.NET Remoting, CDN Attack Surface, and Recon vs Main App (Ep. 64)
HTML-код
- Опубликовано: 5 авг 2024
- Episode 64: In this episode of Critical Thinking - Bug Bounty Podcast we talk about Justin and Joel delve into .NET remoting and how it can be exploited, a recent bypass in the Dom Purify library and some interesting functionality in the Cloudflare CDN-CGI endpoint. They also touch on the importance of collaboration and knowledge sharing, JavaScript Deobfuscation, the value of impactful POCs, hiding XSS payloads with URL path updates.
====== Links ======
Follow your hosts Rhynorater & Teknogeek on twitter:
/ 0xteknogeek
/ rhynorater
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Check out Project Discovery’s nuclei 3.2 release blog at nux.gg/podcast
Resources:
.NET Remoting
code-white.com/blog/leaking-o...
github.com/codewhitesec/HttpR...
DOM Purify Bug
blog.slonser.info/posts/dompu...
Cloudflare /cdn-cgi/
developers.cloudflare.com/fun...
portswigger.net/research/when...
/ 893404078365069312
/ 1770153059496108231
XSSDoctor's writeup on Javascript deobfuscation
/ javascript-deobfuscati...
renniepak's tweet
x.com/renniepak/status/177226...
Naffy's tweet
/ 1769990551850377254
Timestamps:
(00:00:00) Introduction
(00:07:15) .Net Remoting
(00:17:29) DOM Purify Bug
(00:25:56) Cloudflare /cdn-cgi/
(00:37:11) Javascript deobfuscation
(00:47:26) renniepak's tweet
(00:55:20) Naffy's tweet - Наука
I resonate a lot with you guys on recon, I always have trouble with recon not in the aspect of finding subdomains or assets but with understanding the context of a random host I come across. Especially if all I get back is 401s, 403s, etc. So I typically gravitate more towards the main apps just because I know there’s context there and it’s easy to learn more about it. I definitely want to exercise my recon muscle more though haha
Another great podcast! thank you for sharing
Great episode guys. Hopefully constructive feedback - would you mind putting up some visuals - e.g. share your screen when you're talking about a specific post?
How do we find .net targets to go after?
?
First comment
Can you demonstrate impact? Otherwise i will need to close as informative :)
that was good! LOL@@Get_right95
@@Get_right95 Your comment is totally out of scope!
Duplicate 😂