Episode 21: Chill Chat with Legendary DoD Hacker Corben Leo

Episode 21: Chill Chat with Legendary DoD Hacker Corben Leo

In this episode of Critical Thinking - Bug Bounty Podcast, we chat with Corben Leo about his journey in bug bounty hunting and ethical hacking. We discuss the state of DNS rebinding in 2023, a Twitter thread by Douglas Day (@ArchAngelDDay) on one-hundred bug bounty rules, and our own unique approaches to bug hunting. We also discuss Corben's recon-focused bug hunting methodology and how he developed it. Don't miss this episode filled with valuable tips, insights, and Corben's Boring Mattress Company.

Follow us on twitter at: @ctbbpodcast

Get on our newsletter for some exclusive content: https://www.criticalthinkingpodcast.io/subscribe

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

Today’s Guest:

https://twitter.com/hacker_

Article on the State of DNS Rebinding in 2023:

https://research.nccgroup.com/2023/04/27/state-of-dns-rebinding-in-2023/

See @ArchAngelDDay's twitter thread about 100 bug bounty rules:

https://twitter.com/ArchAngelDDay/status/1661924038875435008

Talkback - Cybersecurity news aggregator:

https://talkback.sh/

PyPI announces mandatory 2FA:

https://www.bleepingcomputer.com/news/security/pypi-announces-mandatory-use-of-2fa-for-all-software-publishers/

Timestamps:

(00:00:00) Introduction

(01:05) State of DNS rebinding in 2023

(04:40) 100 Bug Bounty Rules by @ArchAngelDDay

(05:30) Give yourself a ‘no bug’ limit

(07:00) The value of reporting Low and Medium Bugs for Bug Bounty Programs

(11:15) Reporting Out of Scope Bugs

(14:30) Reporting IDORs as Access Control Bugs

(17:28) Talkback

(18:12) PyPI's mandatory 2FA implementation for software publishers

(Start of main content)

(20:07) Starting out in bug bounty/ethical hacking

(25:00) Hacking methodology and mentorship

(28:15) Identifying Load Balancers

(33:20) Triage and live events:

(38:30) College and Computer Science vs. Cybersecurity

(45:45) Importance of writing for the Hacker Community

(51:21) Storytelling and report writing.

(55:00) When to stop doing recon and start hacking

(01:00:58) Lessons Learned from BreachlessAI and the pivot to Boring Mattress Co.

Det här avsnittet är hämtat från ett öppet RSS-flöde och publiceras inte av Podme. Det kan innehålla reklam.

Avsnitt(181)

Episode 181: Bug Bounty Singularity

Episode 181: Bug Bounty Singularity

Episode 181: In this episode of Critical Thinking - Bug Bounty Podcast Joseph and XSSDoctor talk about building a Hackbot.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestion...

2 Juli 52min

Episode 180: State of Bug Bounty Maturity Posture Report

Episode 180: State of Bug Bounty Maturity Posture Report

Episode 180: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Steve Hernandez, founder of the Bug Bounty Maturity Framework (BBMF), to walk us through the inaugural State of B...

25 Juni 1h 12min

Episode 179: Maintaining Motivation in Post-AI Bug Bounty World

Episode 179: Maintaining Motivation in Post-AI Bug Bounty World

Episode 179: In this episode of Critical Thinking - Bug Bounty Podcast we talk about how to stay motivated and keep the vibes strong during this trying time for Bug Bounty.Follow us on twitter at: htt...

18 Juni 46min

Episode 178: 600k in ~3 months - BruteCat pt 2

Episode 178: 600k in ~3 months - BruteCat pt 2

Episode 178: In this episode of Critical Thinking - Bug Bounty Podcast we’re back with BruteCat to finish up our discussion on hacking Google. This week we hit AI.Follow us on twitter at: https://x.co...

11 Juni 1h 23min

Episode 177: 2x Google RCE with VRP Legend Brutecat

Episode 177: 2x Google RCE with VRP Legend Brutecat

Episode 177: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by BruteCat to talk about his journey hacking Google Cloud, Gmail, Youtube, and Google Phone.Follow us on twitter at...

4 Juni 1h 25min

Episode 176: 600+ CVEs on Adobe AEM with Jim Green (GreenJam)

Episode 176: 600+ CVEs on Adobe AEM with Jim Green (GreenJam)

Episode 176: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by top Adobe hacker Jim Green to deep-dive AEM. We talk through Sling selectors, Permissions, and how to spot AEM Re...

28 Maj 1h 50min

Episode 175: Rhyno’s Hackbot Setup, Sick Bugs, and ZDI Drama

Episode 175: Rhyno’s Hackbot Setup, Sick Bugs, and ZDI Drama

Episode 175: In this episode of Critical Thinking - Bug Bounty Podcast we’re comparing Hackbot setups and results. We also talk about some of the recent ZDI drama, as well as the importance of freakin...

21 Maj 49min

Episode 174: Saving Bug Bounty Programs + AMPScript, tessl & GPT-5.5

Episode 174: Saving Bug Bounty Programs + AMPScript, tessl & GPT-5.5

Episode 174: In this episode of Critical Thinking - Bug Bounty Podcast we follow up from last episode with some advice for BB platforms, as well as cover a slew of writeups from Searchlight Cyber, wat...

14 Maj 1h 9min

Populärt inom Teknik

uppgang-och-fall
elbilsveckan
market-makers
rss-laddstationen-med-elbilen-i-sverige
rss-elektrikerpodden
rss-technokratin
natets-morka-sida
bilar-med-sladd
developers-mer-an-bara-kod
hej-bruksbil
rss-veckans-ai
skogsforum-podcast
rss-uppgang-och-fall
rss-snacka-om-ai
dom-kallar-oss-krypto
solcellskollens-podcast
ai-sweden-podcast
rss-en-ai-till-kaffet
under-femton
rss-inet-patch-notes