Episode 49: Getting Live Hacking Event Invites & Bug Bounty Collab with Nagli
Critical Thinking - Bug Bounty Podcast14 Joulu 2023

Episode 49: Getting Live Hacking Event Invites & Bug Bounty Collab with Nagli

Episode 49: In this episode of Critical Thinking - Bug Bounty Podcast, Justin Gardner is once again joined by Nagli to discuss some of their recent hacking discoveries. They talk about finding and exploiting a backup file in an ASP.NET app, discovering vulnerabilities through Swagger files, and debating the vulnerability of a specific ‘undisclosed’ domain. Then they reflect on 2023’s Live Hacking Event circuit, and preview what’s to come in 2024’s.

This episode sponsored by Wordfence! Wordfence recently launched a game-changer of a bug bounty program with ALL WordPress plugins over 50k installs are in-scope. They are currently paying 6.25x their normal bounty amounts, and have agreed to give CT listeners a 10% bonus on top of that! If you wanna pop some crits and see those bounties roll in, head over to https://ctbb.show/wf for more info and keep an eye on the CTBB Discord for inspiration/collabs.

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

------ Ways to Support CTBBPodcast ------

Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Today’s Guest

Episode Resources:

Shockwave

Why So Serial

New LHE Standards Dropped

Timestamps:

(00:00:00) Introduction

(00:02:37) wwwroot .zip Hack Recap

(00:13:44) Swagger File Hack Recap

(00:18:27) Undisclosed URL Hack Recap

(00:24:29) 2023 LHE Circut Recap

(00:37:14) 2024 LHE Preview and New Standards

(00:47:22) Bug Bounty Motivation

Jaksot(164)

Episode 92 - SAML XPath Confusion, Chinese DNS Poisoning, and AI Powered 403 Bypasser

Episode 92 - SAML XPath Confusion, Chinese DNS Poisoning, and AI Powered 403 Bypasser

Episode 92: In this episode of Critical Thinking - Bug Bounty Podcast In this episode Justin and Joel tackle a host of new research and write-ups, including Ruby SAML, 0-Click exploits in MediaTek Wi-...

10 Loka 202447min

Episode 91: Zero to LHE in 9 Months (feat gr3pme)

Episode 91: Zero to LHE in 9 Months (feat gr3pme)

Episode 91: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner sits down with Critical Thinking’s own HackerNotes writer Brandyn Murtagh (gr3pme) to talk about his journey with B...

3 Loka 20241h 22min

Episode 90: 5k Clickjacking, Encryption Oracles, and Cursor for PoCs

Episode 90: 5k Clickjacking, Encryption Oracles, and Cursor for PoCs

Episode 90: In this episode of Critical Thinking - Bug Bounty Podcast Joel and Justin recap some of their recent hacking ups and downs and have a lively chat about Cursor. Then they cover some some re...

26 Syys 202451min

Episode 89: The Untapped Bug Bounty Landscape of IoT w/ Matt Brown

Episode 89: The Untapped Bug Bounty Landscape of IoT w/ Matt Brown

Episode 89: In this episode of Critical Thinking - Bug Bounty Podcast We’re joined live by Matt Brown to talk about his journey with hacking in the IoT. We cover the specializations and challenges in ...

19 Syys 20241h 58min

Episode 88: News, Tools, and Writeups

Episode 88: News, Tools, and Writeups

Episode 88: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel tackle a whole slate of new research including a new cheat sheet for URL validation bypass from Portswigger, the i...

12 Syys 20241h 6min

Episode 87: 'Hacker Wife' Mariah Gardner on Bug Bounty mentality and relationships

Episode 87: 'Hacker Wife' Mariah Gardner on Bug Bounty mentality and relationships

Episode 87: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with none other than his wife Mariah to talk about Bug Bounty from the perspective of a Significant Other. They s...

5 Syys 20241h 26min

Episode 86: The X-Correlation between Frans & RCE - Research Drop

Episode 86: The X-Correlation between Frans & RCE - Research Drop

Episode 86: In this episode of Critical Thinking - Bug Bounty Podcast Frans blows Justin’s mind with a sneak peak of his new presentation. Note: This is a little different from our normal episode, and...

29 Elo 202442min

Episode 85: Practical Applications of DEFCON 32 Web Research

Episode 85: Practical Applications of DEFCON 32 Web Research

Episode 85: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel talk through some of the research coming out of DEFCON, mainly from the PortSwigger team. Web timing attacks, cach...

22 Elo 20241h 30min