Episode 105: Best Critical Thinking Moments from 2024

Episode 110: In this episode of Critical Thinking - Bug Bounty Podcast we hit some quick news items including a DOMPurify 3.2.3 Bypass, O3 mini updates, and a cool postLogger Chrome Extension. Then, we hone in on OAuth vulnerabilities, API keys, and innovative techniques hackers use to exploit these systems.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to https://x.com/realytcracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!====== Resources ======DOMPurify 3.2.3 BypassJason Zhou's post about O3 miniLive Chat Blog #2: Cisco Webex ConnectpostLogger Chrome ExtensionpostLogger Webstore LinkCommon OAuth VulnerabilitiesnOAuth: How Microsoft OAuth Misconfiguration Can Lead to Full Account TakeoverAccount Takeover using SSO LoginsKai Greshake====== Timestamps ======(00:00:00) Introduction(00:01:44) DOMPurify 3.2.3 Bypass(00:06:37) O3 mini(00:10:29) Ophion Security: Cisco Webex Connect(00:15:54) Discord Community News(00:19:12) postLogger Chrome Extension(00:21:04) Common OAuth Vulnerabilities & Lessons learned from Google’s APIs

13 Helmi 49min

Episode 109: In this episode of Critical Thinking - Bug Bounty Podcast we start off with a quick recap of some of the DeepSeek Drama that’s been going down, and discuss AI in CAPTCHA and 2FA as well. Then we switch to cover some other news before settling in to talk about Alternative Recon TechniquesFollow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to https://x.com/realytcracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter:https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today’s Sponsor - ThreatLocker. Check out their Managed Detection and Response!====== Resources ======ResourcesWiz Research Uncovers Exposed DeepSeek DatabaseBypass Bot DetectionTweet from sw33tLiersc 2faStealing HttpOnly cookies with the cookie sandwich techniqueReport Pointers for Collaborative ChainsClone2Leak: Your Git Credentials Belong To UsDeanonymization via cacheGoogleChrome related-website-sets====== Timestamps ======(00:00:00) Introduction(00:02:03) DeepSeek debacle and Bypass Bot Detection(00:23:48) Stealing HttpOnly cookies with the cookie sandwich technique(00:30:54) Report Pointers for Collaborative Chains(00:34:43) Clone2Leak: Your Git Credentials Belong To Us(00:40:04) Deanonymization for Signal and Discord(00:41:53) Alternative Recon Techniques

6 Helmi 1h 1min

Episode 108: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph bring on Aaron Costello to discuss SaaS security and misconfigurations as a bug class. He also gives some in-depth examples from Salesforce, ServiceNow, and Power Pages.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to https://x.com/realytcracker for the awesome intro music!====== Links ======Follow your hosts on Twitter:https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today’s Sponsor: AppOmni. Get AppOmni's Definitive Guide to SaaS Security https://www.criticalthinkingpodcast.io/AppOmniToday’s Guest:https://x.com/ConspiracyProof====== Resources ======Aaron's Bloghttps://www.enumerated.ie/Data Exposure and ServiceNow: The Elephant in the ITSM Roomhttps://www.enumerated.ie/index/servicenow-data-exposureSalesforce Lightning - An in-depth look at exploitation vectors for the everyday communityhttps://www.enumerated.ie/index/salesforceLightning Components: A Treatise on ApexSecurity from an External Perspectivehttps://go.appomni.com/hubfs/Collateral/AppOmni_Labs_White_Paper_Apex_Security.pdf?utm_campaign=Network%20Computing&utm_source=referral&utm_content=network_computingMicrosoft Power Pages: Data Exposure Reviewedhttps://appomni.com/ao-labs/microsoft-power-pages-data-exposure-reviewed/====== Timestamps ======(00:00:00) Introduction(00:03:00) Aaron Costello, Arbitrary File Upload, & App Cache Manifest Poison bug(00:13:37) SAAS Misconfigurations as a bug class(00:43:27) SalesForce Misconfigurations(01:11:30) Microsoft Power Pages

