Episode 45: The OG Bug Bounty King - Frans Rosen
Critical Thinking - Bug Bounty Podcast16 Marras 2023

Episode 45: The OG Bug Bounty King - Frans Rosen

Episode 45: In this episode of Critical Thinking - Bug Bounty Podcast, we're thrilled to welcome Frans Rosén, an OG bug bounty hunter and co-founder of Detectify. We kick off with Frans sharing his journey bug bounty and security startups, before diving headfirst into a host of his blog posts. We also cover the value of pseudo-code for bug exploitation, understanding developer terminology, the challenges of collaboration and delegating tasks, and balancing hacking with parenting. If you're interested in bug bounty or entrepreneurship, you won't want to miss it!

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

------ Ways to Support CTBBPodcast ------

Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.

Join our Discord!

Today's Guest:

https://twitter.com/fransrosen

Detectify

Discovering s3 subdomain takeovers

Bucket Disclose

A deep dive into AWS S3 access controls

Attacking Modern Web Technologies

Live Hacking like a MVH

Account hijacking using Dirty Dancing in sign-in OAuth flows

Timestamps:

(00:00:00) Introduction

(00:04:50) Franz Rosen's Bug Bounty Journey and the creation of Detectify

(00:13:30) Benefits of pseudo-code, typing, and thinking like a developer

(00:20:20) Hunter Methodologies

(00:35:40) Time on targets, Iteration vs. Ideation, and tips for standing out

(00:51:10) S3 subdomain takeovers

(01:05:02) Blog posting and hosting motivations

(01:13:30) Detectify and entrepreneurial endeavors

(01:29:50) Attacking Modern Web Technologies

(01:46:00) postMessage and MessagePort

(01:58:09) Live Hacking and Collaboration

(02:13:50) Account Hijacking and OAuth Flows

(02:28:48) Hacking/Parenting

Jaksot(165)

Episode 93: A Chat with Dr. Bouman - Life as a Hacker and a Doctor

Episode 93: A Chat with Dr. Bouman - Life as a Hacker and a Doctor

Episode 93: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Dr. Jonathan Bouman to discuss his unique journey as both a Hacker and a Healthcare Professional. We talk through ...

17 Loka 20241h 41min

Episode 92 - SAML XPath Confusion, Chinese DNS Poisoning, and AI Powered 403 Bypasser

Episode 92 - SAML XPath Confusion, Chinese DNS Poisoning, and AI Powered 403 Bypasser

Episode 92: In this episode of Critical Thinking - Bug Bounty Podcast In this episode Justin and Joel tackle a host of new research and write-ups, including Ruby SAML, 0-Click exploits in MediaTek Wi-...

10 Loka 202447min

Episode 91: Zero to LHE in 9 Months (feat gr3pme)

Episode 91: Zero to LHE in 9 Months (feat gr3pme)

Episode 91: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner sits down with Critical Thinking’s own HackerNotes writer Brandyn Murtagh (gr3pme) to talk about his journey with B...

3 Loka 20241h 22min

Episode 90: 5k Clickjacking, Encryption Oracles, and Cursor for PoCs

Episode 90: 5k Clickjacking, Encryption Oracles, and Cursor for PoCs

Episode 90: In this episode of Critical Thinking - Bug Bounty Podcast Joel and Justin recap some of their recent hacking ups and downs and have a lively chat about Cursor. Then they cover some some re...

26 Syys 202451min

Episode 89: The Untapped Bug Bounty Landscape of IoT w/ Matt Brown

Episode 89: The Untapped Bug Bounty Landscape of IoT w/ Matt Brown

Episode 89: In this episode of Critical Thinking - Bug Bounty Podcast We’re joined live by Matt Brown to talk about his journey with hacking in the IoT. We cover the specializations and challenges in ...

19 Syys 20241h 58min

Episode 88: News, Tools, and Writeups

Episode 88: News, Tools, and Writeups

Episode 88: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel tackle a whole slate of new research including a new cheat sheet for URL validation bypass from Portswigger, the i...

12 Syys 20241h 6min

Episode 87: 'Hacker Wife' Mariah Gardner on Bug Bounty mentality and relationships

Episode 87: 'Hacker Wife' Mariah Gardner on Bug Bounty mentality and relationships

Episode 87: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with none other than his wife Mariah to talk about Bug Bounty from the perspective of a Significant Other. They s...

5 Syys 20241h 26min

Episode 86: The X-Correlation between Frans & RCE - Research Drop

Episode 86: The X-Correlation between Frans & RCE - Research Drop

Episode 86: In this episode of Critical Thinking - Bug Bounty Podcast Frans blows Justin’s mind with a sneak peak of his new presentation. Note: This is a little different from our normal episode, and...

29 Elo 202442min