Critical Thinking - Bug Bounty Podcast

Episode 29: In this episode of Critical Thinking - Bug Bounty Podcast sit down with Assetnote Engineer Sean Yeoh, and pick his brain about what he's learned on his development journey. We talk about the place and importance of message brokers, and which ones we like best, as well as his engineering philosophy regarding bottleneck prevention and the importance of pursuing optimization. Don't miss this episode of terrific technical tips!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterToday’s Guest:https://twitter.com/seanyeohAssetnotehttps://www.assetnote.io/https://twitter.com/assetnoteXKCD automation graphhttps://xkcd.com/1319/Github repositoryhttps://github.com/alex/what-happens-whenArticle about Queueshttps://archive.is/Nan4eNATShttps://nats.io/MongoDBhttps://www.mongodb.com/Timestamps:(00:00:00) Introduction(00:01:18) Story of Assetnote(00:05:20) Message Brokers and event-driven architectures(00:11:15) Preventing bottlenecks and pursuing optimization(00:21:35) Using a profiler(00:28:30) Choosing a Message Broker(00:33:00) Kubernetes and Conntrack Limits(00:37:13) Databases(00:46:30) Bug bounty tips: Sub-domain vs. IP Address(00:51:15) Engineering quandaries(00:53:38) DNS Wildcards

27 Jul 202359min

Episode 28: In this episode of Critical Thinking - Bug Bounty Podcast, the CSRF’s up, dude! We kick off with a debate about whether or not deep link vulns in mobile apps can be considered CSRF. We also talk browser extensions and tools like Hackbar, PwnFox, and JS Weasel, and Justin tries to invent a whole new vuln term. There’s plenty of good stuff here, so what are you waiting for? Jump on in!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterrez0's latest tiphttps://twitter.com/rez0__/status/168134822190014466019Hackbarhttps://addons.mozilla.org/en-US/firefox/addon/hackbartool/PwnFoxhttps://twitter.com/adrien_jeanneau/status/1681364665354289152JS Weaselhttps://www.jswzl.io/Charlie Eriksenhttps://twitter.com/CharlieEriksenLink to talk by Rojanhttps://twitter.com/uraniumhacker/status/1681381857383030785Bypassing GitHub's OAuth flowhttps://blog.teddykatz.com/2019/11/05/github-oauth-bypass.htmlGreat SameSite Confusionhttps://jub0bs.com/posts/2021-01-29-great-samesite-confusion/Check out Nahamsec's Channelhttps://www.youtube.com/c/nahamsecTimestamps:(0:01:45) The deep link debate(00:08:00) LHE and in-person interviews(00:09:25) SQLMAP and raw requests(00:11:11) Hackbar, PwnFox, and browser extensions(00:16:45) JS Weasel tool and its features(00:25:28) Rojan's Research and Public Talks(Start of main content)(00:28:36) Cross-Site Request Forgery (CSRF)(00:35:00) Bypassing GitHub's OAuth flow(00:45:00) A Small SameSite Story(00:48:50) CSRF Exploitation Techniques(01:07:15) CSRF Bug Stories(01:15:30) NahamSec and DEFCON

20 Jul 20231h 18min

Episode 27: In this episode of Critical Thinking - Bug Bounty Podcast, we've switched places and now Joel is home while Justin is on the move. We break down seven esoteric web vulnerabilities, and talk Cookies, Config File Injections, Client-side path traversals and more. We also briefly discuss appliance hacking, new tools, and shout out some new talent in the hacking space. Don't miss this episode full of cool vulns, and experience Justin's vocal decline in real time.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterEncrypted Doesn't Mean Authenticated:https://blog.assetnote.io/2023/07/04/citrix-sharefile-rce/Tweet about headless chrome browserhttps://twitter.com/bhavukjain1/status/1678719047209484288?t=NWnZvwHTRMyH_lVC-uXe0g&s=19Shout out to new talent within the hacking spacehttps://twitter.com/haxrobhttps://twitter.com/atc1441Tweet about hacking Google Search Appliancehttps://twitter.com/orange_8361/status/1677378401957724160Bitquark releases shortscanhttps://twitter.com/bitquark/status/1677647450989838338Hacking Starbuckshttps://samcurry.net/hacking-starbucks/Justin's CookieJar Toolhttps://apps.rhynorater.dev/checkCookieJarOverflow.htmlHackTrickshttps://book.hacktricks.xyz/pentesting-web/hacking-with-cookies/cookie-jar-overflowXSLeakhttps://xsleaks.devTimestamps:(00:00:00) Introduction(00:04:00) Assetnote on ShareFile RCE(00:13:05) Headless Browsers(00:17:00) Hacker Content Creators(00:22:51) Appliance Hacking(00:30:31) Shortscan Release(Start of main content)(00:35:39) Config File Injection(00:44:00) Client-side Path Traversal(00:51:33) Cookie Bombing(00:58:00) Cookie Jar Overflow(01:03:50) XSLeak(01:10:49) UNC Path Injection(01:15:50) Impactful Link Hijack

