Episode 70: NahamCon and CSP Bypasses Everywhere
Critical Thinking - Bug Bounty Podcast9 Mai 2024

Episode 70: NahamCon and CSP Bypasses Everywhere

Episode 70: In this episode of Critical Thinking - Bug Bounty Podcast we’re once again joined by Ben Sadeghipour to talk about some Nahamcon news, as well as discuss a couple other LHE’s taking place. Then they cover CI/CD and drop some cool CSP Bypasses.

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Today's Sponsor - Project Discovery: https://nux.gg/podcast

Today’s Guest: https://twitter.com/NahamSec

https://www.nahamcon.com/

Resources:

Depi

https://www.landh.tech/depi

Youtube CSP:

https://www.youtube.com/oembed?callback=alert()

Maps CSP:

https://maps.googleapis.com/maps/api/js?callback=alert()-print

Google APIs CSP

https://www.googleapis.com/customsearch/v1?callback=alert(1)

Google CSP

https://www.google.com/complete/search?client=chrome&q=123&jsonp=alert(1)//

CSP Bypass for opener.child.child.child.click()

https://octagon.net/blog/2022/05/29/bypass-csp-using-wordpress-by-abusing-same-origin-method-execution/

Timestamps:

(00:00:00) Introduction

(00:02:55) BSides Takeaways and hacking on Meta

(00:12:12) NahamCon News

(00:23:45) CI/CD and the launch of Depi

(00:33:29) CSP Bypasses

Episoder(167)

Episode 143: New Cohost + Client-Side Gadgets, LHE Meta — Instant Global Admin in Entra!

Episode 143: New Cohost + Client-Side Gadgets, LHE Meta — Instant Global Admin in Entra!

Episode 143: In this episode of Critical Thinking - Bug Bounty Podcast Justin brings Brandyn back to announce him as our newest co-host. We chat about recent LHE experiences, and then break down some ...

9 Okt 20251h 4min

Episode 142: Gr3pme's Full-Time Hunting Journey Update, Insane AI research, And Some Light News

Episode 142: Gr3pme's Full-Time Hunting Journey Update, Insane AI research, And Some Light News

Episode 142: In this episode of Critical Thinking - Bug Bounty Podcast Rez0 and Gr3pme join forces to discuss Websocket research, Meta’s $111750 Bug, PROMISQROUTE, and the opportunities afforded by go...

2 Okt 202554min

Episode 141: Hacking the Pod - Google Docs 0-day & React CreateElement Exploits with Nick Copi (7urb0)

Episode 141: Hacking the Pod - Google Docs 0-day & React CreateElement Exploits with Nick Copi (7urb0)

Episode 141: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Nick Copi to talk about CSPT, React, CSS Injections and how Nick hacked the pod.Follow us on twitter at: ht...

25 Sep 20251h 23min

Episode 140: Crit Research Lab Update & Client-Side Tricks Galore

Episode 140: Crit Research Lab Update & Client-Side Tricks Galore

Episode 140: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph give an update from The Crit Research Lab, as well as some writeups on postMessage vulnerabilities, Cookie Chao...

18 Sep 202557min

Episode 139: James Kettle - Pwning in Prod & How to do Web Security Research

Episode 139: James Kettle - Pwning in Prod & How to do Web Security Research

Episode 139: In this episode of Critical Thinking - Bug Bounty Podcast Justin finally sits down with the great James Kettle to talk about HTTP Proxys, metagaming research, avoiding burnout, and why HT...

11 Sep 20252h 21min

Episode 138: Caido Tools and Workflows

Episode 138: Caido Tools and Workflows

Episode 138: In this episode of Critical Thinking - Bug Bounty Podcast We’re talking Caido tools and workflows. Justin gives us a list of some of the Caido tools that have caught his interest, as well...

4 Sep 202522min

Episode 137: How We Do AI-Assisted Whitebox Review, New CSPT Gadgets, and Tools from SLCyber

Episode 137: How We Do AI-Assisted Whitebox Review, New CSPT Gadgets, and Tools from SLCyber

Episode 137: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner and Joseph Thacker reunite to talk about AI Hacking Assistants, CSPT and cache deception, and a bunch of tools lik...

28 Aug 202549min

Episode 136: Hacking Cluely, AI Prod Sec, and How To Not Get Sued with Jack Cable

Episode 136: Hacking Cluely, AI Prod Sec, and How To Not Get Sued with Jack Cable

Episode 136: In this episode of Critical Thinking - Bug Bounty Podcast, Joseph Thacker sits down with Jack Cable to get the scoop on a significant bug in Cluely’s desktop application, as well as the r...

21 Aug 202550min

Populært innen Teknologi

lydartikler-fra-aftenposten
romkapsel
tomprat-med-gunnar-tjomlid
teknisk-sett
energi-og-klima
nasjonal-sikkerhetsmyndighet-nsm
shifter
smart-forklart
rss-ki-praten
rss-impressions-2
pedagogisk-intelligens
elektropodden
rss-ai-forklart
rss-polypod
hans-petter-og-co
rss-alt-vi-kan
rss-for-alarmen-gar
rss-anleggspraten
rss-teknologioptimistene-energibransjens-it-podcast
rss-alt-som-gar-pa-strom