Episode 15: The Israeli Million-Dollar Hacker
Critical Thinking - Bug Bounty Podcast13 Apr 2023

Episode 15: The Israeli Million-Dollar Hacker

Episode 15: In this episode of Critical Thinking - Bug Bounty Podcast we talk with the latest Million-Dollar bug bounty hunter: @naglinagli . He talks about his climb from $1,000 in bounties to $1,000,000, recon tips and tricks, and some bug reports that made the news and landed him the "Best Bug" award at a H1 Live Hacking event.

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

Follow Nagli and his new startup Shockwave:

https://twitter.com/naglinagli

https://twitter.com/shockwave_sec

HackMD Collaborative Notes:

https://hackmd.io/

Ian Carroll's Airline Miles Website:

https://seats.aero

Nagli's Tweet in ChatGPT Web Cache Deception:

https://twitter.com/naglinagli/status/1639343866313601024

Timestamps:

(00:00:00) Intro

(00:04:40) Nagli’s Climb

(00:05:40) What kind of vulns do you look for?

(00:09:25) Working with other hackers

(00:10:20) Bug Bounty Hunter’s Guild

(00:12:35) Shockwave product

(00:14:12) Outsourcing tool development

(00:18:46) What got you started?

(00:21:13) Manual hacking vs recon suite + LHE focus

(00:25:00) How do you take notes

(00:29:42) Biggest things that you’ve learned over the past 2 years

(00:31:29) How do you ingest new techniques?

(00:31:50) Collaboration

(00:37:20) Justin Ranting about “Trained Eyes”

(00:40:18) Time spent coding vs hacking

(00:45:28) Travel and spending habits

(00:54:16) Grep is Nagli’s database

(00:56:20) Nagli’s ChatGPT Web Cache Deception

(00:58:44) What does your alerting look like?

(01:01:50) Nagli’s “Most Critical” SSRF

(01:04:30) Burp Active Scan

Episoder(162)

Episode 122: We Won Google's AI Hacking Event in Tokyo - Main Takeaways

Episode 122: We Won Google's AI Hacking Event in Tokyo - Main Takeaways

Episode 122: In this episode of Critical Thinking - Bug Bounty Podcast your boys are MVH winners! First we’re joined by Zak, to discuss the Google LHE as well as surprising us with a bug of his own! T...

15 Mai 20251h 45min

Episode 121: Slonser’s Image Injection 0-day -> ATO & New Caido Collab Plugin

Episode 121: Slonser’s Image Injection 0-day -> ATO & New Caido Collab Plugin

Episode 121: In this episode of Critical Thinking - Bug Bounty Podcast we cover so much news and research that we ran out of room in the description...Follow us on XShoutout to YTCracker for the aweso...

8 Mai 202557min

Episode 120: SpaceRaccoon - From Day Zero to Zero Day

Episode 120: SpaceRaccoon - From Day Zero to Zero Day

Episode 120: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner welcomes Eugene to talk (aka fanboy) about his new book, 'From Day Zero to Zero Day.' We walk through what to expe...

1 Mai 20251h 36min

Episode 119: Abusing Iframes from a client-side hacker

Episode 119: Abusing Iframes from a client-side hacker

Episode 119: In this episode of Critical Thinking - Bug Bounty Podcast Justin does a mini deep dive into the world of iframes, starting with why they’re significant, their attributes, and how to attac...

17 Apr 202533min

Episode 118: Hacking Happy Hour: 0days on Tap and SQLi Shots

Episode 118: Hacking Happy Hour: 0days on Tap and SQLi Shots

Episode 118: In this episode of Critical Thinking - Bug Bounty Podcast we cover a host of news, including clientside tidbits, “Credentialless” iframes, prototype pollution, and what constitutes a poly...

10 Apr 202558min

Episode 117: Hacking AI Series: Vulnus ex Machina - Part 1

Episode 117: Hacking AI Series: Vulnus ex Machina - Part 1

Episode 117: In this episode of Critical Thinking - Bug Bounty Podcast Joseph introduces Vulus Ex Machina: A 3-part mini-series on hacking AI applications. In this part, he lays the groundwork and foc...

3 Apr 202532min

Episode 116: Auth Bypasses and Google VRP Writeups

Episode 116: Auth Bypasses and Google VRP Writeups

Episode 116: In this episode of Critical Thinking - Bug Bounty Podcast Justin gives a quick rundown of Portswigger’s SAML Roulette writeup, as well as some Google VRP reports, and a Next.js middleware...

27 Mar 202526min

Episode 115: Mentee to Career Hacker - Mokusou (So Sakaguchi)

Episode 115: Mentee to Career Hacker - Mokusou (So Sakaguchi)

Episode 115: In this episode of Critical Thinking - Bug Bounty Podcast Justin and So Sakaguchi sit down to walk through some recent bugs, before having a live mentorship session. They also talk about ...

20 Mar 20251h 40min

Populært innen Teknologi

lydartikler-fra-aftenposten
romkapsel
rss-avskiltet
nasjonal-sikkerhetsmyndighet-nsm
energi-og-klima
teknisk-sett
teknologi-og-mennesker
smart-forklart
rss-impressions-2
elektropodden
shifter
tomprat-med-gunnar-tjomlid
pedagogisk-intelligens
rss-heis
fornybaren
i-loopen
rss-fish-ships
rss-ai-forklart
rss-praktisk-proptech
rss-bouvet-bobler