Our Take on PortSwigger's Top 10 Web Hacking Techniques of 2023 (Ep. 60)
HTML-код
- Опубликовано: 5 авг 2024
- Episode 60: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel review the Portswigger Research list of top 10 web hacking techniques of 2023.
Follow us on twitter at: / ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to / realytcracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater & Teknogeek on twitter:
/ 0xteknogeek
/ rhynorater
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at ctbb.show/discord!
We also do Discord subs at $25, $10, $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.
Resources:
Top 10 web hacking techniques of 2023
portswigger.net/research/top-...
1: Smashing the state machine
portswigger.net/research/smas...
8: From Akamai to F5 to NTLM
blog.malicious.group/from-aka...
3: SMTP Smuggling
sec-consult.com/blog/detail/s...
4: PHP filter chains
www.synacktiv.com/publication...
(Bonus Read)
www.synacktiv.com/publication...
5: HTTP Parsers Inconsistencies
rafa.hashnode.dev/exploiting-...
6: HTTP Request Splitting
offzone.moscow/upload/iblock/...
7: How I Hacked Microsoft Teams
speakerdeck.com/masatokinugaw...
9: Cookie Crumbles
www.usenix.org/conference/use...
(Bonus Read)
blog.ankursundara.com/cookie-...
10: Hacking root EPP servers to take control of zones
hackcompute.com/hacking-epp-s...
Timestamps:
(00:00:00) Introduction
(00:04:26) 1: Smashing the state machine
(00:11:56) 8: From Akamai to F5 to NTLM... with love
(00:17:11) 3: SMTP Smuggling
(00:26:27) 4: PHP filter chains
(00:36:40) 5: HTTP Parsers Inconsistencies
(00:44:56) 6: HTTP Request Splitting
(00:53:43) 7: How I Hacked Microsoft Teams
(01:02:25) 9: Cookie Crumbles
(01:11:36) 10: EPP Server Takeover
(01:15:21) Summary Наука
Hv seen james kettle’s research where few proxies allowed him to send SMTP packets out of nowhere through request smuggling..I guess that is why james hv picked this issue as a extension of web attack landscape
*Promo sm* 😃
Once you notice the vocal fry of the man in the dungeon this podcast becomes impossible to listen to
wym?
"ImPoSsIbLe To LiStEn To!" LOL ok. Bye Felicia.