NahamCon and CSP Bypasses Everywhere (Ep. 70)
HTML-код
- Опубликовано: 11 июл 2024
- Episode 70: In this episode of Critical Thinking - Bug Bounty Podcast we’re once again joined by Ben Sadeghipour to talk about some Nahamcon news, as well as discuss a couple other LHE’s taking place. Then they cover CI/CD and drop some cool CSP Bypasses.
Follow us on twitter at: / ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to / realytcracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater & Teknogeek on twitter:
/ 0xteknogeek
/ rhynorater
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Today’s Guest: / nahamsec
www.nahamcon.com/
Resources:
Depi
www.landh.tech/depi
RUclips CSP:
ruclips.net/user/oembed?callba...)
Maps CSP:
maps.googleapis.com/maps/api/...
Google APIs CSP
www.googleapis.com/customsear...)
Google CSP
www.google.com/complete/searc...
CSP Bypass for opener.child.child.child.click()
octagon.net/blog/2022/05/29/b...
Timestamps:
(00:00:00) Introduction
(00:02:55) BSides Takeaways and hacking on Meta
(00:12:12) NahamCon News
(00:23:45) CI/CD and the launch of Depi
(00:33:29) CSP Bypasses 
Наука
Eyes out for that SSRF 👀
Another Awesome episode, excited for Nahamcon and the talks!
Legend is here ❤👑
look at CDNs ,if a web-app uses its, probably its storing a bunch files which either help you bypass csp or themselves are vulnerable. These files can be angularjs legacy file or files with use utilised in some sort od jsonp calls
ben Again, LETs GOOO
we love ben
Second 😊
third
Firsttttt