Episode 90: 5k Clickjacking, Encryption Oracles, and Cursor for PoCs
Critical Thinking - Bug Bounty Podcast26 Sep 2024

Episode 90: 5k Clickjacking, Encryption Oracles, and Cursor for PoCs

Episode 90: In this episode of Critical Thinking - Bug Bounty Podcast Joel and Justin recap some of their recent hacking ups and downs and have a lively chat about Cursor. Then they cover some some research about SQL Injections, Clickjacking in Google Docs, and how to steal your Telegram account in 10 seconds.

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Find the Hackernotes: https://blog.criticalthinkingpodcast.io/

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Shop our new swag store at ctbb.show/swag

Today’s Sponsor: Project Discovery - tldfinder: https://www.criticalthinkingpodcast.io/tldfinder

Resources:

Breaking Down Barriers: Exploiting Pre-Auth SQL Injection in WhatsUp Gold

Content-Type that can be used for XSS

Clickjacking Bug in Google Docs

Justin's Gadget Link

https://www.youtube.com/signin?next=https%3A%2F%2Faccounts.youtube.com%2Faccounts%2FSetSID%3Fcontinue%3Dhttps%3A%2F%2Fwww.google.com%252Famp%252fpoc.rhynorater.com

Stealing your Telegram account in 10 seconds flat

Timestamps

(00:00:00) Introduction

(00:08:28) Recent Hacks and Dupes

(00:14:00) Cursor

(00:25:02) Exploiting Pre-Auth SQL Injection in WhatsUp Gold

(00:34:17) Content-Type that can be used for XSS

(00:40:25) Caido updates

(00:43:14) Clickjacking in Google Docs, and Stealing Telegram account

Avsnitt(161)

Episode 17: LA Live Chat with Five Legendary Hackers

Episode 17: LA Live Chat with Five Legendary Hackers

Episode 17: In this episode of Critical Thinking - Bug Bounty Podcast we talk with five legendary hackers about some of their favorite bugs. Live. From LA.Corben Leo “Lorben CEO” @hacker_Sam “ZLZ” “ZO...

4 Maj 202347min

Episode 16: The Hacker's Toolkit

Episode 16: The Hacker's Toolkit

Episode 16: In this episode of Critical Thinking - Bug Bounty Podcast we talk about the hacker’s toolkit. Joel and Justin talk about their VPS setup, go-to hacking tools, most often used Linux command...

20 Apr 20231h 17min

Episode 15: The Israeli Million-Dollar Hacker

Episode 15: The Israeli Million-Dollar Hacker

Episode 15: In this episode of Critical Thinking - Bug Bounty Podcast we talk with the latest Million-Dollar bug bounty hunter: @naglinagli . He talks about his climb from $1,000 in bounties to $1,000...

13 Apr 20231h 8min

Episode 14: Mobile Hacking Dynamic Analysis w/ Frida + Random Hacker Stuff

Episode 14: Mobile Hacking Dynamic Analysis w/ Frida + Random Hacker Stuff

Episode 14: In this episode of Critical Thinking - Bug Bounty Podcast we talk about Dynamic Analysis within Mobile Hacking and a bunch of random hacker stuff. It's a good time. Enjoy the pod.Follow us...

6 Apr 20231h 21min

Episode 13: How to Find a Good BBP + Acropalypse + ZDI

Episode 13: How to Find a Good BBP + Acropalypse + ZDI

Episode 13: In this episode of Critical Thinking - Bug Bounty Podcast we talk about how to determine if a bug bounty program is good or not from the policy page. We also cover some news including Acro...

30 Mars 20231h 16min

Episode 12: JHaddix on Hacker->Hacker CISO, OG Hacking Techniques, and Crazy Reports

Episode 12: JHaddix on Hacker->Hacker CISO, OG Hacking Techniques, and Crazy Reports

Episode 12: In this episode of Critical Thinking - Bug Bounty Podcast we talk with Jason Haddix about his eclectic hacking techniques, