Johan Carlsson - 3 Month Check-in on Full-time Bug Bounty. (Ep. 69)

Поделиться
HTML-код
  • Опубликовано: 5 авг 2024
  • Episode 69: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Johan Carlsson to hear about some updates on his bug hunting journey. We deep-dive a CSP bypass he found in GitHub, a critical he found in GitLab's pipeline, and also talk through his approach to using script gadgets and adapting to highly CSP'd environments. Then we talk about his transition to full-time bug hunting, including the goals he’s set, the successes and challenges, and his current focus on specific bug types like ReDoS and OAuth, and the serendipitous nature of bug hunting.
    Follow us on twitter at: / ctbbpodcast
    We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
    Shoutout to / realytcracker for the awesome intro music!
    ====== Links ======
    Follow your hosts Rhynorater & Teknogeek on twitter:
    / 0xteknogeek
    / rhynorater
    ====== Ways to Support CTBBPodcast ======
    Hop on the CTBB Discord at ctbb.show/discord!
    We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
    Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.
    Nuclei 3.2 Release: nux.gg/podcast
    Today’s Guest:
    / joaxcar
    joaxcar.com/blog/
    Resources:
    Github CSP Bypass:
    gist.github.com/joaxcar/6e5a0...
    CSP Validator:
    cspvalidator.org/
    Cross Window Forgery:
    www.paulosyibelo.com/2024/02/...
    Gitlab Crit:
    gist.github.com/joaxcar/9419b...
    Timestamps
    (00:00:00) Introduction
    (00:09:34) Github CSP Bypass
    (00:38:48) Script Gadgets and growth through Gitlab
    (00:53:53) Gitlab pipeline bug
    (01:12:32) Full-time Bug Bounty
  • НаукаНаука

Комментарии • 9

  • @alvarobalada6528
    @alvarobalada6528 3 месяца назад +2

    I was waiting for this since the beginning of this podcast

  • @jub0bs
    @jub0bs 2 месяца назад +1

    Legend!

  • @poopfeast_420
    @poopfeast_420 3 месяца назад +3

    neat episode number

  • @arunharbola3006
    @arunharbola3006 3 месяца назад +2

    6*9 + 6 + 9 = Hey! It's the 69th Episode , Congratulations Guys . Awesome Work .

  • @mylosovich24
    @mylosovich24 3 месяца назад

    Love your guys pod so much, thank you for keeping these rolling [and in style]

  • @theskelet4r
    @theskelet4r 3 месяца назад

    Another awesome episode!

  • @siddharthchhetry4218
    @siddharthchhetry4218 3 месяца назад +1

    I understood half of the things which they said cool stuff. Need to learn more to understand the other half.

  • @mr_robot1587
    @mr_robot1587 2 месяца назад

    👓+👓+👓+👓(me)
    😂😂😂

  • @TheCyberWarriorGuy
    @TheCyberWarriorGuy 3 месяца назад

    :)

