Episode 41: Mini Masterclass: Attack Vector Ideation
Critical Thinking - Bug Bounty Podcast19 Loka 2023

Episode 41: Mini Masterclass: Attack Vector Ideation

Episode 41: In this episode of Critical Thinking - Bug Bounty Podcast, Justin takes a break from his busy travel schedule to walk us through a few of his Attack Vector formulation strategies. We’re keeping this one short and sweet, so it can be better used as a reference when looking for new vectors.

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

------ Ways to Support CTBBPodcast ------

Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.

Nahamcon talk by Douglas Day

https://youtu.be/G1RHa7l1Ys4?t=295

Timestamps:

(00:00:00) Introduction

(00:02:53) Use the application like a human, not like a hacker

(00:05:02) Reading documentation looking for "Cannot" statements

(00:08:16) Look at the grayed out areas

(00:10:08) Look for information in the API response

(00:12:38) Differences in the UI between different accounts

(00:13:42) Pay the paywall.

Jaksot(161)

Episode 65: Motivation and Methodology with Sam Curry (Zlz)

Episode 65: Motivation and Methodology with Sam Curry (Zlz)

Episode 65: In this episode of Critical Thinking - Bug Bounty Podcast we sit down with Sam Curry to discuss the ethical considerations and effectiveness of hacking, the importance of good intent, and ...

4 Huhti 20242h 29min

Episode 64: .NET Remoting, CDN Attack Surface, and Recon vs Main App

Episode 64: .NET Remoting, CDN Attack Surface, and Recon vs Main App

Episode 64: In this episode of Critical Thinking - Bug Bounty Podcast we talk about Justin and Joel delve into .NET remoting and how it can be exploited, a recent bypass in the Dom Purify library and ...

28 Maalis 20241h 8min

Episode 63: JHaddix Returns

Episode 63: JHaddix Returns

Episode 63: In this episode of Critical Thinking - Bug Bounty Podcast we welcome back Jason Haddix (From Episode 12) to talk about some updates to his The Bug Hunter's Methodology, as well as his own ...

21 Maalis 20241h 21min

Episode 62: Frontend Language Oddities

Episode 62: Frontend Language Oddities

Episode 62: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel are back with some additional research resources that didn’t make the Portswigger Top-Ten, but that are worth look...

14 Maalis 202458min

Episode 61: A Hacker on Wall Street - JR0ch17

Episode 61: A Hacker on Wall Street - JR0ch17

Episode 61: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by Jasmin Landry to share some stories about startup security, bug bounty, and the challenges of balancing both. ...

7 Maalis 20241h 27min

Episode 60: Our Take on PortSwigger's Top 10 Web Hacking Techniques of 2023

Episode 60: Our Take on PortSwigger's Top 10 Web Hacking Techniques of 2023

Episode 60: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel review the Portswigger Research list of top 10 web hacking techniques of 2023.Follow us on twitter at: @ctbbpodcas...

29 Helmi 20241h 24min

Episode 59: Bug Bounty Gadget Hunting & Hacker's Intuition

Episode 59: Bug Bounty Gadget Hunting & Hacker's Intuition

Episode 59: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel discuss the concept of gadgets and how they can be used to escalate the impact of vulnerabilities. We talk through...

22 Helmi 20241h 39min

Episode 58: Youssef Sammouda - Client-Side & ATO War Stories

Episode 58: Youssef Sammouda - Client-Side & ATO War Stories

Episode 58: In this episode of Critical Thinking - Bug Bounty Podcast we finally sit down with Youssef Samouda and grill him on his various techniques for finding and exploiting client-side bugs and p...

15 Helmi 20241h 54min