Episode 66: CDN-CGI Research, Intent To Ship, and Louis Vuitton
Critical Thinking - Bug Bounty Podcast11 Huhti 2024

Episode 66: CDN-CGI Research, Intent To Ship, and Louis Vuitton

Episode 66: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel discuss the recent YesWeHack Louis Vuitton LHE, the importance of failure as growth in bug bounty, and Justin shares his research on CDN CGI.

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

Project Discovery Conference: https://nux.gg/hss24

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Resources:

YesWeHack Luis Vuitton LHE

https://twitter.com/yeswehack/status/1776280653744554287

https://event.yeswehack.com/events/hack-me-im-famous-2

Caido Workflows

https://github.com/caido/workflows

Oauth Redirects

https://twitter.com/Akshanshjaiswl/status/1724143813088940192

Bagipro Golden URL techniques

https://hackerone.com/reports/431002

Roadmap I followed to make 15,000+$ Bounties in my first 8 months https://shreyaschavhan.notion.site/Roadmap-I-followed-to-make-15-000-Bounties-in-my-first-8-months-of-starting-out-and-my-journey-98b1b9ff621645c0b97d1e774992f300

Monke Hacks Blog

https://monkehacks.beehiiv.com/

PortSwigger post

https://x.com/PortSwiggerRes/status/1766087129908576760

post from Masato Kinugawa

https://x.com/kinugawamasato/status/916393484147290113

Timestamps:

(00:00:00) Introduction

(00:04:19) Louis Vuitton LHE

(00:13:57) Browser Market share

(00:21:13) Justin's Bug of the Week

(00:24:49) Caido Workflows

(00:27:24) Oauth Redirects

(00:32:24) Bug Bounty learning Methodology

(00:41:03) 'Intent To Ship'

(00:48:08) CDN-CGI Research

Jaksot(165)

Episode 133: Building Hacker Communities - Bug Bounty Village, getDisclosed, and the LHE Squad

Episode 133: Building Hacker Communities - Bug Bounty Village, getDisclosed, and the LHE Squad

Episode 133: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Harley and Ari from H1 to talk some about community management roles within Bug Bounty, as well as discuss the ev...

31 Heinä 20251h 16min

Episode 132: Archive Testing Methodology with Mathias Karlsson

Episode 132: Archive Testing Methodology with Mathias Karlsson

Episode 132: In this episode of Critical Thinking - Bug Bounty Podcast, Justin Gardner is joined by Mathias Karlsson to discuss vulnerabilities associated with archives. They talk about his new tool, ...

24 Heinä 20251h 49min

Episode 131: SL Cyber Writeups, Bug Bounty Metastrategy, and Orphaned Github Commits

Episode 131: SL Cyber Writeups, Bug Bounty Metastrategy, and Orphaned Github Commits

Episode 131: In this episode of Critical Thinking - Bug Bounty Podcast we're covering Christmas in July with several banger articles from Searchlight Cyber, as well as covering things like Raycast for...

17 Heinä 202550min

Episode 130: Minecraft Hacks to Google Hacking Star - Valentino

Episode 130: Minecraft Hacks to Google Hacking Star - Valentino

Episode 130: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by Valentino, who shares his journey from hacking Minecraft to becoming a Google hunter. He talks us through sev...

10 Heinä 20251h 8min

Episode 129: Is this how Bug Bounty Ends?

Episode 129: Is this how Bug Bounty Ends?

Episode 129: In this episode of Critical Thinking - Bug Bounty Podcast we chat about the future of hack bots and human-AI collaboration, the challenges posed by tokenization, and the need for cybersec...

3 Heinä 202536min

Episode 128: New Research in Blind SSRF and Self-XSS, and How to Architect Source-code Review AI Bots

Episode 128: New Research in Blind SSRF and Self-XSS, and How to Architect Source-code Review AI Bots

Episode 128: In this episode of Critical Thinking - Bug Bounty Podcast we talking Blind SSRF and Self-XSS, as well as Reversing massive minified JS with AI and a wild Google Logo Ligature BugFollow us...

26 Kesä 202558min

Episode 127: Drama, PDF as JS Chaos, Bounty Profile Apps, And More

Episode 127: Drama, PDF as JS Chaos, Bounty Profile Apps, And More

Episode 127: In this episode of Critical Thinking - Bug Bounty Podcast we address some recent bug bounty controversy before jumping into a slew of news itemsFollow us on XShoutout to YTCracker for the...

19 Kesä 20251h 7min

Episode 126: Hacking AI Series: Vulnus ex Machina - Part 3

Episode 126: Hacking AI Series: Vulnus ex Machina - Part 3

Episode 126: In this episode of Critical Thinking - Bug Bounty Podcast we wrap up Rez0’s AI miniseries ‘Vulnus Ex Machina’. Part 3 includes a showcase of AI Vulns that Rez0 himself has found, and how ...

12 Kesä 202538min