We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

    Resources:

    XSS WAF Bypass by multi-char HTML entities

    Shazzer

    Next.js and cache poisoning

    Nagli's Nuclei Template

    hey why can't you fix this one bug

    Justin's reporting templating software

    Fabric

    BB Report Formatter

    2to3 Automated Python Converter

    ShareX

    Skitch

    Timestamps:

    (00:00:00) Introduction

    (00:04:00) XSS WAF Bypass by Multi-char HTML Entities

    (00:11:59) Next.js and Cache Poisoning

    (00:18:03) Nagli's Nuclei Template and Sean Yeoh's Blog

    (00:27:34) Report Writing and AI

    (00:50:02) Reporting tips
    Más Menos
    1 h y 6 m
  • Episode 77: Bug Bounty Mental - Practical Tips for Staying Sharp & Motivated

    Episode 77: Bug Bounty Mental - Practical Tips for Staying Sharp & Motivated
    Jun 27 2024

    Episode 77: In this episode of Critical Thinking - Bug Bounty Podcast Joel and Justin discuss some fresh writeups including some MongoDB injections, ORMs, and exploits in Kakao and iOS before pivoting into a conversation about staying motivated and avoiding burnout while hunting.

    Follow us on twitter at: @ctbbpodcast

    We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

    Shoutout to YTCracker for the awesome intro music!

    ------ Links ------

    Follow your hosts Rhynorater & Teknogeek on twitter:

    https://twitter.com/0xteknogeek

    https://twitter.com/rhynorater

    ------ Ways to Support CTBBPodcast ------

    Hop on the CTBB Discord at https://ctbb.show/discord!

    We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

    Resources:

    MongoDB NoSQL Injection

    https://soroush.me/blog/2024/06/mongodb-nosql-injection-with-aggregation-pipelines/

    Mongo DB Is Web Scale

    https://www.youtube.com/watch?v=b2F-DItXtZs

    1-click Exploit in Kakao

    https://stulle123.github.io/posts/kakaotalk-account-takeover/

    Unsecure time-based secret and Sandwich Attack

    https://www.aeth.cc/public/Article-Reset-Tolkien/secret-time-based-article-en.html

    Reset Tolkien

    https://github.com/AethliosIK/reset-tolkien

    iOS URL Scheme Hijacking Revamped

    https://evanconnelly.github.io/post/ios-oauth/

    PLORMBING YOUR DJANGO ORM

    https://www.elttam.com/blog/plormbing-your-django-orm/#content

    Timestamps:

    (00:00:00) Introduction

    (00:02:07) MongoDB NoSQL Injection

    (00:12:42) 1-click Exploit in Kakao

    (00:33:21) Time-based secrets and Reset Tolkien

    (00:39:26) iOS URL Scheme Hijacking Revamped

    (00:51:42) ORMs

    (00:58:57) Community Bug Submission

    (01:07:45) Motivation, Mental Sharpness, and Burnout avoidance
    Más Menos
    1 h y 50 m
Más Menos

Lo que los oyentes dicen sobre Critical Thinking - Bug Bounty Podcast

Calificaciones medias de los clientes
Total
  • 5 out of 5 stars
  • 5 estrellas
    2
  • 4 estrellas
    0
  • 3 estrellas
    0
  • 2 estrellas
    0
  • 1 estrella
    0
Ejecución
  • 5 out of 5 stars
  • 5 estrellas
    2
  • 4 estrellas
    0
  • 3 estrellas
    0
  • 2 estrellas
    0
  • 1 estrella
    0
Historia
  • 5 out of 5 stars
  • 5 estrellas
    2
  • 4 estrellas
    0
  • 3 estrellas
    0
  • 2 estrellas
    0
  • 1 estrella
    0

Reseñas - Selecciona las pestañas a continuación para cambiar el origen de las reseñas.

Reseñas de Audible.com

Opiniones de Amazon
Ordenar por:
Filtrar por:
  • Total
    5 out of 5 stars
  • Ejecución
    5 out of 5 stars
  • Historia
    5 out of 5 stars
Imagen de perfil para Kris Roberts

great information

as someone who is still very new to the industry, I like listening to this podcast as I find the information very useful

Denunciar

Se ha producido un error. Vuelve a intentarlo dentro de unos minutos.

Has calificado esta reseña.

Reportaste esta reseña