Episode 26: Client-side Quirks & Browser Hacks

Episode 26: Client-side Quirks & Browser Hacks

In this episode of Critical Thinking - Bug Bounty Podcast, we're back with Joel, fresh (haha) off of back-to-back live hack events in London and Seoul. We compare the different vibes of each LHE, then we dive into the technical thick of it, and talk web browsers, XSS vectors, new tools, CVSS 4.

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

______

Hunting for NGINX alias traversals in the wild

PortSwigger Tweet

Soroush's Follow-up

Tweet about magic math element

<22 weird XSS behavior

Lupin’s follow-up

Patch diffing

Changes to CVSS 4.0

Ask FIRSTdotORG what's going on

Jsluise

JS import() behavior

'JavaScript for Hackers'

CSP Evaluator:

Dom Clobbering

HTML Injection Cheat Sheet

Gareth Heyes website/game

______

Timestamps:

(00:00:00) Introduction

(00:04:10) LHE Vibes

(00:07:45) "Hunting for NGINX alias traversals in the wild"

(00:12:30) Payouts in BB programs

(00:16:05) New XSS vectors and popovers

(00:24:15) The "magical math element" in Firefox

(00:27:15) LiveOverflow on HTML parsing quirks

(00:32:10) Mr. Tux Racer, Woocommerce, and WordPress

(00:40:00) Changes in the CVSS 4 draft spec

(00:45:00) TomNomNom's new tool Jsluise

(00:51:15) JavaScript's import function & "JavaScript for Hackers"

(01:09:15) Prototype pollution & DOM clobbering

(01:18:10) Base tags and CSS Games

Denne episoden er hentet fra en åpen RSS-feed og er ikke publisert av Podme. Den kan derfor inneholde annonser.

Episoder(181)

Episode 181: Bug Bounty Singularity

Episode 181: Bug Bounty Singularity

Episode 181: In this episode of Critical Thinking - Bug Bounty Podcast Joseph and XSSDoctor talk about building a Hackbot.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestion...

2 Jul 52min

Episode 180: State of Bug Bounty Maturity Posture Report

Episode 180: State of Bug Bounty Maturity Posture Report

Episode 180: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Steve Hernandez, founder of the Bug Bounty Maturity Framework (BBMF), to walk us through the inaugural State of B...

25 Jun 1h 12min

Episode 179: Maintaining Motivation in Post-AI Bug Bounty World

Episode 179: Maintaining Motivation in Post-AI Bug Bounty World

Episode 179: In this episode of Critical Thinking - Bug Bounty Podcast we talk about how to stay motivated and keep the vibes strong during this trying time for Bug Bounty.Follow us on twitter at: htt...

18 Jun 46min

Episode 178: 600k in ~3 months - BruteCat pt 2

Episode 178: 600k in ~3 months - BruteCat pt 2

Episode 178: In this episode of Critical Thinking - Bug Bounty Podcast we’re back with BruteCat to finish up our discussion on hacking Google. This week we hit AI.Follow us on twitter at: https://x.co...

11 Jun 1h 23min

Episode 177: 2x Google RCE with VRP Legend Brutecat

Episode 177: 2x Google RCE with VRP Legend Brutecat

Episode 177: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by BruteCat to talk about his journey hacking Google Cloud, Gmail, Youtube, and Google Phone.Follow us on twitter at...

4 Jun 1h 25min

Episode 176: 600+ CVEs on Adobe AEM with Jim Green (GreenJam)

Episode 176: 600+ CVEs on Adobe AEM with Jim Green (GreenJam)

Episode 176: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by top Adobe hacker Jim Green to deep-dive AEM. We talk through Sling selectors, Permissions, and how to spot AEM Re...

28 Mai 1h 50min

Episode 175: Rhyno’s Hackbot Setup, Sick Bugs, and ZDI Drama

Episode 175: Rhyno’s Hackbot Setup, Sick Bugs, and ZDI Drama

Episode 175: In this episode of Critical Thinking - Bug Bounty Podcast we’re comparing Hackbot setups and results. We also talk about some of the recent ZDI drama, as well as the importance of freakin...

21 Mai 49min

Episode 174: Saving Bug Bounty Programs + AMPScript, tessl & GPT-5.5

Episode 174: Saving Bug Bounty Programs + AMPScript, tessl & GPT-5.5

Episode 174: In this episode of Critical Thinking - Bug Bounty Podcast we follow up from last episode with some advice for BB platforms, as well as cover a slew of writeups from Searchlight Cyber, wat...

14 Mai 1h 9min

Populært innen Teknologi

lydartikler-fra-aftenposten
romkapsel
teknisk-sett
tomprat-med-gunnar-tjomlid
rss-kunstig-intelligens-med-elisabeth-maren-og-morten
teknologi-og-mennesker
shifter
smart-forklart
energi-og-klima
elektropodden
rss-ai-forklart
rss-alt-som-gar-pa-strom
hans-petter-og-co
kortslutning
rss-digitaliseringspadden
rss-ki-praten
fornybaren
rss-snakk-om-sikkerhet
rss-alt-vi-kan
rss-bits-and-bytes-for-advokater