Episode 18: Audit Code, Earn Bounties
Critical Thinking - Bug Bounty Podcast11 Touko 2023

Episode 18: Audit Code, Earn Bounties

Episode 18: In this episode of Critical Thinking - Bug Bounty Podcast, we dive into everything source-code related: how to get source-code and what to do with it once you have. This episode is packed with great examples of successful source code review, tips on how to review code yourself, and the tools you'll need along the way.

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

Crossing the KASM:

https://www.youtube.com/watch?v=NwMY1umhpgg

PWNAssistant by Elttam:

https://www.elttam.com/blog/pwnassistant/#content

Andre's Git Arbitrary Configuration Injection:

https://blog.ethiack.com/en/blog/git-arbitrary-configuration-injection-cve-2023-29007

Jub0b's a Smorgasbord of a Bug Chain:

https://jub0bs.com/posts/2023-05-05-smorgasbord-of-a-bug-chain/

Ankur Sundara's Cookie Bugs - Smuggling & Injection:

https://twitter.com/ankursundara/status/1654556463703134208?t=7nTUSszPB6fS3MkATzxpaQ&s=19

James Kettle's Notes on Novel Pathways to Poisoning (cool quirks in here):

https://twitter.com/albinowax/status/1654767919690031106?t=vbVEOML5_QnWByi0m8Nv4A&s=19

Ignore Irrelevant Scripts During Debugging by Johan Carlsson:

https://twitter.com/joaxcar/status/1653787336105156616

Every known way to get references to windows:

https://bluepnume.medium.com/every-known-way-to-get-references-to-windows-in-javascript-223778bede2d

VS Code Todo Highlight:

https://marketplace.visualstudio.com/items?itemName=wayou.vscode-todo-highlight

VS Code:

https://code.visualstudio.com/

Jaksot(171)

Episode 11: CV$$, Web Cache Deception, and SSTI

Episode 11: CV$$, Web Cache Deception, and SSTI

Episode 11: In this episode of Critical Thinking - Bug Bounty Podcast we talk about CVSS (the good, the bad, and the ugly), Web Cache Deception (an underrated vuln class) and a sick SSTI Joel and Fish...

16 Maalis 20231h 3min

Episode 10: The Life of a Full-Time Bug Bounty Hunter + BB News + Reports from Mentees

Episode 10: The Life of a Full-Time Bug Bounty Hunter + BB News + Reports from Mentees

Episode 10: In this episode of Critical Thinking - Bug Bounty Podcast we talk about what its like to be a full-time bug bounty hunter, a tonne of bug bounty news, and some great report summaries from ...

9 Maalis 20231h 16min

Episode 9: Headless Browser SSRF & RebindMultiA Tool Release + Web3 Bug

Episode 9: Headless Browser SSRF & RebindMultiA Tool Release + Web3 Bug

Episode 9: In this episode of Critical Thinking - Bug Bounty Podcast we talk about Headless Browser SSRF and drop a tool called RebindMultiA. Joel also walks us through a web3 bug and we cover some bu...

2 Maalis 20231h 8min

Episode 8: PostMessage Bugs, CSS Injection, and Bug Drops

Episode 8: PostMessage Bugs, CSS Injection, and Bug Drops

Episode 8: In this episode of Critical Thinking - Bug Bounty Podcast we drop some critical bugs which leak raw credit card info. We also discuss some CSS Injection & PostMessage related techniques. It...

22 Helmi 202335min

Episode 7: PortSwigger Top 10, TruffleSecurity Drama, and More!

Episode 7: PortSwigger Top 10, TruffleSecurity Drama, and More!

Episode 7: In this episode of Critical Thinking - Bug Bounty Podcast we talk about PortSwigger's Top 10 Web Hacking Techniques of 2022 (link below), some drama surrounding TruffleSecurity's XSS Hunter...

16 Helmi 202356min

Episode 6: Mobile Hacking Attack Vectors with Teknogeek (Joel Margolis)

Episode 6: Mobile Hacking Attack Vectors with Teknogeek (Joel Margolis)

Episode 6: In this episode of Critical Thinking - Bug Bounty Podcast we sit down with mobile hacking legend Joel Margolis and get the scoop on his approach to popping bugs on Android.Follow us on twit...

9 Helmi 20231h 39min

Episode 4: H1-407 Event Madness & Takeaways Part 2 w/ Special Guest Spaceraccoon

Episode 4: H1-407 Event Madness & Takeaways Part 2 w/ Special Guest Spaceraccoon

Episode 4: In this episode of Critical Thinking - Bug Bounty Podcast we have part two of our series on the H1-407 HackerOne Live Hacking Event. This time, we have a special guest SpaceRaccoon (@spacer...

2 Helmi 202345min

Episode 5: AI Security, Hacking WiFi, the New XSS Hunter, and more

Episode 5: AI Security, Hacking WiFi, the New XSS Hunter, and more

Episode 5: In this episode of Critical Thinking - Bug Bounty Podcast we talk about the new XSS Hunter, MD5 collisions and using ChatGPT for security, and much more!Follow us on twitter at: @ctbbpodcas...

2 Helmi 202353min