![Critical Thinking - Bug Bounty Podcast](/img/default-banner.jpg)
- Видео 156
- Просмотров 275 720
Critical Thinking - Bug Bounty Podcast
Добавлен 7 дек 2022
A "by Hackers for Hackers" podcast focused on technical content ranging from bug bounty tips, to write-up explanations, to the latest hacking techniques.
The State of CSS Injection - Leaking Text Nodes & HTML Attributes (Ep. 79)
Episode 79: In this episode of Critical Thinking - Bug Bounty Podcast we deepdive CSS injection, and explore topics like sequential import chaining, font ligatures, and attribute exfiltration.
Follow us on twitter at: ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to realytcracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater & Teknogeek on twitter:
0xteknogeek
rhynorater
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to...
Follow us on twitter at: ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to realytcracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater & Teknogeek on twitter:
0xteknogeek
rhynorater
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to...
Просмотров: 596
Видео
Less Writing, More Hacking - Reporting Efficiency Techniques (Ep.78)
Просмотров 1,2 тыс.19 часов назад
Episode 78: In this episode of Critical Thinking - Bug Bounty Podcast we’re talking about writing reports. We share some tips that we’ve learned, and discuss ways that AI can (and can’t) help with that process. We also talk about the benefit of incorporating tools like Fabric, Loom, and ShareX. Follow us on twitter at: ctbbpodcast We're new to this podcasting thing, so feel free to ...
Bug Bounty Mental - Practical Tips for Staying Sharp & Motivated (Ep.77)
Просмотров 2,4 тыс.14 дней назад
Episode 77: In this episode of Critical Thinking - Bug Bounty Podcast Joel and Justin discuss some fresh writeups including some MongoDB injections, ORMs, and exploits in Kakao and iOS before pivoting into a conversation about staying motivated and avoiding burnout while hunting. Follow us on twitter at: ctbbpodcast We're new to this podcasting thing, so feel free to send us any fee...
Match & Replace - HTTP Proxies' Most Underrated Feature (Ep. 76)
Просмотров 1,9 тыс.21 день назад
Episode 76: In this episode of Critical Thinking - Bug Bounty Podcast we’re talking about Match and Replace and the often overlooked use cases for it, like bypassing paywalls, modifying host headers, and storing payloads. We also talk about the HackerOne Ambassador World Cup and the issues with dupe submissions, and go through some write-ups. Follow us on twitter at: ctbbpodcast We'...
*Rerun* of The OG Bug Bounty King - Frans Rosen (Ep. 75)
Просмотров 1,8 тыс.28 дней назад
*Rerun* of The OG Bug Bounty King - Frans Rosen (Ep. 75)
Supply Chain Attack Primer - Popping RCE Without an HTTP Request (feat 0xLupin) (Ep. 74)
Просмотров 2,1 тыс.Месяц назад
Supply Chain Attack Primer - Popping RCE Without an HTTP Request (feat 0xLupin) (Ep. 74)
Sandboxed IFrames and WAF Bypasses (Ep. 73)
Просмотров 1,3 тыс.Месяц назад
Sandboxed IFrames and WAF Bypasses (Ep. 73)
Research TLDRs & Smuggling Payloads in Well Known Data Types (Ep. 72)
Просмотров 1,3 тыс.Месяц назад
Research TLDRs & Smuggling Payloads in Well Known Data Types (Ep. 72)
More VDP Chats & AI Bias Bounty Strats with Keith Hoodlet (Ep. 71)
Просмотров 1,3 тыс.Месяц назад
More VDP Chats & AI Bias Bounty Strats with Keith Hoodlet (Ep. 71)
NahamCon and CSP Bypasses Everywhere (Ep. 70)
Просмотров 2,5 тыс.2 месяца назад
NahamCon and CSP Bypasses Everywhere (Ep. 70)
Johan Carlsson - 3 Month Check-in on Full-time Bug Bounty. (Ep. 69)
Просмотров 2,5 тыс.2 месяца назад
Johan Carlsson - 3 Month Check-in on Full-time Bug Bounty. (Ep. 69)
0-days & HTMX-SS with Mathias (Ep. 68)
Просмотров 2 тыс.2 месяца назад
0-days & HTMX-SS with Mathias (Ep. 68)
VDPs & Accidental Program VS Hacker Debate Part 2 (Ep. 67)
Просмотров 1,7 тыс.2 месяца назад
VDPs & Accidental Program VS Hacker Debate Part 2 (Ep. 67)
CDN-CGI Research, Intent To Ship, and Louis Vuitton (Ep. 66)
Просмотров 2,1 тыс.3 месяца назад
CDN-CGI Research, Intent To Ship, and Louis Vuitton (Ep. 66)
Motivation and Methodology with Sam Curry (Zlz) (Ep. 65)
Просмотров 5 тыс.3 месяца назад
Motivation and Methodology with Sam Curry (Zlz) (Ep. 65)
.NET Remoting, CDN Attack Surface, and Recon vs Main App (Ep. 64)
Просмотров 1,9 тыс.3 месяца назад
.NET Remoting, CDN Attack Surface, and Recon vs Main App (Ep. 64)
Frontend Language Oddities (Ep. 62)
Просмотров 1,4 тыс.3 месяца назад
Frontend Language Oddities (Ep. 62)
A Hacker on Wall Street - JR0ch17 (Ep. 61)
Просмотров 1,9 тыс.4 месяца назад
A Hacker on Wall Street - JR0ch17 (Ep. 61)
Our Take on PortSwigger's Top 10 Web Hacking Techniques of 2023 (Ep. 60)
Просмотров 2,3 тыс.4 месяца назад
Our Take on PortSwigger's Top 10 Web Hacking Techniques of 2023 (Ep. 60)
Bug Bounty Gadget Hunting & Hacker's Intuition (Ep. 59)
Просмотров 3,1 тыс.4 месяца назад
