Episode 29: Live Episode with Sean Yeoh - Assetnote Engineer
Critical Thinking - Bug Bounty Podcast27 Heinä 2023

Episode 29: Live Episode with Sean Yeoh - Assetnote Engineer

Episode 29: In this episode of Critical Thinking - Bug Bounty Podcast sit down with Assetnote Engineer Sean Yeoh, and pick his brain about what he's learned on his development journey. We talk about the place and importance of message brokers, and which ones we like best, as well as his engineering philosophy regarding bottleneck prevention and the importance of pursuing optimization. Don't miss this episode of terrific technical tips!

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

Today’s Guest:

https://twitter.com/seanyeoh

Assetnote

https://www.assetnote.io/

https://twitter.com/assetnote

XKCD automation graph

https://xkcd.com/1319/

Github repository

https://github.com/alex/what-happens-when

Article about Queues

https://archive.is/Nan4e

NATS

https://nats.io/

MongoDB

https://www.mongodb.com/

Timestamps:

(00:00:00) Introduction

(00:01:18) Story of Assetnote

(00:05:20) Message Brokers and event-driven architectures

(00:11:15) Preventing bottlenecks and pursuing optimization

(00:21:35) Using a profiler

(00:28:30) Choosing a Message Broker

(00:33:00) Kubernetes and Conntrack Limits

(00:37:13) Databases

(00:46:30) Bug bounty tips: Sub-domain vs. IP Address

(00:51:15) Engineering quandaries

(00:53:38) DNS Wildcards

Jaksot(161)

Episode 9: Headless Browser SSRF & RebindMultiA Tool Release + Web3 Bug

Episode 9: Headless Browser SSRF & RebindMultiA Tool Release + Web3 Bug

Episode 9: In this episode of Critical Thinking - Bug Bounty Podcast we talk about Headless Browser SSRF and drop a tool called RebindMultiA. Joel also walks us through a web3 bug and we cover some bu...

2 Maalis 20231h 8min

Episode 8: PostMessage Bugs, CSS Injection, and Bug Drops

Episode 8: PostMessage Bugs, CSS Injection, and Bug Drops

Episode 8: In this episode of Critical Thinking - Bug Bounty Podcast we drop some critical bugs which leak raw credit card info. We also discuss some CSS Injection & PostMessage related techniques. It...

22 Helmi 202335min

Episode 7: PortSwigger Top 10, TruffleSecurity Drama, and More!

Episode 7: PortSwigger Top 10, TruffleSecurity Drama, and More!

Episode 7: In this episode of Critical Thinking - Bug Bounty Podcast we talk about PortSwigger's Top 10 Web Hacking Techniques of 2022 (link below), some drama surrounding TruffleSecurity's XSS Hunter...

16 Helmi 202356min

Episode 6: Mobile Hacking Attack Vectors with Teknogeek (Joel Margolis)

Episode 6: Mobile Hacking Attack Vectors with Teknogeek (Joel Margolis)

Episode 6: In this episode of Critical Thinking - Bug Bounty Podcast we sit down with mobile hacking legend Joel Margolis and get the scoop on his approach to popping bugs on Android.Follow us on twit...

9 Helmi 20231h 39min

Episode 4: H1-407 Event Madness & Takeaways Part 2 w/ Special Guest Spaceraccoon

Episode 4: H1-407 Event Madness & Takeaways Part 2 w/ Special Guest Spaceraccoon

Episode 4: In this episode of Critical Thinking - Bug Bounty Podcast we have part two of our series on the H1-407 HackerOne Live Hacking Event. This time, we have a special guest SpaceRaccoon (@spacer...

2 Helmi 202345min

Episode 5: AI Security, Hacking WiFi, the New XSS Hunter, and more

Episode 5: AI Security, Hacking WiFi, the New XSS Hunter, and more

Episode 5: In this episode of Critical Thinking - Bug Bounty Podcast we talk about the new XSS Hunter, MD5 collisions and using ChatGPT for security, and much more!Follow us on twitter at: @ctbbpodcas...

2 Helmi 202353min

Episode 3: H1-407 Event Madness & Takeaways Part 1

Episode 3: H1-407 Event Madness & Takeaways Part 1

Episode 3: In this episode of Critical Thinking - Bug Bounty Podcast we talk about some of the interesting things we’ve learned from participating in HackerOne's H1-407 Live Hacking event. We cover de...

26 Tammi 202345min

Episode 2: Exploit Writing & Automation / Do you need to know how to program to hack?

Episode 2: Exploit Writing & Automation / Do you need to know how to program to hack?

Episode 2: In this episode of Critical Thinking - Bug Bounty Podcast we talk about exploit writing/automation, some new tools released in the industry (Of-CORS), the age old question of "Do you have t...

18 Tammi 20231h 14min