Episode 61: A Hacker on Wall Street - JR0ch17
Critical Thinking - Bug Bounty Podcast7 Mars 2024

Episode 61: A Hacker on Wall Street - JR0ch17

Episode 61: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by Jasmin Landry to share some stories about startup security, bug bounty, and the challenges of balancing both. He also shares his methodology for discovering OAuth-related bugs, highlights some differences between structured learning and self-teaching, and then walks us through a couple arbitrary ATO’s and SSTI to RCE bugs he’s found lately.

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Today’s Guest: Jasmin Landry

https://twitter.com/JR0ch17

Resources:

Dirty Dancing blog post

https://labs.detectify.com/writeups/account-hijacking-using-dirty-dancing-in-sign-in-oauth-flows/

OAuth 2.0 Threat Model and Security Considerations

https://datatracker.ietf.org/doc/html/rfc6819

OAuth 2.0 Security Best Current Practice

https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics

Timestamps:

(00:00:00) Introduction

(00:02:20) Meta Tag + DomPurify Bug

(00:09:36) Jasmin's Origin story

(00:28:23) Full time Bug bounty challenges

(00:36:57) Career jumps in Security and current Role

(00:47:32) OAuth Bug methodology and cool bug stories

(01:02:35) Social Engineering and Bug Bounty

(01:13:41) Arbitrary ATO bug

(01:19:41) SSTI to RCE bug

Avsnitt(161)

Episode 41: Mini Masterclass: Attack Vector Ideation

Episode 41: Mini Masterclass: Attack Vector Ideation

Episode 41: In this episode of Critical Thinking - Bug Bounty Podcast, Justin takes a break from his busy travel schedule to walk us through a few of his Attack Vector formulation strategies. We’re ke...

19 Okt 202317min

Episode 40: Bug Bounty Mentoring

Episode 40: Bug Bounty Mentoring

Episode 40: In this episode of Critical Thinking - Bug Bounty Podcast, it’s all about mentorships! Justin sits down with Kodai and So, two hackers he helped mentor, to discuss what worked and what did...

12 Okt 20231h 31min

Episode 39: The Art of Architectures

Episode 39: The Art of Architectures

Episode 39: In this episode of Critical Thinking - Bug Bounty Podcast, We're catching up on news, including new override updates from Chrome, GPT-4, SAML presentations, and even a shoutout from Live O...

5 Okt 20231h 21min

Episode 38: Mobile Hacking Maestro: Sergey Toshin

Episode 38: Mobile Hacking Maestro: Sergey Toshin

Episode 38: In this episode of Critical Thinking - Bug Bounty Podcast, we're thrilled to welcome mobile hacking maestro Sergey Toshin (aka @bagipro). We kick off with Sergey sharing his unexpected jou...

28 Sep 202343min

Episode 37: Tokyo Hacking & Interview with 0xLupin

Episode 37: Tokyo Hacking & Interview with 0xLupin

Episode 37: In this episode of Critical Thinking - Bug Bounty Podcast we're joined by none other than Lupin himself! We recap the Tokyo LHE and the lessons we learned from it before diving into his le...

21 Sep 20231h 15min

Episode 36: Bug Bounty Ethics & CT Exclusive Bug Reports

Episode 36: Bug Bounty Ethics & CT Exclusive Bug Reports

Episode 36: In this episode of Critical Thinking - Bug Bounty Podcast, Justin and Joel take a break from LHE prep to answer questions about the ethics of bug bounty and share their recent bug finds. W...

14 Sep 20231h 3min

Episode 35: King of Collaboration: Douglas Day

Episode 35: King of Collaboration: Douglas Day

Episode 35: In this episode of Critical Thinking - Bug Bounty Podcast, we're thrilled to welcome Douglas Day, a bug bounty hunter known for his unique methodologies and collaborative spirit. We talk a...

7 Sep 20231h 25min

Episode 34: Program vs Hacker Debate

Episode 34: Program vs Hacker Debate

Episode 34: In this episode of Critical Thinking - Bug Bounty Podcast, Justin and Joel have both beaten COVID and now square off against each other in a mega-debate representing hackers and program ma...

31 Aug 20232h 10min

Populärt inom Teknik

uppgang-och-fall
market-makers
elbilsveckan
bilar-med-sladd
rss-elektrikerpodden
rss-veckans-ai
skogsforum-podcast
rss-laddstationen-med-elbilen-i-sverige
natets-morka-sida
bosse-bildoktorn-och-hasse-p
bli-saker-podden
rss-uppgang-och-fall
rss-en-ai-till-kaffet
developers-mer-an-bara-kod
rss-digitala-influencer-podden
rss-it-sakerhetspodden
rss-fabriken-2
rss-sogeti-sweden-podcasts
rss-powerboat-sverige-podcast
rss-ai-med-katarina-gospic-och-viggo-cavling