Episode 45: The OG Bug Bounty King - Frans Rosen
Critical Thinking - Bug Bounty Podcast16 Nov 2023

Episode 45: The OG Bug Bounty King - Frans Rosen

Episode 45: In this episode of Critical Thinking - Bug Bounty Podcast, we're thrilled to welcome Frans Rosén, an OG bug bounty hunter and co-founder of Detectify. We kick off with Frans sharing his journey bug bounty and security startups, before diving headfirst into a host of his blog posts. We also cover the value of pseudo-code for bug exploitation, understanding developer terminology, the challenges of collaboration and delegating tasks, and balancing hacking with parenting. If you're interested in bug bounty or entrepreneurship, you won't want to miss it!

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

------ Ways to Support CTBBPodcast ------

Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.

Join our Discord!

Today's Guest:

https://twitter.com/fransrosen

Detectify

Discovering s3 subdomain takeovers

Bucket Disclose

A deep dive into AWS S3 access controls

Attacking Modern Web Technologies

Live Hacking like a MVH

Account hijacking using Dirty Dancing in sign-in OAuth flows

Timestamps:

(00:00:00) Introduction

(00:04:50) Franz Rosen's Bug Bounty Journey and the creation of Detectify

(00:13:30) Benefits of pseudo-code, typing, and thinking like a developer

(00:20:20) Hunter Methodologies

(00:35:40) Time on targets, Iteration vs. Ideation, and tips for standing out

(00:51:10) S3 subdomain takeovers

(01:05:02) Blog posting and hosting motivations

(01:13:30) Detectify and entrepreneurial endeavors

(01:29:50) Attacking Modern Web Technologies

(01:46:00) postMessage and MessagePort

(01:58:09) Live Hacking and Collaboration

(02:13:50) Account Hijacking and OAuth Flows

(02:28:48) Hacking/Parenting

Det här avsnittet är hämtat från ett öppet RSS-flöde och publiceras inte av Podme. Det kan innehålla reklam.

Avsnitt(180)

Episode 180: State of Bug Bounty Maturity Posture Report

Episode 180: State of Bug Bounty Maturity Posture Report

Episode 180: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Steve Hernandez, founder of the Bug Bounty Maturity Framework (BBMF), to walk us through the inaugural State of B...

25 Juni 1h 12min

Episode 179: Maintaining Motivation in Post-AI Bug Bounty World

Episode 179: Maintaining Motivation in Post-AI Bug Bounty World

Episode 179: In this episode of Critical Thinking - Bug Bounty Podcast we talk about how to stay motivated and keep the vibes strong during this trying time for Bug Bounty.Follow us on twitter at: htt...

18 Juni 46min

Episode 178: 600k in ~3 months - BruteCat pt 2

Episode 178: 600k in ~3 months - BruteCat pt 2

Episode 178: In this episode of Critical Thinking - Bug Bounty Podcast we’re back with BruteCat to finish up our discussion on hacking Google. This week we hit AI.Follow us on twitter at: https://x.co...

11 Juni 1h 23min

Episode 177: 2x Google RCE with VRP Legend Brutecat

Episode 177: 2x Google RCE with VRP Legend Brutecat

Episode 177: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by BruteCat to talk about his journey hacking Google Cloud, Gmail, Youtube, and Google Phone.Follow us on twitter at...

4 Juni 1h 25min

Episode 176: 600+ CVEs on Adobe AEM with Jim Green (GreenJam)

Episode 176: 600+ CVEs on Adobe AEM with Jim Green (GreenJam)

Episode 176: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by top Adobe hacker Jim Green to deep-dive AEM. We talk through Sling selectors, Permissions, and how to spot AEM Re...

28 Maj 1h 50min

Episode 175: Rhyno’s Hackbot Setup, Sick Bugs, and ZDI Drama

Episode 175: Rhyno’s Hackbot Setup, Sick Bugs, and ZDI Drama

Episode 175: In this episode of Critical Thinking - Bug Bounty Podcast we’re comparing Hackbot setups and results. We also talk about some of the recent ZDI drama, as well as the importance of freakin...

21 Maj 49min

Episode 174: Saving Bug Bounty Programs + AMPScript, tessl & GPT-5.5

Episode 174: Saving Bug Bounty Programs + AMPScript, tessl & GPT-5.5

Episode 174: In this episode of Critical Thinking - Bug Bounty Podcast we follow up from last episode with some advice for BB platforms, as well as cover a slew of writeups from Searchlight Cyber, wat...

14 Maj 1h 9min

Episode 173: Bug Bounty is Dead and AI Killed it.

Episode 173: Bug Bounty is Dead and AI Killed it.

Episode 173: In this episode of Critical Thinking - Bug Bounty Podcast we’re talking about the negative effects that AI is having on the Bug Bounty scene as a whole. Is it over, or are we so back?Foll...

7 Maj 1h 1min

Populärt inom Teknik

uppgang-och-fall
elbilsveckan
market-makers
natets-morka-sida
rss-technokratin
rss-laddstationen-med-elbilen-i-sverige
bilar-med-sladd
bli-saker-podden
skogsforum-podcast
rss-uppgang-och-fall
rss-veckans-ai
rss-elektrikerpodden
rss-snacka-om-ai
developers-mer-an-bara-kod
rss-kack-tech-podcast
har-vi-akt-till-mars-an
hej-bruksbil
ai-sweden-podcast
rss-en-ai-till-kaffet
rss-aximapodden