Episode 52: Best Technical Content from Year 1 of CTBB Podcast
Critical Thinking - Bug Bounty Podcast4 Tammi 2024

Episode 52: Best Technical Content from Year 1 of CTBB Podcast

Episode 52: In this episode of Critical Thinking - Bug Bounty Podcast we're going back and highlighting some of the best technical moments from the past year! Hope you enjoy this best of 2023 Supercut!

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

------ Ways to Support CTBBPodcast ------

Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Timestamps:

(00:00:00) Introduction

(00:02:55) Episode 26: Meta tags and base tags in HTML

(00:15:20) Episode 27: Client-side path traversal

(00:23:18) Episode 27: Cookie bombing + cookie jar overflow

(00:35:47) Episode 44: Cross environment authentication bugs

(00:43:17) Episode 47: The open-faced Iframe Sandwich

(00:50:19) Episode 47: js hoisting and classic Joel nerdsnipe

(00:58:28) Episode 29: Sean Yeoh on Subdomains vs IP in recon

(01:04:05) Episode 30: Shubs on reversing enterprise software

(01:24:58) Episode 30: Shubs on building out a recon flow

(01:29:36) Episode 30: Shubs on Hacking IIS Servers

(01:36:45) Episode 37: 0xLupin on smart JavaScript analysis tools

(01:45:42) Episode 45: Frans Rosen On App cache, Service workers cookie stuffing, and postMessage

(02:15:02) Episode 50: Mathias Karlsson on XSLT and MXSS

(02:39:26) Episode 27: Assetnote's sharefile RCE

(02:48:18) Episode 31: Perforce RCE

(02:53:48) Episode 48: Sam Erb's XSLT bug story

(02:58:47) Final thoughts and Special Thanks

Jaksot(162)

Episode 34: Program vs Hacker Debate

Episode 34: Program vs Hacker Debate

Episode 34: In this episode of Critical Thinking - Bug Bounty Podcast, Justin and Joel have both beaten COVID and now square off against each other in a mega-debate representing hackers and program ma...

31 Elo 20232h 10min

Episode 33: The Master of Hacker Show&Tell: Inti De Ceukelaire

Episode 33: The Master of Hacker Show&Tell: Inti De Ceukelaire

Episode 33: In this episode of Critical Thinking - Bug Bounty Podcast, we welcome Inti De Ceukelaire, a seasoned bug hunter known for his creative storytelling and impactful show-and-tell bugs…and let...

24 Elo 20231h 22min

Episode 32: The Great Write-up Low-down

Episode 32: The Great Write-up Low-down

Episode 32: In this episode of Critical Thinking - Bug Bounty Podcast, Joel caught a nasty bug (no, not that kind) so Justin is flying solo, and catches us up to speed on what's been happening in hack...

17 Elo 20231h 1min

Episode 31: Alex Chapman - The Man of Many Crits

Episode 31: Alex Chapman - The Man of Many Crits

Episode 31: In this episode of Critical Thinking - Bug Bounty Podcast, we're thrilled to be joined by Alex Chapman, a seasoned InfoSec hacker and bug bounty hunter. We kick off with Alex sharing his h...

10 Elo 20231h 24min

Episode 30: Recon Legend Shubs - From Burgers to Bounties

Episode 30: Recon Legend Shubs - From Burgers to Bounties

Episode 30: In this episode of Critical Thinking - Bug Bounty Podcast, we're thrilled to be joined by renowned bug bounty hunter Shubs. We kick off with him sharing his journey from burgers to bugs, a...

3 Elo 20231h 19min

Episode 29: Live Episode with Sean Yeoh - Assetnote Engineer

Episode 29: Live Episode with Sean Yeoh - Assetnote Engineer

Episode 29: In this episode of Critical Thinking - Bug Bounty Podcast sit down with Assetnote Engineer Sean Yeoh, and pick his brain about what he's learned on his development journey. We talk about t...

27 Heinä 202359min

Episode 28: Surfin' with CSRFs

Episode 28: Surfin' with CSRFs

Episode 28: In this episode of Critical Thinking - Bug Bounty Podcast, the CSRF’s up, dude! We kick off with a debate about whether or not deep link vulns in mobile apps can be considered CSRF. We als...

20 Heinä 20231h 18min

Episode 27: Top 7 Esoteric Web Vulnerabilities

Episode 27: Top 7 Esoteric Web Vulnerabilities

Episode 27: In this episode of Critical Thinking - Bug Bounty Podcast, we've switched places and now Joel is home while Justin is on the move. We break down seven esoteric web vulnerabilities, and tal...

13 Heinä 20231h 20min