Episode 47: CSP Research, Iframe Hopping, and Client-side Shenanigans
Critical Thinking - Bug Bounty Podcast30 Nov 2023

Episode 47: CSP Research, Iframe Hopping, and Client-side Shenanigans

Episode 47: In this episode of Critical Thinking - Bug Bounty Podcast, the holidays are fast approaching, and Justin and Joel discuss some of the struggles of getting back into the hacking groove during and after breaks. We also celebrate the newly launched Critical Thinking Discord Community before diving into Iframe Sandwhiches, JS Hoisting, CSP Bypasses, and a host of new tools, techniques, and tangents.

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

------ Ways to Support CTBBPodcast ------

Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.

Hop on the CTBB Discord at https://ctbb.show/discord!

ThankUNext

jswzl

Rapid API

SSRF Utility tool by Bebiks

Tweet from Johan Carlsson

Burp Extension from Google VRP

Justin's Tweet about JS Hoisting

Bypass CSP Using WordPress

How to trick CSP in letting you run whatever you want

Timestamps:

(00:00:00) Introduction

(00:01:58) Overcoming Bug Bounty struggles and getting back into the hacking groove

(00:07:46) Taking notes and sticking to one program

(00:14:50) Critical Thinking Discord, Community highlights, and Competition vs Collaboration

(00:22:25) Secondary context bugs and Automationism

(00:28:42) ThankUNext and Client-side Paths

(00:33:45) Tool Tangents: Jswzl, Caido, Postman, and Rapid API

(00:46:49) New SSRF Utility tool by Bebiks and the continuing evolution of hacking tools

(00:51:45) Iframe Sandwiches

(00:58:54) News Items

(01:06:12) JS Hoisting

(01:15:05) CSP Bypasses

Avsnitt(165)

Episode 101: CTBB Hijacked: Rez0__ on AI Attack Vectors with Johann Rehberger

Episode 101: CTBB Hijacked: Rez0__ on AI Attack Vectors with Johann Rehberger

Episode 101: In this episode of Critical Thinking - Bug Bounty Podcast we’ve been hijacked! Rez0 takes control of this episode, and sits down with Johann Rehberger to discuss the intricacies of AI app...

12 Dec 202451min

Ep 100 - 8 Fav Bugs of 2024, Farewell Joel, Hello Shift - Cursor of Hacking

Ep 100 - 8 Fav Bugs of 2024, Farewell Joel, Hello Shift - Cursor of Hacking

Episode 100: In this episode of Critical Thinking - Bug Bounty Podcast we have a mixed bag. We celebrate 100 episodes of Critical Thinking, but also bid farewell to Joel, who will be leaving the show ...

5 Dec 20241h 41min

Episode 99: Back to the Basics - Web Fundamental to 100k a Year in Bug Bounty

Episode 99: Back to the Basics - Web Fundamental to 100k a Year in Bug Bounty

Episode 99: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Roni dissect an old thread of Justin's talking about how best to start bug bounty with the goal of making $100k in the ...

28 Nov 20241h 42min

Episode 98: Team 82 Sharon Brizinov - The Live Hacking Polymath

Episode 98: Team 82 Sharon Brizinov - The Live Hacking Polymath

Episode 98: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner sits down with Sharon,to discuss his journey from early iOS development to leading a research team at Claroty. They...

21 Nov 20241h 43min

Episode 97: Bcrypt Hash Input Truncation & Mobile Device Threat Modeling

Episode 97: Bcrypt Hash Input Truncation & Mobile Device Threat Modeling

Episode 97: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel jump into some cool news items, including a recent Okta Bcrypt vulnerability, insights into crypto bugs, and some ...

14 Nov 202453min

Episode 96: Cookies & Caching with MatanBer

Episode 96: Cookies & Caching with MatanBer

Episode 96: In this episode of Critical Thinking - Bug Bounty Podcast we’re back with Matanber to hit some stuff we ran out of time on last episode. We talk about advanced cookie parsing techniques an...

7 Nov 202449min

Episode 95: Attacking Chrome Extensions with MatanBer - Big Impact on the Client-Side

Episode 95: Attacking Chrome Extensions with MatanBer - Big Impact on the Client-Side

Episode 95: In this episode of Critical Thinking - Bug Bounty Podcast In this episode, Justin is joined by MatanBer to delve into the intricacies of browser extensions. We talk about the structure and...

31 Okt 20241h 56min

Episode 94: Zendesk Fiasco & the CTBB Naughty List

Episode 94: Zendesk Fiasco & the CTBB Naughty List

Episode 94: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel give their perspectives on the recent Zendesk fiasco and the ethical considerations surrounding it. They also high...

24 Okt 202449min

Populärt inom Teknik

uppgang-och-fall
elbilsveckan
market-makers
bilar-med-sladd
rss-elektrikerpodden
natets-morka-sida
rss-laddstationen-med-elbilen-i-sverige
skogsforum-podcast
rss-technokratin
rss-veckans-ai
rss-uppgang-och-fall
har-vi-akt-till-mars-an
developers-mer-an-bara-kod
bli-saker-podden
teknikveckan
ai-sweden-podcast
rss-it-sakerhetspodden
rss-digitala-influencer-podden
rss-powerboat-sverige-podcast
rss-snacka-om-ai