30 Tammi 1h 31min

Episode 107: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph are tackling the subject of cross-origin security headers. They also cover some news items including Google’s OAuth login flaw, RAINK, and gift card hacking.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to https://x.com/realytcracker for the awesome intro music!====== Links ======Follow your hosts on Twitter:https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today’s Sponsor - ThreatLocker. Check out their Managed Detection and Response! https://www.criticalthinkingpodcast.io/tl-mdr====== Resources ======A Proud Dad's Tale of Two Bug Hunting Daughters and Their Responsible DisclosuresGoogle’s OAuth login flawRez0's Ai tweetRez0's Follow-upRaink from BishopFoxGift cards security researchTop 10 web hacking techniques of 2024Cross-Origin-Opener-Policy: preventing attacks from popups====== Timestamps ======(00:00:00) Introduction(00:05:13) Hacking with your kids(00:09:46) H1/bc pentests(00:12:23) Google’s OAuth login flaw(00:18:01) Raink & Rez0's AI tweets(00:28:46) Giftcard hacking & Portswigger top 10 voting(00:34:23) Cross Origin Web Headers

23 Tammi 1h 6min

Episode 106: In this episode of Critical Thinking - Bug Bounty Podcast we are pleased to announce our new co-host of the podcast: Joseph Thacker Aka Rez0! We discuss Joseph's transition to full-time bug bounty hunting, his goals, and what he’s looking forward to bringing to the pod. We also cover some news items including doubleclickjacking, character set attacks, SVG XSS, and more.Follow us on twitter at: @ctbbpodcastFeel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Rez0 on twitter:https://x.com/Rhynoraterhttps://x.com/rez0__------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Check out our new SWAG store at https://ctbb.show/swag!ResourcesDoubleClickjacking: A New Era of UI Redressinghttps://www.paulosyibelo.com/2024/12/doubleclickjacking-what.htmlXBOW Validation Benchmarkshttps://github.com/xbow-engineering/validation-benchmarksJorian tweethttps://x.com/J0R1AN/status/1871586792455163975Simplified Payloadhttps://portswigger-labs.net/xss/charset.php?x=%1b$B%1b(B%3Ca%20href=javas%1B(Jcript:alert(1)%3Etest%3C/a%3E&charset=SVG XSS Payloadhttps://x.com/garethheyes/status/1876953751245783534curl-cffihttps://pypi.org/project/curl-cffi/Bypassing File Upload Restrictions To Exploit CSPThttps://blog.doyensec.com/2025/01/09/cspt-file-upload.htmlAI-Crash-Coursehttps://github.com/henrythe9th/AI-Crash-Course?tab=readme-ov-fileTimestamps(00:00:00) Introduction(00:02:15) Rez0's journey to Full-time hunter, Tool developer, and new Co-host(00:21:04) DoubleClickjacking(00:31:48) XBOW Validation Benchmarks, Charset Thoughts, and SVG XSS(00:42:28) curl-cffi, CSPT, and AI Crash Course

16 Tammi 58min

Episode 104: In this episode of Critical Thinking - Bug Bounty Podcast Justin reflects upon the past year and walks through some of the bug bounty goals he had for 2024, and how he feels like he did. Then he sets some goals for 2025, as well as some exciting CT news for the coming year.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Rez0 on X:https://x.com/rhynoraterhttps://x.com/rez0__------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Check out our new SWAG store at https://ctbb.show/swag!ResourcesCTBB Full Time Guildctbb.show/ftCritical Research Labctbb.show/crlCT Episode 51 - 2024 Goalshttps://www.criticalthinkingpodcast.io/episode-51-hacker-stats-2023-2024-goals/Personal BB inventory and goalshttps://ctbb.show/blogTimestamps(00:00:00) introduction(00:00:57) Critical Thinking 2025 Announcements(00:04:21) Personal Inventory of 2024(00:24:05) Goals for 2025

2 Tammi 29min

Episode 103: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph delve into the vulnerabilities associated with ANSI codes and large language models (LLMs), as well as talk through some new research and the value of micro-blogging in general.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord!We offer Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Check out our new SWAG store!Join our Shift waitlist!Today’s Sponsor - ThreatLocker. Check out their Elevation Control! https://www.criticalthinkingpodcast.io/tl-ecResources_json Juggling AttackCross-Site POST Requests Without a Content-Type HeaderWorst FitOrange Tsai on Worst FitHandling Cookies is a MinefieldTerminal DiLLMaXS-Leaking flags with CSS: A CTFd 0dayHacking Back the AI-HackerJohann Computer use demoHow I Became The Most Valuable HackerTimestamps(00:00:00) Introduction(00:01:39) _json Juggling Attack and Cross-Site POST Requests Without a Content-Type Header(00:10:55) Worst Fit and Unicode Mapping(00:20:08) Handling Cookies is a Minefield(00:28:11) Terminal DiLLMa & CTFd 0day(00:41:18) Hacking Back the AI-Hacker(00:47:30) Becoming Most Valuable Hacker

26 Joulu 20241h