Episode 15: The Israeli Million-Dollar Hacker
Critical Thinking - Bug Bounty Podcast13 Apr 2023

Episode 15: The Israeli Million-Dollar Hacker

Episode 15: In this episode of Critical Thinking - Bug Bounty Podcast we talk with the latest Million-Dollar bug bounty hunter: @naglinagli . He talks about his climb from $1,000 in bounties to $1,000,000, recon tips and tricks, and some bug reports that made the news and landed him the "Best Bug" award at a H1 Live Hacking event.

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

Follow Nagli and his new startup Shockwave:

https://twitter.com/naglinagli

https://twitter.com/shockwave_sec

HackMD Collaborative Notes:

https://hackmd.io/

Ian Carroll's Airline Miles Website:

https://seats.aero

Nagli's Tweet in ChatGPT Web Cache Deception:

https://twitter.com/naglinagli/status/1639343866313601024

Timestamps:

(00:00:00) Intro

(00:04:40) Nagli’s Climb

(00:05:40) What kind of vulns do you look for?

(00:09:25) Working with other hackers

(00:10:20) Bug Bounty Hunter’s Guild

(00:12:35) Shockwave product

(00:14:12) Outsourcing tool development

(00:18:46) What got you started?

(00:21:13) Manual hacking vs recon suite + LHE focus

(00:25:00) How do you take notes

(00:29:42) Biggest things that you’ve learned over the past 2 years

(00:31:29) How do you ingest new techniques?

(00:31:50) Collaboration

(00:37:20) Justin Ranting about “Trained Eyes”

(00:40:18) Time spent coding vs hacking

(00:45:28) Travel and spending habits

(00:54:16) Grep is Nagli’s database

(00:56:20) Nagli’s ChatGPT Web Cache Deception

(00:58:44) What does your alerting look like?

(01:01:50) Nagli’s “Most Critical” SSRF

(01:04:30) Burp Active Scan

Episoder(161)

Episode 145: Gr3pme's Secret: Bug Bounty Note Taking Methodology

Episode 145: Gr3pme's Secret: Bug Bounty Note Taking Methodology

Episode 145: In this episode of Critical Thinking - Bug Bounty Podcast Brandyn lets us in on some of his notetaking tips, including his Templates, Threat Modeling, and ways he uses notes to help with ...

23 Okt 202528min

Episode 144: Google’s Top AI Hackers: Busfactor and Monke

Episode 144: Google’s Top AI Hackers: Busfactor and Monke

Episode 144: In this episode of Critical Thinking - Bug Bounty Podcast Joseph is joined by Vitor Falcão and Ciarán Cotter to discuss their success at the recent Mexico LHE, as well as their journey an...

16 Okt 202552min

Episode 143: New Cohost + Client-Side Gadgets, LHE Meta — Instant Global Admin in Entra!

Episode 143: New Cohost + Client-Side Gadgets, LHE Meta — Instant Global Admin in Entra!

Episode 143: In this episode of Critical Thinking - Bug Bounty Podcast Justin brings Brandyn back to announce him as our newest co-host. We chat about recent LHE experiences, and then break down some ...

9 Okt 20251h 4min

Episode 142: Gr3pme's Full-Time Hunting Journey Update, Insane AI research, And Some Light News

Episode 142: Gr3pme's Full-Time Hunting Journey Update, Insane AI research, And Some Light News

Episode 142: In this episode of Critical Thinking - Bug Bounty Podcast Rez0 and Gr3pme join forces to discuss Websocket research, Meta’s $111750 Bug, PROMISQROUTE, and the opportunities afforded by go...

2 Okt 202554min

Episode 141: Hacking the Pod - Google Docs 0-day & React CreateElement Exploits with Nick Copi (7urb0)

Episode 141: Hacking the Pod - Google Docs 0-day & React CreateElement Exploits with Nick Copi (7urb0)

Episode 141: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Nick Copi to talk about CSPT, React, CSS Injections and how Nick hacked the pod.Follow us on twitter at: ht...

25 Sep 20251h 23min

Episode 140: Crit Research Lab Update & Client-Side Tricks Galore

Episode 140: Crit Research Lab Update & Client-Side Tricks Galore

Episode 140: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph give an update from The Crit Research Lab, as well as some writeups on postMessage vulnerabilities, Cookie Chao...

18 Sep 202557min

Episode 139: James Kettle - Pwning in Prod & How to do Web Security Research

Episode 139: James Kettle - Pwning in Prod & How to do Web Security Research

Episode 139: In this episode of Critical Thinking - Bug Bounty Podcast Justin finally sits down with the great James Kettle to talk about HTTP Proxys, metagaming research, avoiding burnout, and why HT...

11 Sep 20252h 21min

Episode 138: Caido Tools and Workflows

Episode 138: Caido Tools and Workflows

Episode 138: In this episode of Critical Thinking - Bug Bounty Podcast We’re talking Caido tools and workflows. Justin gives us a list of some of the Caido tools that have caught his interest, as well...

4 Sep 202522min

Populært innen Teknologi

lydartikler-fra-aftenposten
romkapsel
smart-forklart
rss-avskiltet
tomprat-med-gunnar-tjomlid
nasjonal-sikkerhetsmyndighet-nsm
teknisk-sett
energi-og-klima
rss-impressions-2
shifter
rss-alt-vi-kan
elektropodden
teknologi-og-mennesker
fornybaren
pedagogisk-intelligens
rss-fjorsilkebris-podcast
hans-petter-og-co
kunstig-intelligens-med-morten-goodwin
rss-byggepodden
rss-for-alarmen-gar