Episode 21: Chill Chat with Legendary DoD Hacker Corben Leo
Critical Thinking - Bug Bounty Podcast1 Juni 2023

Episode 21: Chill Chat with Legendary DoD Hacker Corben Leo

In this episode of Critical Thinking - Bug Bounty Podcast, we chat with Corben Leo about his journey in bug bounty hunting and ethical hacking. We discuss the state of DNS rebinding in 2023, a Twitter thread by Douglas Day (@ArchAngelDDay) on one-hundred bug bounty rules, and our own unique approaches to bug hunting. We also discuss Corben's recon-focused bug hunting methodology and how he developed it. Don't miss this episode filled with valuable tips, insights, and Corben's Boring Mattress Company.

Follow us on twitter at: @ctbbpodcast

Get on our newsletter for some exclusive content: https://www.criticalthinkingpodcast.io/subscribe

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

Today’s Guest:

https://twitter.com/hacker_

Article on the State of DNS Rebinding in 2023:

https://research.nccgroup.com/2023/04/27/state-of-dns-rebinding-in-2023/

See @ArchAngelDDay's twitter thread about 100 bug bounty rules:

https://twitter.com/ArchAngelDDay/status/1661924038875435008

Talkback - Cybersecurity news aggregator:

https://talkback.sh/

PyPI announces mandatory 2FA:

https://www.bleepingcomputer.com/news/security/pypi-announces-mandatory-use-of-2fa-for-all-software-publishers/

Timestamps:

(00:00:00) Introduction

(01:05) State of DNS rebinding in 2023

(04:40) 100 Bug Bounty Rules by @ArchAngelDDay

(05:30) Give yourself a ‘no bug’ limit

(07:00) The value of reporting Low and Medium Bugs for Bug Bounty Programs

(11:15) Reporting Out of Scope Bugs

(14:30) Reporting IDORs as Access Control Bugs

(17:28) Talkback

(18:12) PyPI's mandatory 2FA implementation for software publishers

(Start of main content)

(20:07) Starting out in bug bounty/ethical hacking

(25:00) Hacking methodology and mentorship

(28:15) Identifying Load Balancers

(33:20) Triage and live events:

(38:30) College and Computer Science vs. Cybersecurity

(45:45) Importance of writing for the Hacker Community

(51:21) Storytelling and report writing.

(55:00) When to stop doing recon and start hacking

(01:00:58) Lessons Learned from BreachlessAI and the pivot to Boring Mattress Co.

Avsnitt(166)

Episode 118: Hacking Happy Hour: 0days on Tap and SQLi Shots

Episode 118: Hacking Happy Hour: 0days on Tap and SQLi Shots

Episode 118: In this episode of Critical Thinking - Bug Bounty Podcast we cover a host of news, including clientside tidbits, “Credentialless” iframes, prototype pollution, and what constitutes a poly...

10 Apr 202558min

Episode 117: Hacking AI Series: Vulnus ex Machina - Part 1

Episode 117: Hacking AI Series: Vulnus ex Machina - Part 1

Episode 117: In this episode of Critical Thinking - Bug Bounty Podcast Joseph introduces Vulus Ex Machina: A 3-part mini-series on hacking AI applications. In this part, he lays the groundwork and foc...

3 Apr 202532min

Episode 116: Auth Bypasses and Google VRP Writeups

Episode 116: Auth Bypasses and Google VRP Writeups

Episode 116: In this episode of Critical Thinking - Bug Bounty Podcast Justin gives a quick rundown of Portswigger’s SAML Roulette writeup, as well as some Google VRP reports, and a Next.js middleware...

27 Mars 202526min

Episode 115: Mentee to Career Hacker - Mokusou (So Sakaguchi)

Episode 115: Mentee to Career Hacker - Mokusou (So Sakaguchi)

Episode 115: In this episode of Critical Thinking - Bug Bounty Podcast Justin and So Sakaguchi sit down to walk through some recent bugs, before having a live mentorship session. They also talk about ...

20 Mars 20251h 40min

Episode 114: Single Page Application Hacking Playbook

Episode 114: Single Page Application Hacking Playbook

Episode 114: In this episode of Critical Thinking - Bug Bounty Podcast we’re diving into SPA and how to attack them.We also cover a host of news items, including some bug write-ups, AI updates, and a ...

13 Mars 20251h 22min

Episode 113: Best Technical Takeaways from Portswigger Top 10 2024

Episode 113: Best Technical Takeaways from Portswigger Top 10 2024

Episode 113: In this episode of Critical Thinking - Bug Bounty Podcast we’re breaking down the Portswigger Top 10 from 2024. There’s some bangers in here!Follow us on X at: https://x.com/ctbbpodcastGo...

6 Mars 20251h 29min

Episode 112: Interview with Ciarán Cotter (MonkeHack) - Critical Lab Researcher and Full-time Hunter

Episode 112: Interview with Ciarán Cotter (MonkeHack) - Critical Lab Researcher and Full-time Hunter

Episode 112: In this episode of Critical Thinking - Bug Bounty Podcast Joseph Thacker is joined by Ciarán Cotter (Monke) to share his bug hunting journey and give us the rundown on some recent client-...

27 Feb 20251h 7min

Episode 111: How to Bypass DOMPurify in Bug Bounty with Kevin Mizu

Episode 111: How to Bypass DOMPurify in Bug Bounty with Kevin Mizu

Episode 111: In this episode of Critical Thinking - Bug Bounty Podcast Justin interviews Kevin Mizu to showcase his knowledge regarding DOMPurify and its misconfigurations. We walk through some of Kev...

20 Feb 20251h 49min

Populärt inom Teknik

uppgang-och-fall
elbilsveckan
market-makers
rss-elektrikerpodden
bilar-med-sladd
skogsforum-podcast
rss-veckans-ai
har-vi-akt-till-mars-an
natets-morka-sida
gubbar-som-tjotar-om-bilar
developers-mer-an-bara-kod
rss-laddstationen-med-elbilen-i-sverige
rss-technokratin
rss-uppgang-och-fall
rss-it-sakerhetspodden
ai-sweden-podcast
bli-saker-podden
rss-powerboat-sverige-podcast
rss-snacka-om-ai
rss-ai-med-katarina-gospic-och-viggo-cavling