Episode 88: News, Tools, and Writeups
Critical Thinking - Bug Bounty Podcast12 Syys 2024

Episode 88: News, Tools, and Writeups

Episode 88: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel tackle a whole slate of new research including a new cheat sheet for URL validation bypass from Portswigger, the introduction of Sanic DNS as a high-speed DNS resolver, xsstools, and the Dockerization of Orange Confusion Attacks.

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Find the Hackernotes: https://blog.criticalthinkingpodcast.io/

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Shop our new swag store at ctbb.show/swag

Resources

URL Validation Bypass cheat sheet

SanicDNS

Orange Confusion Attacks

WordPress GiveWP POP to RCE

Xsstools

Bypassing browser tracking protection

Advanced iframe Magic

DOM Clobbering

https://www.ruhrsec.de/downloads/slides/Everything-You-Wanted-to-Know-About-DOM-Clobbering-But-Were-Afraid-to-Ask-Soheil-Khodayari-RuhrSec.pdf

And

https://domclob.xyz/domc_payload_generator/

Timestamps:

(00:00:00) Introduction

(00:02:00) URL validation bypass

(00:07:41) SanicDNS and Orange confusion attacks

(00:20:06) WordPress GiveWP POP to RCE

(00:31:29) Xsstools

(00:43:56) Bypassing browser tracking protection

(00:52:06) DOM Clobbering and mixing up your approach

Jaksot(161)

Episode 121: Slonser’s Image Injection 0-day -> ATO & New Caido Collab Plugin

Episode 121: Slonser’s Image Injection 0-day -> ATO & New Caido Collab Plugin

Episode 121: In this episode of Critical Thinking - Bug Bounty Podcast we cover so much news and research that we ran out of room in the description...Follow us on XShoutout to YTCracker for the aweso...

8 Touko 202557min

Episode 120: SpaceRaccoon - From Day Zero to Zero Day

Episode 120: SpaceRaccoon - From Day Zero to Zero Day

Episode 120: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner welcomes Eugene to talk (aka fanboy) about his new book, 'From Day Zero to Zero Day.' We walk through what to expe...

1 Touko 20251h 36min

Episode 119: Abusing Iframes from a client-side hacker

Episode 119: Abusing Iframes from a client-side hacker

Episode 119: In this episode of Critical Thinking - Bug Bounty Podcast Justin does a mini deep dive into the world of iframes, starting with why they’re significant, their attributes, and how to attac...

17 Huhti 202533min

Episode 118: Hacking Happy Hour: 0days on Tap and SQLi Shots

Episode 118: Hacking Happy Hour: 0days on Tap and SQLi Shots

Episode 118: In this episode of Critical Thinking - Bug Bounty Podcast we cover a host of news, including clientside tidbits, “Credentialless” iframes, prototype pollution, and what constitutes a poly...

10 Huhti 202558min

Episode 117: Hacking AI Series: Vulnus ex Machina - Part 1

Episode 117: Hacking AI Series: Vulnus ex Machina - Part 1

Episode 117: In this episode of Critical Thinking - Bug Bounty Podcast Joseph introduces Vulus Ex Machina: A 3-part mini-series on hacking AI applications. In this part, he lays the groundwork and foc...

3 Huhti 202532min

Episode 116: Auth Bypasses and Google VRP Writeups

Episode 116: Auth Bypasses and Google VRP Writeups

Episode 116: In this episode of Critical Thinking - Bug Bounty Podcast Justin gives a quick rundown of Portswigger’s SAML Roulette writeup, as well as some Google VRP reports, and a Next.js middleware...

27 Maalis 202526min

Episode 115: Mentee to Career Hacker - Mokusou (So Sakaguchi)

Episode 115: Mentee to Career Hacker - Mokusou (So Sakaguchi)

Episode 115: In this episode of Critical Thinking - Bug Bounty Podcast Justin and So Sakaguchi sit down to walk through some recent bugs, before having a live mentorship session. They also talk about ...

20 Maalis 20251h 40min

Episode 114: Single Page Application Hacking Playbook

Episode 114: Single Page Application Hacking Playbook

Episode 114: In this episode of Critical Thinking - Bug Bounty Podcast we’re diving into SPA and how to attack them.We also cover a host of news items, including some bug write-ups, AI updates, and a ...

13 Maalis 20251h 22min