Episode 15: The Israeli Million-Dollar Hacker
Critical Thinking - Bug Bounty Podcast13 Huhti 2023

Episode 15: The Israeli Million-Dollar Hacker

Episode 15: In this episode of Critical Thinking - Bug Bounty Podcast we talk with the latest Million-Dollar bug bounty hunter: @naglinagli . He talks about his climb from $1,000 in bounties to $1,000,000, recon tips and tricks, and some bug reports that made the news and landed him the "Best Bug" award at a H1 Live Hacking event.

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

Follow Nagli and his new startup Shockwave:

https://twitter.com/naglinagli

https://twitter.com/shockwave_sec

HackMD Collaborative Notes:

https://hackmd.io/

Ian Carroll's Airline Miles Website:

https://seats.aero

Nagli's Tweet in ChatGPT Web Cache Deception:

https://twitter.com/naglinagli/status/1639343866313601024

Timestamps:

(00:00:00) Intro

(00:04:40) Nagli’s Climb

(00:05:40) What kind of vulns do you look for?

(00:09:25) Working with other hackers

(00:10:20) Bug Bounty Hunter’s Guild

(00:12:35) Shockwave product

(00:14:12) Outsourcing tool development

(00:18:46) What got you started?

(00:21:13) Manual hacking vs recon suite + LHE focus

(00:25:00) How do you take notes

(00:29:42) Biggest things that you’ve learned over the past 2 years

(00:31:29) How do you ingest new techniques?

(00:31:50) Collaboration

(00:37:20) Justin Ranting about “Trained Eyes”

(00:40:18) Time spent coding vs hacking

(00:45:28) Travel and spending habits

(00:54:16) Grep is Nagli’s database

(00:56:20) Nagli’s ChatGPT Web Cache Deception

(00:58:44) What does your alerting look like?

(01:01:50) Nagli’s “Most Critical” SSRF

(01:04:30) Burp Active Scan

Jaksot(162)

Episode 58: Youssef Sammouda - Client-Side & ATO War Stories

Episode 58: Youssef Sammouda - Client-Side & ATO War Stories

Episode 58: In this episode of Critical Thinking - Bug Bounty Podcast we finally sit down with Youssef Samouda and grill him on his various techniques for finding and exploiting client-side bugs and p...

15 Helmi 20241h 54min

Episode 57: Technical breakdown from Miami Hacking Event - H1-305

Episode 57: Technical breakdown from Miami Hacking Event - H1-305

Episode 57: In this episode of Critical Thinking - Bug Bounty Podcast, Justin and Joel are live from Miami, and recap their experience and share takeaways from the live hacking event. They highlight t...

8 Helmi 202432min

Episode 56: Using Data Science to win Bug Bounty - Mayonaise (aka Jon Colston)

Episode 56: Using Data Science to win Bug Bounty - Mayonaise (aka Jon Colston)

Episode 56: Using Data Science to win Bug Bounty - Mayonaise (aka Jon Colston)Episode 56: In this episode of Critical Thinking - Bug Bounty Podcast, Justin sits down with Jon Colston to discuss how hi...

1 Helmi 20241h 47min

Episode 55: Popping WordPress Plugins - Methodology Braindump

Episode 55: Popping WordPress Plugins - Methodology Braindump

Episode 55: In this episode of Critical Thinking - Bug Bounty Podcast, Justin is joined by Wordpress Security Researcher Ram Gall to discuss both functionality and vulnerabilities within Wordpress Plu...

25 Tammi 20241h 44min

Episode 54: White Box Formulas - Vulnerable Coding Patterns

Episode 54: White Box Formulas - Vulnerable Coding Patterns

Episode 54: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel are back with news items and new projects. Joel shares about his personal scraping project to gather data on bug b...

18 Tammi 20241h 12min

Episode 53: 500k/yr as Full-Time Bug Hunter & Content Creator - Nahamsec

Episode 53: 500k/yr as Full-Time Bug Hunter & Content Creator - Nahamsec

Episode 53: In this episode of Critical Thinking - Bug Bounty Podcast,we’re joined by none other than NahamSec. We start by discusses the challenges he faced on his journey in bug bounty hunting and c...

11 Tammi 20241h 40min

Episode 52: Best Technical Content from Year 1 of CTBB Podcast

Episode 52: Best Technical Content from Year 1 of CTBB Podcast

Episode 52: In this episode of Critical Thinking - Bug Bounty Podcast we're going back and highlighting some of the best technical moments from the past year! Hope you enjoy this best of 2023 Supercut...

4 Tammi 20243h

Episode 51: Hacker Stats 2023 & 2024 Goals

Episode 51: Hacker Stats 2023 & 2024 Goals

Episode 51: In this episode of Critical Thinking - Bug Bounty Podcast, Justin and Joel are back for the last episode of 2023. We discuss some noteworthy news items including a Hacker One Crit, Caido u...

28 Joulu 20231h 21min