Critical Thinking - Bug Bounty Podcast

Episode 45: In this episode of Critical Thinking - Bug Bounty Podcast, we're thrilled to welcome Frans Rosén, an OG bug bounty hunter and co-founder of Detectify. We kick off with Frans sharing his journey bug bounty and security startups, before diving headfirst into a host of his blog posts. We also cover the value of pseudo-code for bug exploitation, understanding developer terminology, the challenges of collaboration and delegating tasks, and balancing hacking with parenting. If you're interested in bug bounty or entrepreneurship, you won't want to miss it!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.Join our Discord!Today's Guest:https://twitter.com/fransrosenDetectifyDiscovering s3 subdomain takeoversBucket DiscloseA deep dive into AWS S3 access controlsAttacking Modern Web TechnologiesLive Hacking like a MVHAccount hijacking using Dirty Dancing in sign-in OAuth flowsTimestamps:(00:00:00) Introduction(00:04:50) Franz Rosen's Bug Bounty Journey and the creation of Detectify(00:13:30) Benefits of pseudo-code, typing, and thinking like a developer(00:20:20) Hunter Methodologies(00:35:40) Time on targets, Iteration vs. Ideation, and tips for standing out(00:51:10) S3 subdomain takeovers(01:05:02) Blog posting and hosting motivations(01:13:30) Detectify and entrepreneurial endeavors(01:29:50) Attacking Modern Web Technologies(01:46:00) postMessage and MessagePort(01:58:09) Live Hacking and Collaboration(02:13:50) Account Hijacking and OAuth Flows(02:28:48) Hacking/Parenting

16 Nov 20232h 36min

Episode 44: In this episode of Critical Thinking - Bug Bounty Podcast, the topic is URL structure, and Justin and Joel break down the elements that make up a URL and some common tips and tricks surrounding them which allow for all sorts of bypasses. We also round out the episode with some new tools, ato stories, and some controversial current events in the hacker scene.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Sign up for Caido using the referral code CTBBPODCAST for a 10% discount."XnlReveal" XNL h4ck3rOAuth article by Salt LabsH1 controversy recapATO through Facebook Loginhttps://twitter.com/Jayesh25_/status/1718543152296939861https://twitter.com/itscachemoney/status/1721658450613346557When URL Parsers disagreeGolden techniques to bypass host validations in Android appsMozilla article on HTTP AuthenticationBreaking Parser Logic talk by Orange TsaiURL DetectorSSRF BibleTimestamps:(00:00:00) Introduction(00:04:10) “Xnl-Reveal”(00:07:22) OAuth vulnerabilities(00:13:17) Recap of controversy surrounding the handling of a vulnerability report on H1(00:18:55) Hacker Success Manager Program(00:22:30) Facebook login ATO(00:27:45) When URL parsers disagree(00:34:34) URL Structures(01:02:22) Shared secrets across environments(01:09:40) Social Media Logins

9 Nov 20231h 11min

Episode 43: In this episode of Critical Thinking - Bug Bounty Podcast, we're joined by Emile from Caido, who shares his journey into the bug bounty and ethical hacking world. We kick off with a hilarious incident involving Joel, a child on an airplane, and an unfortunate cough. We then dive into the challenges of building an HTTP proxy tool, balancing basic features with nice-to-have features, and the importance of user feedback in shaping the development of Caido, a bug bounty tool.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Sign up for Caido using the referral code CTBBPODCAST for a 10% discount on the annual license. Today’s Guest:https://twitter.com/TheSytten Caidohttps://caido.io/Caido’s Discordhttps://discord.com/invite/KgGkkpKFaqVS Codehttps://code.visualstudio.com/DNSChefhttps://github.com/iphelix/dnschefHackMDhttps://hackmd.io/Timestamps:(00:00:00) Introduction(00:01:34) Emile’s journey from general infrastructure development to co-founding Caido(00:07:00) The rundown on Caido, a lightweight and flexible HTTP proxy tool(00:11:00) Current and upcoming Caido Features(00:17:00) Caido crew and division of duties(00:19:40) Missing features and feature requests(00:23:49) Decision to use Rust(00:28:25) Workflows and walkthroughs(00:36:27) Intercepts and the Roadmap(00:41:15) Opinions on collaborator Functionality and HTTP Callback(00:46:19) Reporting and Collaboration

2 Nov 20231h

Episode 42: In this episode of Critical Thinking - Bug Bounty Podcast, we're live from a hacking event in Portugal, and joined by the extremely talented René de Sain! He helps us cover a host of topics like NFT, XSS, LHE, and tips for success. We also talk about the correlation between creativity and hacking, shared workspaces, and last but certainly not least, hacker tattoos.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.Today’s Guest:https://twitter.com/renniepakhttps://www.linkedin.com/in/rene-de-sain/ https://app.intigriti.com/researcher/profile/renniepakHacker Hideouthttps://hackerhideout.xyzTimestamps:(00:00:00) Introduction(00:04:40) NFT Vulns and web3 hacking(00:08:15) Hacker Tattoos(00:12:30) Intigriti vs. other platforms, and LHE approaches.(00:20:10) Loneliness, budgeting, and the pros and cons of full-time hunting(00:28:36) Target approaches, XSS, and extension tools.(00:37:40) Fostering hacker intuition and relationships(00:47:15) Final thoughts on the Intigriti Event

26 Okt 202359min

Episode 41: In this episode of Critical Thinking - Bug Bounty Podcast, Justin takes a break from his busy travel schedule to walk us through a few of his Attack Vector formulation strategies. We’re keeping this one short and sweet, so it can be better used as a reference when looking for new vectors.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.Nahamcon talk by Douglas Dayhttps://youtu.be/G1RHa7l1Ys4?t=295Timestamps:(00:00:00) Introduction(00:02:53) Use the application like a human, not like a hacker(00:05:02) Reading documentation looking for "Cannot" statements(00:08:16) Look at the grayed out areas(00:10:08) Look for information in the API response(00:12:38) Differences in the UI between different accounts(00:13:42) Pay the paywall.