13 Jul 20231h 20min

In this episode of Critical Thinking - Bug Bounty Podcast, we're back with Joel, fresh (haha) off of back-to-back live hack events in London and Seoul. We compare the different vibes of each LHE, then we dive into the technical thick of it, and talk web browsers, XSS vectors, new tools, CVSS 4.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:______Hunting for NGINX alias traversals in the wildPortSwigger TweetSoroush's Follow-upTweet about magic math element<22 weird XSS behaviorLupin’s follow-upPatch diffingChanges to CVSS 4.0Ask FIRSTdotORG what's going onJsluiseJS import() behavior'JavaScript for Hackers'CSP Evaluator:Dom ClobberingHTML Injection Cheat SheetGareth Heyes website/game______Timestamps:(00:00:00) Introduction(00:04:10) LHE Vibes(00:07:45) "Hunting for NGINX alias traversals in the wild"(00:12:30) Payouts in BB programs(00:16:05) New XSS vectors and popovers(00:24:15) The "magical math element" in Firefox(00:27:15) LiveOverflow on HTML parsing quirks(00:32:10) Mr. Tux Racer, Woocommerce, and WordPress(00:40:00) Changes in the CVSS 4 draft spec(00:45:00) TomNomNom's new tool Jsluise(00:51:15) JavaScript's import function & "JavaScript for Hackers"(01:09:15) Prototype pollution & DOM clobbering(01:18:10) Base tags and CSS Games

6 Jul 20231h 33min

Episode 25: In this episode of Critical Thinking - Bug Bounty Podcast we talk to Cosmin (@Inhibitor181), fresh off of winning his 2nd MVH! We chat about the time management and strategy of hacking Multi-Target LHEs, determining when to pivot, and how to find normalcy in bug bounty hunting and Live Hacking Events. We also touch on setting up Vuln Pipelines, creating mental models, and Cosmin's terrifying naming schemes. Don't miss this episode packed with both laughs and valuable insights for beginners and seasoned bug bounty hunters alike.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterToday’s Guest:https://twitter.com/inhibitor181Justin's weird episode with all the Dr. Suess Shithttps://rss.com/podcasts/ctbbpodcast/966055/?listen-on=trueTimestamps:(00:00:00) Introduction(00:02:52) MVH club and Multi-Target stragety (00:12:00) Deciding when to pivot(00:17:00) File Organization and 'unique' naming approaches(00:23:56) Staying up to date on features and updates(00:25:46) Hacking Sleep Habits(00:28:15) Finding 'Normal Life' in bug bounty and LHE(00:33:30) Vuln Pipelines, Wordlists, and full time bug bounty tips(00:44:15) Benefits of the Bug Bounty Community(00:47:45) Relationships with target companies and programs(00:53:15) Creating mental models(01:00:30) The Importance of writing good reports(01:04:30) How to choose what to hack

29 Jun 20231h 11min

Episode 24: In this episode of Critical Thinking - Bug Bounty Podcast, we chat with Daniel Miessler and Rez0 about the emergence and potential of AI in hacking. We cover AI shortcuts and command line tools, AI in code analysis and the use of AI agents, and even brainstorm about the possible opportunities that integrating AI into hacking tools like Caido and Burp might present. Don't miss this episode packed with valuable insights and cutting-edge strategies for both beginners and seasoned bug bounty hunters alike.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterToday’s Guests:https://twitter.com/rez0__https://twitter.com/DanielMiesslerDaniel Miessler’s Unsupervised Learninghttps://danielmiessler.com/Simon Willison's Python Function Search Toolhttps://simonwillison.net/2023/Jun/18/symbex/oobabooga - web interface for modelshttps://github.com/oobabooga/text-generation-webuiState of GPThttps://karpathy.ai/stateofgpt.pdf AI Canarieshttps://danielmiessler.com/p/ai-agents-canaries GPT3.5https://community.openai.com/t/gpt-3-5-turbo-0613-function-calling-16k-context-window-and-lower-prices/263263 GPT Engineerhttps://github.com/AntonOsika/gpt-engineerTimestamps:(00:00:00) Introduction(00:05:40) Using AI for hacking: Developing hacking tools and workflow shortcuts(00:11:40) GPT Engineer and Small Developer for Security Vulnerability Mapping(00:22:40) The potential dangers of centralized vs. decentralized finance(00:24:10) Ethical hacking and circumventing ChatGPT restrictions(00:26:09) AI Agents, Reverse API, and Encoding/Decoding Tools(00:31:45) Limitations of AI in context window and processing large JavaScript files(00:36:50) Meta-prompter: Enhancing prompts for accurate responses from GPT(00:41:00) GPT-35 and the new 616K context model(45:08) Creating a loader for Burp Suite files or Caido instances(00:54:02) Hacking AI Features: Best Practices(01:00:00) AI plugin takeover and the need for verification of third-party plugins and tools

