Critical Thinking - Bug Bounty Podcast16 Feb 2023

Episode 7: PortSwigger Top 10, TruffleSecurity Drama, and More!

Episode 7: In this episode of Critical Thinking - Bug Bounty Podcast we talk about PortSwigger's Top 10 Web Hacking Techniques of 2022 (link below), some drama surrounding TruffleSecurity's XSS Hunter, and, as always, some great bug bounty tips.

Sorry if the audio is a little rough around the edges this time, should be better than ever next time.

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

PortSwigger's Top 10 Web Hacking Techniques of 2022:

https://portswigger.net/research/top-10-web-hacking-techniques-of-2022

Ian Carroll Cookie Monster:

https://github.com/iangcarroll/cookiemonster

Frans Rosen's postMessage Tracker Chrome Extension:

https://github.com/fransr/postMessage-tracker

Notes from Justin on postMessages:

https://rhynorater.github.io/postMessage-Braindump

Frans Rosen's research on nginx misconfiguration that are similar to #6:

https://blog.detectify.com/2020/11/10/common-nginx-misconfigurations/

"Mount" Wycheproof 😂:

https://github.com/google/wycheproof

https://en.wikipedia.org/wiki/Mount_Wycheproof

Nathan Davison - Abusing Hop-by-Hop headers:

https://nathandavison.com/blog/abusing-http-hop-by-hop-request-headers

Awesome example of client-side path traversal:

https://erasec.be/blog/client-side-path-manipulation/

Joohoi Ffuf 2.0:

https://infosec.exchange/@joohoi/109806822104162973

FeroxBuster:

https://github.com/epi052/feroxbuster

Oppdag Premium

Prøv 14 dager gratis

Kjøp Premium

Episoder(166)

Episode 102: Building Web Hacking Micro Agents with Jason Haddix

Episode 102: In this episode of Critical Thinking - Bug Bounty Podcast Justin grabs Jason Haddix to help brainstorm the concept of AI micro-agents in hacking, particularly in terms of web fuzzing, WAF...

19 Des 20241h 2min

Episode 101: CTBB Hijacked: Rez0__ on AI Attack Vectors with Johann Rehberger

Episode 101: In this episode of Critical Thinking - Bug Bounty Podcast we’ve been hijacked! Rez0 takes control of this episode, and sits down with Johann Rehberger to discuss the intricacies of AI app...

12 Des 202451min

Ep 100 - 8 Fav Bugs of 2024, Farewell Joel, Hello Shift - Cursor of Hacking

Episode 100: In this episode of Critical Thinking - Bug Bounty Podcast we have a mixed bag. We celebrate 100 episodes of Critical Thinking, but also bid farewell to Joel, who will be leaving the show ...

5 Des 20241h 41min

Episode 99: Back to the Basics - Web Fundamental to 100k a Year in Bug Bounty

Episode 99: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Roni dissect an old thread of Justin's talking about how best to start bug bounty with the goal of making $100k in the ...

28 Nov 20241h 42min

Episode 98: Team 82 Sharon Brizinov - The Live Hacking Polymath

Episode 98: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner sits down with Sharon,to discuss his journey from early iOS development to leading a research team at Claroty. They...

21 Nov 20241h 43min

Episode 97: Bcrypt Hash Input Truncation & Mobile Device Threat Modeling

Episode 97: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel jump into some cool news items, including a recent Okta Bcrypt vulnerability, insights into crypto bugs, and some ...

14 Nov 202453min

Episode 96: Cookies & Caching with MatanBer

Episode 96: In this episode of Critical Thinking - Bug Bounty Podcast we’re back with Matanber to hit some stuff we ran out of time on last episode. We talk about advanced cookie parsing techniques an...

7 Nov 202449min

Episode 95: Attacking Chrome Extensions with MatanBer - Big Impact on the Client-Side

Episode 95: In this episode of Critical Thinking - Bug Bounty Podcast In this episode, Justin is joined by MatanBer to delve into the intricacies of browser extensions. We talk about the structure and...

31 Okt 20241h 56min

Reklamefrie Premium-podkaster

Hør populære podkaster som Storefri med Mikkel og Herman, Ida med hjertet i hånden, Krimpodden og mye mye mer

Skap din egen podkastboble

I appen skaper du ditt eget bibliotek med favoritter, og vi gir deg også anbefalinger til podkaster du ikke kan gå glipp av.

Prøv 14 dager gratis

Dersom du er ny Podme-bruker får du 14 dager gratis prøveperiode når du oppretter abonnement

Premium

99 kr/ måned

Tilgang til alle våre Premium-podkaster
Alle podkaster fra VG, Aftenposten, BT og SA
Reklamefritt Premium-innhold
Ingen bindingstid. Avslutt når du ønsker

Prøv 14 dager gratis

Premium

129 kr/ måned

Tilgang til alle Premium-podkaster
Alle podkaster fra VG, Aftenposten, BT og SA
Reklamefritt Premium-innhold
Ingen bindingstid. Avslutt når du ønsker
En Ekstra bruker

Prøv 14 dager gratis

Populært innen Teknologi

Historiene og stemmene du vil høre

Ubegrenset tilgang til alle dine favorittpodkaster og lydbøker

Les mer