19 Okt 202317min

Episode 40: In this episode of Critical Thinking - Bug Bounty Podcast, it’s all about mentorships! Justin sits down with Kodai and So, two hackers he helped mentor, to discuss what worked and what didn’t. We talk about the importance of mentorship, what mentors might look for in a candidate, the challenges of transitioning from being mentored to self-education, and the necessity of continuous learning in this ever-evolving field that is bug bounty. This episode is a treasure trove of insights, and if you’re interested in either side of the mentorship coin, you won’t want to miss it.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Sign up for Caido using the referral code CTBBPODCAST for a 10% discount. Today’s Guests:https://twitter.com/weeshterhttps://twitter.com/Mokusou4Congrats to @nchickens as our giveaway winner!The Bug Hunter's Methodology Live Coursehttps://jasonhaddix.gumroad.com/l/lycucsTimestamps:(00:00:00) Introduction(00:04:00) Guest backgrounds and introduction into hacking(00:17:49) Where to start Learning and Teaching(00:25:40) Technical Training vs Conceptual Teaching(00:28:34) Mentorship Styles and Techniques.(00:39:15) Moving from being mentored to self-learning(00:46:20) Developing mental resilience and healthy habits(00:50:32) Elements in mentorships that were hard or haven’t worked(01:02:21) Being influenced by other hackers through mentorship or collaboration(01:06:20) Hacking Bilingually and language barriers(01:11:30) Hacking and learning goals for the future

12 Okt 20231h 31min

Episode 39: In this episode of Critical Thinking - Bug Bounty Podcast, We're catching up on news, including new override updates from Chrome, GPT-4, SAML presentations, and even a shoutout from Live Overflow! Then we get busy laying the groundwork on a discussion of web architecture. better get started on this one, cause we're going to need a part two!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterCT shoutout from Live Overflowhttps://www.youtube.com/watch?v=3zShGLEqDn8Chrome Override updateshttps://developer.chrome.com/blog/new-in-devtools-117/#overridesGPT-4/AI Prompt Injectionhttps://x.com/rez0__/status/1706334160569213343?s=20 & https://x.com/evrnyalcin/status/1707298475216425400?s=20Caido Releases Pro free for studentshttps://twitter.com/CaidoIO/status/1707099640846250433Or, use code ctbbpodcast for 10% of the subscription priceAleksei Tiurin on SAML hackinghttps://twitter.com/antyurin/status/1704906212913951187Account Takeover on Teslahttps://medium.com/@evan.connelly/post-account-takeover-account-takeover-of-internal-tesla-accounts-bc720603e67dJosephhttps://portswigger.net/bappstore/82d6c60490b540369d6d5d01822bdf61Cookie Monsterhttps://github.com/iangcarroll/cookiemonsterHTMXhttps://htmx.org/Timestamps:(00:00:00) Introduction(00:04:40) Shoutout from Live Overflow(00:06:40) Chrome Overrides update(00:08:48) GPT-4V and AI Prompt Injection(00:14:35) Caido Promos (00:15:40) SAML Vulns(00:17:55) Account takeover on Tesla, and auth token from one context in a different context(00:24:30) Testing for vulnerabilities in JWT-based authentication(00:28:07) Web Architectures(00:32:49) Single page apps + a rest API(00:45:20) XSS vulnerabilities in single page apps(00:49:00) Direct endpoint architecture(00:55:50) Content Enumeration(01:02:23) gRPC & Protobuf(01:06:08) Microservices and Reverse Proxy(01:12:10) Request Smuggling/Parameter Injections

5 Okt 20231h 21min

Episode 38: In this episode of Critical Thinking - Bug Bounty Podcast, we're thrilled to welcome mobile hacking maestro Sergey Toshin (aka @bagipro). We kick off with Sergey sharing his unexpected journey into mobile security, and how he rose to become the number one hacker in both Google Play Security and Samsung Bug Bounty programs. We then delve into the evolving perception of mobile bugs, a myriad of new and existing attack vectors, and discuss Sergey's creation of mobile security company Oversecured. You’re going to want to make time for this one!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterToday's Guest:https://twitter.com/_bagiproOversecuredhttps://oversecured.com/Oversecured Bloghttps://blog.oversecured.com/jadxhttps://github.com/skylot/jadx'Golden Android Techniques'https://hackerone.com/reports/431002Timestamps:(00:00:00) Introduction(00:01:28) Sergey Toshin’s hacking journey and achievements(00:08:20) Mobile hacking: Devices and attack vectors(00:12:35) Using Jadx(00:15:40) The creation of Oversecured(00:23:10) The Oversecured Blog and Sharing Information(00:28:08) New Spheres and Strategies of Mobile Hacking(00:35:13) Tips for getting into Mobile Hacking

28 Sep 202343min