Episode 68: 0-days & HTMX-SS with Mathias
Critical Thinking - Bug Bounty Podcast25 Apr 2024

Episode 68: 0-days & HTMX-SS with Mathias

Episode 68: In this episode of Critical Thinking - Bug Bounty Podcast Mathias is back with some fresh HTMX research, including CSP bypass using HTMX triggers, converting client-side response header injection to XSS, bypassing HTMX disable, and the challenges of using HTMX in larger applications and the potential performance trade-offs. We also talk about the results of his recent CTF Challenge, and explore some more facets of CDN-CGI functionality.

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

Project Discovery Conference: https://nux.gg/hss24

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Today’s Guest:

https://twitter.com/avlidienbrunn

Resources:

Masato Kinugawa's research on Teams

https://speakerdeck.com/masatokinugawa/how-i-hacked-microsoft-teams-and-got-150000-dollars-in-pwn2own?slide=33

subdomain-only 307 open redirect

https://avlidienbrunn.se/cdn-cgi/image/onerror=redirect/http://anything.avlidienbrunn.se

Timestamps

(00:00:00) Introduction

(00:05:18) CSP Bypass using HTML

(00:14:00) Converting client-side response header injection to XSS

(00:23:10) Bypassing hx-disable

(00:32:37) XSS-ing impossible elements

(00:38:22) CTF challenge Recap and knowing there's a bug

(00:51:53) hx-on (depreciated)

(00:54:30) CDN-CGI Research discussion

Episoder(165)

Episode 85: Practical Applications of DEFCON 32 Web Research

Episode 85: Practical Applications of DEFCON 32 Web Research

Episode 85: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel talk through some of the research coming out of DEFCON, mainly from the PortSwigger team. Web timing attacks, cach...

22 Aug 20241h 30min

Episode 84: 0xLupin & Takeaways from Google's Las Vegas BugSwat

Episode 84: 0xLupin & Takeaways from Google's Las Vegas BugSwat

Episode 84: In this episode of Critical Thinking - Bug Bounty Podcast, Justin is joined by Roni Carta (@0xLupin) to discuss their MVH win at the recent Google LHE, and share some technical observation...

15 Aug 202427min

Episode 83: Brainstorming Proxy Plugins

Episode 83: Brainstorming Proxy Plugins

Episode 83: In this episode of Critical Thinking - Bug Bounty Podcast Joel and Justin are brainstorming new features and improvements for Caido, such as the implementation of a 403 bypassing workflow,...

8 Aug 202454min

Episode 82: Part-Time Bug Bounty

Episode 82: Part-Time Bug Bounty

Episode 82: In this episode of Critical Thinking - Bug Bounty Podcast Joel Margolis discusses strategies and tips for part-time bug bounty hunting. He covers things like finding (and enforcing) balanc...

1 Aug 202436min

Episode 81: Crushing Client-Side on Any Scope with MatanBer

Episode 81: Crushing Client-Side on Any Scope with MatanBer

Episode 81: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by MatanBer to go over some recent bug reports, as well as share some tips and tricks on client-side hacking and ...

25 Jul 20242h 4min

Episode 80: Pwn2Own VS H1 Live Hacking Event (feat SinSinology)

Episode 80: Pwn2Own VS H1 Live Hacking Event (feat SinSinology)

Episode 80: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by Sina Kheirkhah to talk about the start of his hacking journey and explore the differences between the Pwn2Own ...

18 Jul 20242h 49min

Episode 79: The State of CSS Injection - Leaking Text Nodes & HTML Attributes

Episode 79: The State of CSS Injection - Leaking Text Nodes & HTML Attributes

Episode 79: In this episode of Critical Thinking - Bug Bounty Podcast we deepdive CSS injection, and explore topics like sequential import chaining, font ligatures, and attribute exfiltration.Follow u...

11 Jul 20241h 10min

Episode 78: Less Writing, More Hacking - Reporting Efficiency Techniques

Episode 78: Less Writing, More Hacking - Reporting Efficiency Techniques

Episode 78: In this episode of Critical Thinking - Bug Bounty Podcast we’re talking about writing reports. We share some tips that we’ve learned, and discuss ways that AI can (and can’t) help with tha...

4 Jul 20241h 6min

Populært innen Teknologi

lydartikler-fra-aftenposten
romkapsel
teknisk-sett
smart-forklart
energi-og-klima
rss-ki-praten
nasjonal-sikkerhetsmyndighet-nsm
rss-impressions-2
shifter
tomprat-med-gunnar-tjomlid
elektropodden
rss-praktisk-proptech
hans-petter-og-co
rss-ki-til-kaffen
teknologi-og-mennesker
i-loopen
pedagogisk-intelligens
rss-for-alarmen-gar
rss-digitaliseringspadden
rss-ai-forklart