Следующие
Автовоспроизведение
Sandboxed IFrames and WAF Bypasses (Ep. 73)31:14Sandboxed IFrames and WAF Bypasses (Ep. 73)
Sandboxed IFrames and WAF Bypasses (Ep. 73)Critical Thinking - Bug Bounty Podcast
Просмотров 1,3 тыс.
*(char*)0 = 0; - What Does the C++ Programmer Intend With This Code? - JF Bastien - C++ on Sea 202354:28*(char*)0 = 0; - What Does the C++ Programmer Intend With This Code? - JF Bastien - C++ on Sea 2023
*(char*)0 = 0; - What Does the C++ Programmer Intend With This Code? - JF Bastien - C++ on Sea 2023cpponsea
Просмотров 265 тыс.
NahamCon and CSP Bypasses Everywhere (Ep. 70)43:08NahamCon and CSP Bypasses Everywhere (Ep. 70)
NahamCon and CSP Bypasses Everywhere (Ep. 70)Critical Thinking - Bug Bounty Podcast
Просмотров 2,6 тыс.
Monster Hunter Wilds: Basic Mechanics Overview02:14Monster Hunter Wilds: Basic Mechanics Overview
Monster Hunter Wilds: Basic Mechanics OverviewMonster Hunter
Просмотров 500 тыс.
MURDER DRONES Series Finale [TRAILER]01:12MURDER DRONES Series Finale [TRAILER]
MURDER DRONES Series Finale [TRAILER]GLITCH
Просмотров 2,4 млн
Why I Left Donut46:11Why I Left Donut
Why I Left DonutSpeeed
Просмотров 3,9 млн
Brawl Stars Animation: PAINT BRAWL STARTS NOW!00:52Brawl Stars Animation: PAINT BRAWL STARTS NOW!
Brawl Stars Animation: PAINT BRAWL STARTS NOW!Brawl Stars
Просмотров 7 млн
Why The Windows Phone Failed24:08Why The Windows Phone Failed
Why The Windows Phone FailedApple Explained
Просмотров 233 тыс.
Speak about Unveiling the Secrets Bug Bounty Findings Revealed - Ft. Vrushabh Doshi52:56Speak about Unveiling the Secrets Bug Bounty Findings Revealed - Ft. Vrushabh Doshi
Speak about Unveiling the Secrets Bug Bounty Findings Revealed - Ft. Vrushabh DoshiSecurityBoat
Просмотров 1,4 тыс.
Creator of git, Linus Torvalds Presents the Fundamentals of git1:10:15Creator of git, Linus Torvalds Presents the Fundamentals of git
Creator of git, Linus Torvalds Presents the Fundamentals of gitDevelopers Alliance
Просмотров 61 тыс.
Bug Bounty Gadget Hunting & Hacker's Intuition (Ep. 59)1:39:09Bug Bounty Gadget Hunting & Hacker's Intuition (Ep. 59)
Bug Bounty Gadget Hunting & Hacker's Intuition (Ep. 59)Critical Thinking - Bug Bounty Podcast
Просмотров 3,1 тыс.
Write Laravel, not PHP (feat. Aaron Francis) | 02958:45Write Laravel, not PHP (feat. Aaron Francis) | 029
Write Laravel, not PHP (feat. Aaron Francis) | 029Backend Banter
Просмотров 14 тыс.
Why Isn't Functional Programming the Norm? - Richard Feldman46:09Why Isn't Functional Programming the Norm? – Richard Feldman
Why Isn't Functional Programming the Norm? - Richard FeldmanMetosin
Просмотров 1,5 млн
$780,000 in 3 months Bug Bounty!23:55$780,000 in 3 months Bug Bounty!
$780,000 in 3 months Bug Bounty!Tadi
Просмотров 12 тыс.
Motivation and Methodology with Sam Curry (Zlz) (Ep. 65)2:29:06Motivation and Methodology with Sam Curry (Zlz) (Ep. 65)
Motivation and Methodology with Sam Curry (Zlz) (Ep. 65)Critical Thinking - Bug Bounty Podcast
Просмотров 5 тыс.
Gal Nagli: The Israeli Million-Dollar Hacker (Ep. 15)1:08:26Gal Nagli: The Israeli Million-Dollar Hacker (Ep. 15)
Gal Nagli: The Israeli Million-Dollar Hacker (Ep. 15)Critical Thinking - Bug Bounty Podcast
Просмотров 7 тыс.
Ускоряем Youtube за 10 секунд | Полная инструкция04:42Ускоряем Youtube за 10 секунд | Полная инструкция
Ускоряем Youtube за 10 секунд | Полная инструкцияАлександр ЛОБАНОВ
Просмотров 846 тыс.
Проверил, как вам?00:58Проверил, как вам?
Проверил, как вам?Коннор
Просмотров 352 тыс.
Как противодействовать FPV дронам44:34Как противодействовать FPV дронам
Как противодействовать FPV дронамСтратег Диванного Легиона
Просмотров 89 тыс.
КУПИЛ САМЫЙ ПОПУЛЯРНЫЙ ПК ARDOR GAMING в DNS для CS225:51КУПИЛ САМЫЙ ПОПУЛЯРНЫЙ ПК ARDOR GAMING в DNS для CS2
КУПИЛ САМЫЙ ПОПУЛЯРНЫЙ ПК ARDOR GAMING в DNS для CS2JOSKIY
Просмотров 144 тыс.
КУПИЛ ИНДИЙСКИЙ IPHONE 15 ЗА 66000 РУБЛЕЙ!09:47КУПИЛ ИНДИЙСКИЙ IPHONE 15 ЗА 66000 РУБЛЕЙ!
КУПИЛ ИНДИЙСКИЙ IPHONE 15 ЗА 66000 РУБЛЕЙ!DimaViper
Просмотров 41 тыс.
Looks very comfortable. #leddisplay #ledscreen #ledwall #eagerled00:19Looks very comfortable. #leddisplay #ledscreen #ledwall #eagerled
Looks very comfortable. #leddisplay #ledscreen #ledwall #eagerled LED Screen Factory-EagerLED
Просмотров 12 млн
Kindle ✨📖🫶🏻 Paperwhite 11 #kindle #kindlepaperwhite #kindlepaperwhite11 #книги00:47Kindle ✨📖🫶🏻 Paperwhite 11 #kindle #kindlepaperwhite #kindlepaperwhite11 #книги
Kindle ✨📖🫶🏻 Paperwhite 11 #kindle #kindlepaperwhite #kindlepaperwhite11 #книгиЮля Масленникова
Просмотров 338 тыс.
I'll tell you who has the strongest iPad keyboard #ipadkeyboard 3ipadcase #typecase #ipad00:24I'll tell you who has the strongest iPad keyboard #ipadkeyboard 3ipadcase #typecase #ipad
I'll tell you who has the strongest iPad keyboard #ipadkeyboard 3ipadcase #typecase #ipadTypecase
Просмотров 11 млн