Critical Thinking - Bug Bounty Podcast16 Feb 2023

Episode 7: PortSwigger Top 10, TruffleSecurity Drama, and More!

Episode 7: In this episode of Critical Thinking - Bug Bounty Podcast we talk about PortSwigger's Top 10 Web Hacking Techniques of 2022 (link below), some drama surrounding TruffleSecurity's XSS Hunter, and, as always, some great bug bounty tips.

Sorry if the audio is a little rough around the edges this time, should be better than ever next time.

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

PortSwigger's Top 10 Web Hacking Techniques of 2022:

https://portswigger.net/research/top-10-web-hacking-techniques-of-2022

Ian Carroll Cookie Monster:

https://github.com/iangcarroll/cookiemonster

Frans Rosen's postMessage Tracker Chrome Extension:

https://github.com/fransr/postMessage-tracker

Notes from Justin on postMessages:

https://rhynorater.github.io/postMessage-Braindump

Frans Rosen's research on nginx misconfiguration that are similar to #6:

https://blog.detectify.com/2020/11/10/common-nginx-misconfigurations/

"Mount" Wycheproof 😂:

https://github.com/google/wycheproof

https://en.wikipedia.org/wiki/Mount_Wycheproof

Nathan Davison - Abusing Hop-by-Hop headers:

https://nathandavison.com/blog/abusing-http-hop-by-hop-request-headers

Awesome example of client-side path traversal:

https://erasec.be/blog/client-side-path-manipulation/

Joohoi Ffuf 2.0:

https://infosec.exchange/@joohoi/109806822104162973

FeroxBuster:

https://github.com/epi052/feroxbuster

Oppdag Premium

Prøv 14 dager gratis

Kjøp Premium

Episoder(164)

Episode 116: Auth Bypasses and Google VRP Writeups

Episode 116: In this episode of Critical Thinking - Bug Bounty Podcast Justin gives a quick rundown of Portswigger’s SAML Roulette writeup, as well as some Google VRP reports, and a Next.js middleware...

27 Mar 202526min

Episode 115: Mentee to Career Hacker - Mokusou (So Sakaguchi)

Episode 115: In this episode of Critical Thinking - Bug Bounty Podcast Justin and So Sakaguchi sit down to walk through some recent bugs, before having a live mentorship session. They also talk about ...

20 Mar 20251h 40min

Episode 114: Single Page Application Hacking Playbook

Episode 114: In this episode of Critical Thinking - Bug Bounty Podcast we’re diving into SPA and how to attack them.We also cover a host of news items, including some bug write-ups, AI updates, and a ...

13 Mar 20251h 22min

Episode 113: Best Technical Takeaways from Portswigger Top 10 2024

Episode 113: In this episode of Critical Thinking - Bug Bounty Podcast we’re breaking down the Portswigger Top 10 from 2024. There’s some bangers in here!Follow us on X at: https://x.com/ctbbpodcastGo...

6 Mar 20251h 29min

Episode 112: Interview with Ciarán Cotter (MonkeHack) - Critical Lab Researcher and Full-time Hunter

Episode 112: In this episode of Critical Thinking - Bug Bounty Podcast Joseph Thacker is joined by Ciarán Cotter (Monke) to share his bug hunting journey and give us the rundown on some recent client-...

27 Feb 20251h 7min

Episode 111: How to Bypass DOMPurify in Bug Bounty with Kevin Mizu

Episode 111: In this episode of Critical Thinking - Bug Bounty Podcast Justin interviews Kevin Mizu to showcase his knowledge regarding DOMPurify and its misconfigurations. We walk through some of Kev...

20 Feb 20251h 49min

Episode 110: Oauth Gadget Correlation and Common Attacks

Episode 110: In this episode of Critical Thinking - Bug Bounty Podcast we hit some quick news items including a DOMPurify 3.2.3 Bypass, O3 mini updates, and a cool postLogger Chrome Extension. Then, w...

13 Feb 202549min

Episode 109: Creative Recon - Alternative Techniques

Episode 109: In this episode of Critical Thinking - Bug Bounty Podcast we start off with a quick recap of some of the DeepSeek Drama that’s been going down, and discuss AI in CAPTCHA and 2FA as well. ...

6 Feb 20251h 1min

Reklamefrie Premium-podkaster

Hør populære podkaster som Storefri med Mikkel og Herman, Ida med hjertet i hånden, Krimpodden og mye mye mer

Skap din egen podkastboble

I appen skaper du ditt eget bibliotek med favoritter, og vi gir deg også anbefalinger til podkaster du ikke kan gå glipp av.

Prøv 14 dager gratis

Dersom du er ny Podme-bruker får du 14 dager gratis prøveperiode når du oppretter abonnement

Premium

99 kr/ måned

Tilgang til alle våre Premium-podkaster
Alle podkaster fra VG, Aftenposten, BT og SA
Reklamefritt Premium-innhold
Ingen bindingstid. Avslutt når du ønsker

Prøv 14 dager gratis

Premium

129 kr/ måned

Tilgang til alle Premium-podkaster
Alle podkaster fra VG, Aftenposten, BT og SA
Reklamefritt Premium-innhold
Ingen bindingstid. Avslutt når du ønsker
En Ekstra bruker

Prøv 14 dager gratis

Populært innen Teknologi

Historiene og stemmene du vil høre

Ubegrenset tilgang til alle dine favorittpodkaster og lydbøker

Les mer