Episode 50: ­Mathias 'Fall in a well' Karlsson - Bug Bounty Prophet
Critical Thinking - Bug Bounty Podcast21 Des 2023

Episode 50: ­Mathias 'Fall in a well' Karlsson - Bug Bounty Prophet

Episode 50: In this episode of Critical Thinking - Bug Bounty Podcast, Justin catches up with hacking master Mathias Karlsson, and talks about burnout, collaboration, and the importance of specialization. Then we dive into the technical details of MXSS and XSLT, character encoding, and give some predictions of what Bug Bounty might look like in the future…

Follow us on twitter at: @ctbbpodcast

Send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

------ Ways to Support CTBBPodcast ------

Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.

Hop on the CTBB Discord!

We also do Discord subs at $25, $10, $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Today’s Guest

Episode Resources

How to Differentiate Yourself as a Hunter

MutateMethods

hackaplaneten

Article About Unicode and Character Sets

Byte Order Mark:

Character Encodings

ShapeCatcher

WAF Bypass

BountyDash

EXPLOITING HTTP'S HIDDEN ATTACK-SURFACE

Timestamps:

(00:00:00) Introduction

(00:10:06) Automation Setup and Assetnote Origins

(00:16:49) Sharing Tips, and Content Creation

(00:22:27) Collaboration and Optimization

(00:36:44) Working at Detectify

(00:51:45) Bug Bounty Burnout

(00:56:15) Early Days of Bug Bounty and Future Predictions

(01:19:00) Nerdsnipeability

(01:29:38) MXSS and XSLT

(01:54:20) Learning through being wrong

(02:00:15) Go-to Vulns

Episoder(166)

Episode 78: Less Writing, More Hacking - Reporting Efficiency Techniques

Episode 78: Less Writing, More Hacking - Reporting Efficiency Techniques

Episode 78: In this episode of Critical Thinking - Bug Bounty Podcast we’re talking about writing reports. We share some tips that we’ve learned, and discuss ways that AI can (and can’t) help with tha...

4 Jul 20241h 6min

Episode 77: Bug Bounty Mental - Practical Tips for Staying Sharp & Motivated

Episode 77: Bug Bounty Mental - Practical Tips for Staying Sharp & Motivated

Episode 77: In this episode of Critical Thinking - Bug Bounty Podcast Joel and Justin discuss some fresh writeups including some MongoDB injections, ORMs, and exploits in Kakao and iOS before pivoting...

27 Jun 20241h 50min

Episode 76: Match & Replace - HTTP Proxies' Most Underrated Feature

Episode 76: Match & Replace - HTTP Proxies' Most Underrated Feature

Episode 76: In this episode of Critical Thinking - Bug Bounty Podcast we’re talking about Match and Replace and the often overlooked use cases for it, like bypassing paywalls, modifying host headers, ...

20 Jun 20241h 34min

Episode 75: *Rerun* of The OG Bug Bounty King - Frans Rosen

Episode 75: *Rerun* of The OG Bug Bounty King - Frans Rosen

Episode 75: In this episode of Critical Thinking - Bug Bounty Podcast, Justin and Joel are sick, So instead of a new full episode, we're going back 30 episodes to review.Follow us on twitter at: @ctbb...

13 Jun 20242h 44min

Episode 74: Supply Chain Attack Primer - Popping RCE Without an HTTP Request (feat 0xLupin)

Episode 74: Supply Chain Attack Primer - Popping RCE Without an HTTP Request (feat 0xLupin)

Episode 74: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Roni "Lupin" Carta for a deep dive into supply chain attacks and dependency confusion. We explore the supply...

6 Jun 20241h 38min

Episode 73: Sandboxed IFrames and WAF Bypasses

Episode 73: Sandboxed IFrames and WAF Bypasses

Episode 73: In this episode of Critical Thinking - Bug Bounty Podcast we give a brief recap of Nahamcon and then touch on some topics like WAF bypass tools, sandboxed iframes, and programs redacting y...

30 Mai 202431min

Episode 72: Research TLDRs & Smuggling Payloads in Well Known Data Types

Episode 72: Research TLDRs & Smuggling Payloads in Well Known Data Types

Episode 72: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel discuss some hot research from the past couple months. This includes ways to smuggle payloads in phone numbers and...

23 Mai 202452min

Episode 71: More VDP Chats & AI Bias Bounty Strats with Keith Hoodlet

Episode 71: More VDP Chats & AI Bias Bounty Strats with Keith Hoodlet

Episode 71: In this episode of Critical Thinking - Bug Bounty Podcast Keith Hoodlet joins us to weigh in on the VDP Debate. He shares some of his insights on when VDPs are appropriate in a company's s...

16 Mai 20241h 45min

Populært innen Teknologi

lydartikler-fra-aftenposten
romkapsel
smart-forklart
teknisk-sett
energi-og-klima
elektropodden
rss-ki-praten
rss-impressions-2
shifter
nasjonal-sikkerhetsmyndighet-nsm
tomprat-med-gunnar-tjomlid
fornybaren
i-loopen
rss-ai-forklart
teknologi-og-mennesker
rss-for-alarmen-gar
rss-digitaliseringspadden
rss-ki-til-kaffen
hans-petter-og-co
rss-praktisk-proptech