Episode 113: Best Technical Takeaways from Portswigger Top 10 2024
Critical Thinking - Bug Bounty Podcast6 Mar 2025

Episode 113: Best Technical Takeaways from Portswigger Top 10 2024

Episode 113: In this episode of Critical Thinking - Bug Bounty Podcast we’re breaking down the Portswigger Top 10 from 2024. There’s some bangers in here!

Follow us on X at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater and Rez0 on X:

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag!

====== Resources ======

Hijacking OAUTH flows via Cookie Tossing

ChatGPT Account Takeover - Wildcard Web Cache Deception

OAuth Non-Happy Path to ATO

CVE-2024-4367 - Arbitrary JavaScript execution in PDF.js

DoubleClickjacking: A New Era of UI Redressing

WorstFit: Unveiling Hidden Transformers in Windows ANSI

SQL Injection Isn't Dead: Smuggling Queries at the Protocol Level

Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server

Middleware, middleware everywhere – and lots of misconfigurations to fix

====== Timestamps ======

(00:00:00) Introduction

(00:09:56) Hijacking OAuth flows via Cookie Tossing

(00:17:30) ChatGPT Account Takeover

(00:25:28) OAuth Non-Happy Path to ATO

(00:29:24) CVE-2024-4367

(00:37:37) DoubleClickjacking:

(00:44:54) Exploring the DOMPurify library

(00:48:01) WorstFit

(00:56:29) Unveiling TE.0 HTTP Request Smuggling

(01:06:40) SQL Injection Isn't Dead: Smuggling Queries at the Protocol Level

(01:14:05) Confusion Attacks

Episoder(167)

Episode 143: New Cohost + Client-Side Gadgets, LHE Meta — Instant Global Admin in Entra!

Episode 143: New Cohost + Client-Side Gadgets, LHE Meta — Instant Global Admin in Entra!

Episode 143: In this episode of Critical Thinking - Bug Bounty Podcast Justin brings Brandyn back to announce him as our newest co-host. We chat about recent LHE experiences, and then break down some ...

9 Okt 20251h 4min

Episode 142: Gr3pme's Full-Time Hunting Journey Update, Insane AI research, And Some Light News

Episode 142: Gr3pme's Full-Time Hunting Journey Update, Insane AI research, And Some Light News

Episode 142: In this episode of Critical Thinking - Bug Bounty Podcast Rez0 and Gr3pme join forces to discuss Websocket research, Meta’s $111750 Bug, PROMISQROUTE, and the opportunities afforded by go...

2 Okt 202554min

Episode 141: Hacking the Pod - Google Docs 0-day & React CreateElement Exploits with Nick Copi (7urb0)

Episode 141: Hacking the Pod - Google Docs 0-day & React CreateElement Exploits with Nick Copi (7urb0)

Episode 141: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Nick Copi to talk about CSPT, React, CSS Injections and how Nick hacked the pod.Follow us on twitter at: ht...

25 Sep 20251h 23min

Episode 140: Crit Research Lab Update & Client-Side Tricks Galore

Episode 140: Crit Research Lab Update & Client-Side Tricks Galore

Episode 140: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph give an update from The Crit Research Lab, as well as some writeups on postMessage vulnerabilities, Cookie Chao...

18 Sep 202557min

Episode 139: James Kettle - Pwning in Prod & How to do Web Security Research

Episode 139: James Kettle - Pwning in Prod & How to do Web Security Research

Episode 139: In this episode of Critical Thinking - Bug Bounty Podcast Justin finally sits down with the great James Kettle to talk about HTTP Proxys, metagaming research, avoiding burnout, and why HT...

11 Sep 20252h 21min

Episode 138: Caido Tools and Workflows

Episode 138: Caido Tools and Workflows

Episode 138: In this episode of Critical Thinking - Bug Bounty Podcast We’re talking Caido tools and workflows. Justin gives us a list of some of the Caido tools that have caught his interest, as well...

4 Sep 202522min

Episode 137: How We Do AI-Assisted Whitebox Review, New CSPT Gadgets, and Tools from SLCyber

Episode 137: How We Do AI-Assisted Whitebox Review, New CSPT Gadgets, and Tools from SLCyber

Episode 137: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner and Joseph Thacker reunite to talk about AI Hacking Assistants, CSPT and cache deception, and a bunch of tools lik...

28 Aug 202549min

Episode 136: Hacking Cluely, AI Prod Sec, and How To Not Get Sued with Jack Cable

Episode 136: Hacking Cluely, AI Prod Sec, and How To Not Get Sued with Jack Cable

Episode 136: In this episode of Critical Thinking - Bug Bounty Podcast, Joseph Thacker sits down with Jack Cable to get the scoop on a significant bug in Cluely’s desktop application, as well as the r...

21 Aug 202550min

Populært innen Teknologi

lydartikler-fra-aftenposten
romkapsel
teknisk-sett
tomprat-med-gunnar-tjomlid
nasjonal-sikkerhetsmyndighet-nsm
energi-og-klima
shifter
smart-forklart
rss-ki-praten
rss-impressions-2
pedagogisk-intelligens
elektropodden
rss-ai-forklart
hans-petter-og-co
rss-polypod
rss-for-alarmen-gar
rss-bits-and-bytes-for-advokater
rss-snakk-om-sikkerhet
rss-alt-vi-kan
rss-alt-som-gar-pa-strom