22 Jun 20231h 3min

Episode 23: In this episode of Critical Thinking - Bug Bounty Podcast, we delve into a different aspect of hardware - Our personal loadouts. We go through the equipment and gear we use to get our jobs done, and share stories about why we picked what we have. We also touch on live hacking events, the growing acceptance of white hat hacking, and some pretty cool news going on in the hacker world. Don't miss this episode packed with tips and strategies for both beginners and seasoned hackers alike!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterBlog post on hacking root EPP servershttps://hackcompute.com/hacking-epp-servers/Behind this Website:https://github.com/jonkeegan/behind-this-websiteTweet about vRealize Network Insight: https://summoning.team/blog/vmware-vrealize-network-insight-rce-cve-2023-20887/Zoom's new vulnerability impact scoring system:https://viss.zoom.com/specificationsUplift Deskshttps://www.upliftdesk.com/Synergyhttps://symless.com/synergyAhnestly chair reviews:https://www.youtube.com/c/AhnestlyOur producer’s new audio drama ‘Homicide at Heavensgate’https://link.sentinelstudios.net/homicideTimestamps:(00:00:00) Introduction(00:02:28) Navigating hacking events and imposter syndrome(00:06:30) Blog post on hacking root EPP servers(00:10:01) The growing acceptance of white-hat hacking(00:12:25) Finding Website Owners and Contact Information(00:16:45) VMware vRealize Network Insight CVEs and nginx reverse proxy bypass(00:21:30) Zoom's new vulnerability impact scoring system(00:27:24) The Importance of Analyzing Systemic Problems in Black Box Testing(00:30:40) Documentation, Vulnerable by Design, and acceptable risk(Start of main content)(00:34:37) Leveling up your Hacker Setup(00:37:13) The Importance of your body(00:41:30) Investing in ergonomic equipment for computer work(00:42:27) Standing Desks: Uplift Desk and DIY standing desk options(00:46:00) Portable Tables: Flexible Workspace Solutions(00:47:30) Monitor Setup(00:54:40) Synergy: One keyboard and mouse across multiple devices(00:57:20) Capture Card: Using it as a software display(00:58:58) Keyboards and mice(01:03:27) Using a Chromebook for lightweight hacking(01:08:57) Chair Reviews: The Niche World of High-End Chairs

15 Jun 20231h 14min

Episode 22: In this episode of Critical Thinking - Bug Bounty Podcast we talk about some basic/intermediate concepts related to Hardware Hacking. Specifically, we dive into extracting data from eMMC chips in order to get our hands on source code for IoT devices. Don't miss this episode packed with valuable insights, tips, and strategies for beginners and seasoned bug bounty hunters alike!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterCheckout NahamCon:https://bit.ly/42vnpMSRiverLoop Security Write-up: https://bit.ly/3oSKL1oGood Chip-Off Write-up:https://bit.ly/3IWym3qScratching chips to expose pins:https://bit.ly/45Tj21ihttps://bit.ly/3oJJt8ZChat with Corben on Degrees: https://youtu.be/N9P5PUx-PNQ?t=2311Gareth Hayes Tweet:https://bit.ly/3qvFNYWHuntress - John Hammond - MoveIt Response:https://bit.ly/42vTTXvCritical Thinking Hardware Hacking Setup - See the gear we're talking about (Affiliate links): https://linke.to/hardwarehackingsetTimestamps:(00:00:00) Introduction(01:03) NahamCon's Live Hacking Event and Justin's Presentation on PCI DSS(02:40) Depreciation of Data URLs in SVG Use Element(04:55) Gareth Hayes and knowledge sharing in the hacking community(07:50) Move It vulnerability and and John Hammond’s epic 4 am rants(12:18) Identifying promising leads in bug bounty hunting, and knowing when to move on(Start of main content)(21:40) Hardware Recon, and using Test Pins to Access EMMC Chip(26:16) Identifying Chip Pinouts and Continuity Testing(29:01) Using Logic Analyzers for Hardware Hacking(33:01) Importance of Fundamental Knowledge in Hacking, and the benefits of understanding Electrical Engineering(35:46) Replay Protected Memory Block Protocol(40:00) Bug Bounty Programs and Hardware Testing Support(41:05) Chip Pulling techniques and Essential Equipment for Hardware Hacking(59:50) Tips for Buying Hardware Hacking Tools: Research and Specific Use Cases(01:06:35) Hardware Hacking: Just scratching the surface.(01:08:45) Vulnerability Disclaimer: Pulling OS from a chip does not constitute a Vulnerability.

8 Jun 20231h 11min