Bug Bounty Gadget Hunting & Hacker's Intuition (Ep. 59)
Youssef Sammouda - Client-Side & ATO War Stories (Ep. 58)
Просмотров 5 тыс.4 месяца назад
Youssef Sammouda - Client-Side & ATO War Stories (Ep. 58)
Episode 57: Live Hacking Event Inside Scoop - H1-305
Просмотров 1,6 тыс.5 месяцев назад
Episode 57: Live Hacking Event Inside Scoop - H1-305
Using Data Science to win Bug Bounty - Mayonaise (aka Jon Colston) (Ep. 56)
Просмотров 3 тыс.5 месяцев назад
Using Data Science to win Bug Bounty - Mayonaise (aka Jon Colston) (Ep. 56)
Popping WordPress Plugins - Methodology Brain dump (Ep. 55)
Просмотров 2,2 тыс.5 месяцев назад
Popping WordPress Plugins - Methodology Brain dump (Ep. 55)
White Box Formulas - Vulnerable Coding Patterns (Ep. 54)
Просмотров 1,6 тыс.5 месяцев назад
White Box Formulas - Vulnerable Coding Patterns (Ep. 54)
500k/yr as Full-Time Bug Hunter & Content Creator - Nahamsec (Ep. 53)
Просмотров 11 тыс.6 месяцев назад
500k/yr as Full-Time Bug Hunter & Content Creator - Nahamsec (Ep. 53)
Best Technical Content from 2023 (Ep. 52)
Просмотров 2,6 тыс.6 месяцев назад
Best Technical Content from 2023 (Ep. 52)
Hacker Stats 2023 & 2024 Goals (Ep. 51)
Просмотров 1,9 тыс.6 месяцев назад
Hacker Stats 2023 & 2024 Goals (Ep. 51)
Mathias "Fall in a well" Karlsson - Bug Bounty Prophet (Ep. 50)
Просмотров 2,7 тыс.6 месяцев назад
Mathias "Fall in a well" Karlsson - Bug Bounty Prophet (Ep. 50)
Lol, "isreali"
Best advice!
Could you please not interrupt the guest every 0.5 second?
Great episode, as always. 🙇 This chaining of a semi-open redirect with an open redirect as part of Kakao's bug (explained by Joel at around 22:00) reminded me of one of the first (if only modest) bounties I ever got; for more details, see report 1032610 on h1.
I dont see any postmessage through this extension at all and i check it on all my pentest engagement since 2 years 😅
Amazing dude ❤😂🎉😢😮😅😊
When you listen to the top hackers most of them are 100% proud nerds, too cool :)
good stuff guys love the content as always as the humor is always great
Nice research...
Vote for James Kettle Episode
Literally feel relatable at 50:12 😅😂
맨날쓰던 어플에 이런 취약점이 있었다니..
I imagine all those cache poisoning bugs will be bypassed by this or not ?
You guys should also do live recon.
I agree about the dupe thing. I spent days working on an RCE and finally got it. But it ended up being a dupe. But in the time I spent looking for the information to exploit the RCE I found other bugs that got accepted. So it wasn’t a total loss
I love you guys' podcast. This is so incredibly valuable. Thank you.
So glad you enjoy it - we make it for you! ❤️
This is news to me, hearing english (justin talking about calories and diets) from these guys, never knew they could speak
🤯
My bug bounty dads 🥰😂
❤️
Hey guys! Thanks for always delivering everyweek! It's been part of my weekly routine for months and have already watched all of the episodes. Keep grinding, we all appreciate you!
Our pleasure!
First
Second
Third
Fourth
Fifth
Six
❤
Thanks
💜💜💚
Cookie Bugs - Smuggling & Injection from Ankur Sundara, is that the paper you referenced ?
Yep, that's the one.
Tired of the "OG" crap.
get over it jeff
❤❤❤❤
2:13:22 🦐 🥪 * Gliding in on a shrimp sandwich 🇸🇪 = * Getting everything served on a silver platter. * Getting success without effort. * Getting a free ride.
Can you add a link to the episode so we don't have to go searching guys?
Dude, I am sick too!
The legend ❤
host just destroyed my 10mintues 🤬
No, I find it very helpful and motivation to me
Thank you so much for commitment and keeping it up ❤
i just stopped what i was doing when i saw "Frans Rosen"🙂
🔥
Okay, so who was explaining both of them were just chatting, 🤧 , guys you were supposed to explain, all of the pipelining and ci cd stuff, how are we supposed to know... you cant just assume that. 😵
no wonder I didn't understand half of it.
Amazing🎉😊
Great Info Thanks So Much For the Episode.
Bro Can you explain a little bit more
Am i the only one that does not understand a thing about what they said ?
All I heard was cache... or cash... I hope it was cash
Me when they go deep on s and client side path traversal lol. Since I'm a dev this one was fine for me
Bruh the fact that shubs said it's a "known technique" but none of us knew that, makes me wonder how many more of such techniques he has up his sleeves
Always excellent podcast! Thanks guys!
28:45 i feel like programs would argue that this isnt actually bug and group admin should be careful not to invite malicious people.
Are you reporting the found issues to the library owners?
Can you guys interview the bugbountyhq mark Litchfield...
Perfect timing on the WAF tutorial. It follows up & meshes well with Shubs WAF tips from NahanCon2024. ❤ you guys...thanx for sharing!! 💪
Great pod per usual :)
Where is your Caido plugin version of nowafpls? Or should I be searching for nowafplz? :P
I Love Thursdays! Thank you for another awesome episode
Shout out to riddle