Episode 15: The Israeli Million-Dollar Hacker
Critical Thinking - Bug Bounty Podcast13 Huhti 2023

Episode 15: The Israeli Million-Dollar Hacker

Episode 15: In this episode of Critical Thinking - Bug Bounty Podcast we talk with the latest Million-Dollar bug bounty hunter: @naglinagli . He talks about his climb from $1,000 in bounties to $1,000,000, recon tips and tricks, and some bug reports that made the news and landed him the "Best Bug" award at a H1 Live Hacking event.

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

Follow Nagli and his new startup Shockwave:

https://twitter.com/naglinagli

https://twitter.com/shockwave_sec

HackMD Collaborative Notes:

https://hackmd.io/

Ian Carroll's Airline Miles Website:

https://seats.aero

Nagli's Tweet in ChatGPT Web Cache Deception:

https://twitter.com/naglinagli/status/1639343866313601024

Timestamps:

(00:00:00) Intro

(00:04:40) Nagli’s Climb

(00:05:40) What kind of vulns do you look for?

(00:09:25) Working with other hackers

(00:10:20) Bug Bounty Hunter’s Guild

(00:12:35) Shockwave product

(00:14:12) Outsourcing tool development

(00:18:46) What got you started?

(00:21:13) Manual hacking vs recon suite + LHE focus

(00:25:00) How do you take notes

(00:29:42) Biggest things that you’ve learned over the past 2 years

(00:31:29) How do you ingest new techniques?

(00:31:50) Collaboration

(00:37:20) Justin Ranting about “Trained Eyes”

(00:40:18) Time spent coding vs hacking

(00:45:28) Travel and spending habits

(00:54:16) Grep is Nagli’s database

(00:56:20) Nagli’s ChatGPT Web Cache Deception

(00:58:44) What does your alerting look like?

(01:01:50) Nagli’s “Most Critical” SSRF

(01:04:30) Burp Active Scan

Jaksot(161)

Episode 81: Crushing Client-Side on Any Scope with MatanBer

Episode 81: Crushing Client-Side on Any Scope with MatanBer

Episode 81: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by MatanBer to go over some recent bug reports, as well as share some tips and tricks on client-side hacking and ...

25 Heinä 20242h 4min

Episode 80: Pwn2Own VS H1 Live Hacking Event (feat SinSinology)

Episode 80: Pwn2Own VS H1 Live Hacking Event (feat SinSinology)

Episode 80: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by Sina Kheirkhah to talk about the start of his hacking journey and explore the differences between the Pwn2Own ...

18 Heinä 20242h 49min

Episode 79: The State of CSS Injection - Leaking Text Nodes & HTML Attributes

Episode 79: The State of CSS Injection - Leaking Text Nodes & HTML Attributes

Episode 79: In this episode of Critical Thinking - Bug Bounty Podcast we deepdive CSS injection, and explore topics like sequential import chaining, font ligatures, and attribute exfiltration.Follow u...

11 Heinä 20241h 10min

Episode 78: Less Writing, More Hacking - Reporting Efficiency Techniques

Episode 78: Less Writing, More Hacking - Reporting Efficiency Techniques

Episode 78: In this episode of Critical Thinking - Bug Bounty Podcast we’re talking about writing reports. We share some tips that we’ve learned, and discuss ways that AI can (and can’t) help with tha...

4 Heinä 20241h 6min

Episode 77: Bug Bounty Mental - Practical Tips for Staying Sharp & Motivated

Episode 77: Bug Bounty Mental - Practical Tips for Staying Sharp & Motivated

Episode 77: In this episode of Critical Thinking - Bug Bounty Podcast Joel and Justin discuss some fresh writeups including some MongoDB injections, ORMs, and exploits in Kakao and iOS before pivoting...

27 Kesä 20241h 50min

Episode 76: Match & Replace - HTTP Proxies' Most Underrated Feature

Episode 76: Match & Replace - HTTP Proxies' Most Underrated Feature

Episode 76: In this episode of Critical Thinking - Bug Bounty Podcast we’re talking about Match and Replace and the often overlooked use cases for it, like bypassing paywalls, modifying host headers, ...

20 Kesä 20241h 34min

Episode 75: *Rerun* of The OG Bug Bounty King - Frans Rosen

Episode 75: *Rerun* of The OG Bug Bounty King - Frans Rosen

Episode 75: In this episode of Critical Thinking - Bug Bounty Podcast, Justin and Joel are sick, So instead of a new full episode, we're going back 30 episodes to review.Follow us on twitter at: @ctbb...

13 Kesä 20242h 44min

Episode 74: Supply Chain Attack Primer - Popping RCE Without an HTTP Request (feat 0xLupin)

Episode 74: Supply Chain Attack Primer - Popping RCE Without an HTTP Request (feat 0xLupin)

Episode 74: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Roni "Lupin" Carta for a deep dive into supply chain attacks and dependency confusion. We explore the supply...

6 Kesä 20241h 38min