Episode 49: Getting Live Hacking Event Invites & Bug Bounty Collab with Nagli
Critical Thinking - Bug Bounty Podcast14 Joulu 2023

Episode 49: Getting Live Hacking Event Invites & Bug Bounty Collab with Nagli

Episode 49: In this episode of Critical Thinking - Bug Bounty Podcast, Justin Gardner is once again joined by Nagli to discuss some of their recent hacking discoveries. They talk about finding and exploiting a backup file in an ASP.NET app, discovering vulnerabilities through Swagger files, and debating the vulnerability of a specific ‘undisclosed’ domain. Then they reflect on 2023’s Live Hacking Event circuit, and preview what’s to come in 2024’s.

This episode sponsored by Wordfence! Wordfence recently launched a game-changer of a bug bounty program with ALL WordPress plugins over 50k installs are in-scope. They are currently paying 6.25x their normal bounty amounts, and have agreed to give CT listeners a 10% bonus on top of that! If you wanna pop some crits and see those bounties roll in, head over to https://ctbb.show/wf for more info and keep an eye on the CTBB Discord for inspiration/collabs.

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

------ Ways to Support CTBBPodcast ------

Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Today’s Guest

Episode Resources:

Shockwave

Why So Serial

New LHE Standards Dropped

Timestamps:

(00:00:00) Introduction

(00:02:37) wwwroot .zip Hack Recap

(00:13:44) Swagger File Hack Recap

(00:18:27) Undisclosed URL Hack Recap

(00:24:29) 2023 LHE Circut Recap

(00:37:14) 2024 LHE Preview and New Standards

(00:47:22) Bug Bounty Motivation

Jaksot(165)

Episode 85: Practical Applications of DEFCON 32 Web Research

Episode 85: Practical Applications of DEFCON 32 Web Research

Episode 85: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel talk through some of the research coming out of DEFCON, mainly from the PortSwigger team. Web timing attacks, cach...

22 Elo 20241h 30min

Episode 84: 0xLupin & Takeaways from Google's Las Vegas BugSwat

Episode 84: 0xLupin & Takeaways from Google's Las Vegas BugSwat

Episode 84: In this episode of Critical Thinking - Bug Bounty Podcast, Justin is joined by Roni Carta (@0xLupin) to discuss their MVH win at the recent Google LHE, and share some technical observation...

15 Elo 202427min

Episode 83: Brainstorming Proxy Plugins

Episode 83: Brainstorming Proxy Plugins

Episode 83: In this episode of Critical Thinking - Bug Bounty Podcast Joel and Justin are brainstorming new features and improvements for Caido, such as the implementation of a 403 bypassing workflow,...

8 Elo 202454min

Episode 82: Part-Time Bug Bounty

Episode 82: Part-Time Bug Bounty

Episode 82: In this episode of Critical Thinking - Bug Bounty Podcast Joel Margolis discusses strategies and tips for part-time bug bounty hunting. He covers things like finding (and enforcing) balanc...

1 Elo 202436min

Episode 81: Crushing Client-Side on Any Scope with MatanBer

Episode 81: Crushing Client-Side on Any Scope with MatanBer

Episode 81: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by MatanBer to go over some recent bug reports, as well as share some tips and tricks on client-side hacking and ...

25 Heinä 20242h 4min

Episode 80: Pwn2Own VS H1 Live Hacking Event (feat SinSinology)

Episode 80: Pwn2Own VS H1 Live Hacking Event (feat SinSinology)

Episode 80: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by Sina Kheirkhah to talk about the start of his hacking journey and explore the differences between the Pwn2Own ...

18 Heinä 20242h 49min

Episode 79: The State of CSS Injection - Leaking Text Nodes & HTML Attributes

Episode 79: The State of CSS Injection - Leaking Text Nodes & HTML Attributes

Episode 79: In this episode of Critical Thinking - Bug Bounty Podcast we deepdive CSS injection, and explore topics like sequential import chaining, font ligatures, and attribute exfiltration.Follow u...

11 Heinä 20241h 10min

Episode 78: Less Writing, More Hacking - Reporting Efficiency Techniques

Episode 78: Less Writing, More Hacking - Reporting Efficiency Techniques

Episode 78: In this episode of Critical Thinking - Bug Bounty Podcast we’re talking about writing reports. We share some tips that we’ve learned, and discuss ways that AI can (and can’t) help with tha...

4 Heinä 20241h 6min