Episode 58: Youssef Sammouda - Client-Side & ATO War Stories
Critical Thinking - Bug Bounty Podcast15 Feb 2024

Episode 58: Youssef Sammouda - Client-Side & ATO War Stories

Episode 58: In this episode of Critical Thinking - Bug Bounty Podcast we finally sit down with Youssef Samouda and grill him on his various techniques for finding and exploiting client-side bugs and postMessage vulnerabilities. He shares some crazy stories about race conditions, exploiting hash change events, and leveraging scroll to text fragments.

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

------ Ways to Support CTBBPodcast ------

Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Today’s Guest: https://twitter.com/samm0uda?lang=en

https://ysamm.com/

Resources:

Client-side race conditions with postMessage:

https://ysamm.com/?p=742

Transferable Objects

https://developer.mozilla.org/en-US/docs/Web/API/Web_Workers_API/Transferable_objects

Every known way to get references to windows, in javascript:

https://bluepnume.medium.com/every-known-way-to-get-references-to-windows-in-javascript-223778bede2d

Youssef’s interview with BBRE

https://www.youtube.com/watch?v=MXH1HqTFNm0

Timestamps:

(00:00:00) Introduction

(00:04:27) Client-side race conditions with postMessage

(00:18:12) On Hash Change Events and Scroll To Text Fragments

(00:32:00) Finding, documenting, and reporting complex bugs

(00:37:32) PostMessage Methodology

(00:45:05) Youssef's Vuln Story

(00:53:42) Where and how to look for ATO vulns

(01:05:21) MessagePort

(01:14:37) Window frame relationships

(01:20:24) Recon and JS monitoring

(01:37:03) Client-side routing

(01:48:05) MITMProxy

Episoder(165)

Episode 21: Chill Chat with Legendary DoD Hacker Corben Leo

Episode 21: Chill Chat with Legendary DoD Hacker Corben Leo

In this episode of Critical Thinking - Bug Bounty Podcast, we chat with Corben Leo about his journey in bug bounty hunting and ethical hacking. We discuss the state of DNS rebinding in 2023, a Twitter...

1 Jun 20231h 13min

Episode 20: Hacker Brain Hacks - Overcoming Bug Bounty's Mental Tolls

Episode 20: Hacker Brain Hacks - Overcoming Bug Bounty's Mental Tolls

Episode 20: In this episode of Critical Thinking - Bug Bounty Podcast, we dive into the world of "hacker brain hacks'' and overcoming challenges in bug bounty hunting. We discuss custom word lists, th...

25 Mai 20231h 6min

Episode 19: Audit Code, Earn Bounties (Part 2) + Zip-Snip, Sitecore, and more!

Episode 19: Audit Code, Earn Bounties (Part 2) + Zip-Snip, Sitecore, and more!

Episode 19: In this episode of Critical Thinking - Bug Bounty Podcast we further discuss some tips and tricks for finding vulns once you’ve got source code and some banger tweets/tools that popped up ...

18 Mai 202353min

Episode 18: Audit Code, Earn Bounties

Episode 18: Audit Code, Earn Bounties

Episode 18: In this episode of Critical Thinking - Bug Bounty Podcast, we dive into everything source-code related: how to get source-code and what to do with it once you have. This episode is packed ...

11 Mai 20231h 6min

Episode 17: LA Live Chat with Five Legendary Hackers

Episode 17: LA Live Chat with Five Legendary Hackers

Episode 17: In this episode of Critical Thinking - Bug Bounty Podcast we talk with five legendary hackers about some of their favorite bugs. Live. From LA.Corben Leo “Lorben CEO” @hacker_Sam “ZLZ” “ZO...

4 Mai 202347min

Episode 16: The Hacker's Toolkit

Episode 16: The Hacker's Toolkit

Episode 16: In this episode of Critical Thinking - Bug Bounty Podcast we talk about the hacker’s toolkit. Joel and Justin talk about their VPS setup, go-to hacking tools, most often used Linux command...

20 Apr 20231h 17min

Episode 15: The Israeli Million-Dollar Hacker

Episode 15: The Israeli Million-Dollar Hacker

Episode 15: In this episode of Critical Thinking - Bug Bounty Podcast we talk with the latest Million-Dollar bug bounty hunter: @naglinagli . He talks about his climb from $1,000 in bounties to $1,000...

13 Apr 20231h 8min

Episode 14: Mobile Hacking Dynamic Analysis w/ Frida + Random Hacker Stuff

Episode 14: Mobile Hacking Dynamic Analysis w/ Frida + Random Hacker Stuff

Episode 14: In this episode of Critical Thinking - Bug Bounty Podcast we talk about Dynamic Analysis within Mobile Hacking and a bunch of random hacker stuff. It's a good time. Enjoy the pod.Follow us...

6 Apr 20231h 21min

Populært innen Teknologi

lydartikler-fra-aftenposten
romkapsel
smart-forklart
teknisk-sett
energi-og-klima
nasjonal-sikkerhetsmyndighet-nsm
rss-ki-praten
elektropodden
rss-impressions-2
tomprat-med-gunnar-tjomlid
shifter
rss-praktisk-proptech
rss-ai-forklart
teknologi-og-mennesker
rss-for-alarmen-gar
rss-ki-til-kaffen
hans-petter-og-co
i-loopen
rss-digitaliseringspadden
rss-heis