Our Take on PortSwigger's Top 10 Web Hacking Techniques of 2023 (Ep. 60)

Поделиться
HTML-код
  • Опубликовано: 5 авг 2024
  • Episode 60: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel review the Portswigger Research list of top 10 web hacking techniques of 2023.
    Follow us on twitter at: / ctbbpodcast
    We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
    Shoutout to / realytcracker for the awesome intro music!
    ====== Links ======
    Follow your hosts Rhynorater & Teknogeek on twitter:
    / 0xteknogeek
    / rhynorater
    ====== Ways to Support CTBBPodcast ======
    Hop on the CTBB Discord at ctbb.show/discord!
    We also do Discord subs at $25, $10, $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
    Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.
    Resources:
    Top 10 web hacking techniques of 2023
    portswigger.net/research/top-...
    1: Smashing the state machine
    portswigger.net/research/smas...
    8: From Akamai to F5 to NTLM
    blog.malicious.group/from-aka...
    3: SMTP Smuggling
    sec-consult.com/blog/detail/s...
    4: PHP filter chains
    www.synacktiv.com/publication...
    (Bonus Read)
    www.synacktiv.com/publication...
    5: HTTP Parsers Inconsistencies
    rafa.hashnode.dev/exploiting-...
    6: HTTP Request Splitting
    offzone.moscow/upload/iblock/...
    7: How I Hacked Microsoft Teams
    speakerdeck.com/masatokinugaw...
    9: Cookie Crumbles
    www.usenix.org/conference/use...
    (Bonus Read)
    blog.ankursundara.com/cookie-...
    10: Hacking root EPP servers to take control of zones
    hackcompute.com/hacking-epp-s...
    Timestamps:
    (00:00:00) Introduction
    (00:04:26) 1: Smashing the state machine
    (00:11:56) 8: From Akamai to F5 to NTLM... with love
    (00:17:11) 3: SMTP Smuggling
    (00:26:27) 4: PHP filter chains
    (00:36:40) 5: HTTP Parsers Inconsistencies
    (00:44:56) 6: HTTP Request Splitting
    (00:53:43) 7: How I Hacked Microsoft Teams
    (01:02:25) 9: Cookie Crumbles
    (01:11:36) 10: EPP Server Takeover
    (01:15:21) Summary
  • НаукаНаука

Комментарии • 5

  • @saptaksaha9648
    @saptaksaha9648 4 месяца назад

    Hv seen james kettle’s research where few proxies allowed him to send SMTP packets out of nowhere through request smuggling..I guess that is why james hv picked this issue as a extension of web attack landscape

  • @harland5954
    @harland5954 3 месяца назад

    *Promo sm* 😃

  • @holydicks
    @holydicks 5 месяцев назад +6

    Once you notice the vocal fry of the man in the dungeon this podcast becomes impossible to listen to

    • @dy5topian
      @dy5topian 5 месяцев назад

      wym?

    • @TRD_Mike
      @TRD_Mike 3 месяца назад

      "ImPoSsIbLe To LiStEn To!" LOL ok. Bye Felicia.

Следующие
Автовоспроизведение
Best Technical Content from 2023 (Ep. 52)3:00:01Best Technical Content from 2023 (Ep. 52)
Best Technical Content from 2023 (Ep. 52)Critical Thinking - Bug Bounty Podcast
Просмотров 2,6 тыс.
Bug Bounty Gadget Hunting & Hacker's Intuition (Ep. 59)1:39:09Bug Bounty Gadget Hunting & Hacker's Intuition (Ep. 59)
Bug Bounty Gadget Hunting & Hacker's Intuition (Ep. 59)Critical Thinking - Bug Bounty Podcast
Просмотров 3,1 тыс.
They Laundered Dirty Bitcoin at a Supermarket Café🎙Darknet Diaries Ep. 81: The Vendor1:18:00They Laundered Dirty Bitcoin at a Supermarket Café🎙Darknet Diaries Ep. 81: The Vendor
They Laundered Dirty Bitcoin at a Supermarket Café🎙Darknet Diaries Ep. 81: The VendorJack Rhysider
Просмотров 187 тыс.
A Star Is About to Explode (And You'll Be Able to See It)08:45A Star Is About to Explode (And You'll Be Able to See It)
A Star Is About to Explode (And You'll Be Able to See It)StarTalk
Просмотров 2,4 млн
What REALLY Happened To Shelly-Ann Fraser-Pryce05:14What REALLY Happened To Shelly-Ann Fraser-Pryce
What REALLY Happened To Shelly-Ann Fraser-PryceTotal Running Productions
Просмотров 1,3 млн
I Spent 100 Days in a Fungal Outbreak in Hardcore Minecraft... Here's What Happened3:41:51I Spent 100 Days in a Fungal Outbreak in Hardcore Minecraft... Here's What Happened
I Spent 100 Days in a Fungal Outbreak in Hardcore Minecraft... Here's What HappenedForge Labs
Просмотров 1,1 млн
Noah Lyles WINS GOLD in Men's 100M in PHOTO FINISH I CBS Sports01:12Noah Lyles WINS GOLD in Men's 100M in PHOTO FINISH I CBS Sports
Noah Lyles WINS GOLD in Men's 100M in PHOTO FINISH I CBS SportsCBS Sports
Просмотров 610 тыс.
researcher accidentally finds 0-day affecting his entire internet service provider29:02researcher accidentally finds 0-day affecting his entire internet service provider
researcher accidentally finds 0-day affecting his entire internet service providerLow Level Learning
Просмотров 695 тыс.
Why CrowdStrike's Baffling BSOD Disaster Was Avoidable44:22Why CrowdStrike's Baffling BSOD Disaster Was Avoidable
Why CrowdStrike's Baffling BSOD Disaster Was AvoidableRisky Business Media
Просмотров 2,4 тыс.
"The Life & Death of htmx" by Alexander Petros at Big Sky Dev Con 202423:01"The Life & Death of htmx" by Alexander Petros at Big Sky Dev Con 2024
"The Life & Death of htmx" by Alexander Petros at Big Sky Dev Con 2024Montana Programmers
Просмотров 43 тыс.
The real world truth about AI Hacking40:08The real world truth about AI Hacking
The real world truth about AI HackingDavid Bombal
Просмотров 40 тыс.
Node.js: The Documentary | An origin story1:02:49Node.js: The Documentary | An origin story
Node.js: The Documentary | An origin storyHoneypot
Просмотров 564 тыс.
DEF CON 30 - Sam Bent - Tor - Darknet Opsec By a Veteran Darknet Vendor48:29DEF CON 30 - Sam Bent - Tor - Darknet Opsec By a Veteran Darknet Vendor
DEF CON 30 - Sam Bent - Tor - Darknet Opsec By a Veteran Darknet VendorDEFCONConference
Просмотров 316 тыс.
Crushing Client-Side on Any Scope with MatanBer (Ep. 81)2:04:49Crushing Client-Side on Any Scope with MatanBer (Ep. 81)
Crushing Client-Side on Any Scope with MatanBer (Ep. 81)Critical Thinking - Bug Bounty Podcast
Просмотров 3,2 тыс.
The BEST Esoteric Web Vulnerabilities (Ep. 27)1:20:15The BEST Esoteric Web Vulnerabilities (Ep. 27)
The BEST Esoteric Web Vulnerabilities (Ep. 27)Critical Thinking - Bug Bounty Podcast
Просмотров 1,6 тыс.
I hacked time to recover $3 million from a Bitcoin software wallet21:31I hacked time to recover $3 million from a Bitcoin software wallet
I hacked time to recover $3 million from a Bitcoin software walletJoe Grand
Просмотров 814 тыс.
Замедление YouTube: решение проблемы. Все известные способы05:06Замедление YouTube: решение проблемы. Все известные способы
Замедление YouTube: решение проблемы. Все известные способыTech Talk
Просмотров 238 тыс.
Серьезные проблемы с CPU у Intel и AMD. Маркетинговая дичь от NVIDIA. Youtube замедлили. Что делать?21:05Серьезные проблемы с CPU у Intel и AMD. Маркетинговая дичь от NVIDIA. Youtube замедлили. Что делать?
Серьезные проблемы с CPU у Intel и AMD. Маркетинговая дичь от NVIDIA. Youtube замедлили. Что делать?PRO Hi-Tech
Просмотров 104 тыс.
Подсветка для машины в usb порт с wb #обзор #wildberries #дляавто00:16Подсветка для машины в usb порт с wb #обзор #wildberries #дляавто
Подсветка для машины в usb порт с wb #обзор #wildberries #дляавтоWEISHORN
Просмотров 186 тыс.
ОТРЫГНУЛА ВИДЕОКАРТА RADEON RX 6600M в ИГРОВОМ LEGION 5 PRO / ЧТО БУДЕТ ПРИ ПЕРЕГРЕВЕ НОУТБУКА?🔥33:14ОТРЫГНУЛА ВИДЕОКАРТА RADEON RX 6600M в ИГРОВОМ LEGION 5 PRO / ЧТО БУДЕТ ПРИ ПЕРЕГРЕВЕ НОУТБУКА?🔥
ОТРЫГНУЛА ВИДЕОКАРТА RADEON RX 6600M в ИГРОВОМ LEGION 5 PRO / ЧТО БУДЕТ ПРИ ПЕРЕГРЕВЕ НОУТБУКА?🔥notebook-31
Просмотров 113 тыс.
Product Link in Bio ( # 1776 ) @MaviGadgets ▶️ LED Digital Tally Counter00:10Product Link in Bio ( # 1776 ) @MaviGadgets ▶️ LED Digital Tally Counter
Product Link in Bio ( # 1776 ) @MaviGadgets ▶️ LED Digital Tally CounterMaviGadget
Просмотров 1,2 млн
تجربة أغرب توصيلة شحن ضد القطع تماما00:56تجربة أغرب توصيلة شحن ضد القطع تماما
تجربة أغرب توصيلة شحن ضد القطع تماماصدام العزي
Просмотров 64 млн
GD169A Тестирую и допиливаю. Есть ссылка на Дзен50:58GD169A Тестирую и допиливаю. Есть ссылка на Дзен
GD169A Тестирую и допиливаю. Есть ссылка на ДзенДмитрий Коржевский
Просмотров 42 тыс.
Невероятная находка!😱 ( @vitaskhr Подписывайтесь на него )00:39Невероятная находка!😱 ( @vitaskhr Подписывайтесь на него )
Невероятная находка!😱 ( @vitaskhr Подписывайтесь на него )EpicShortsRussia
Просмотров 630 тыс.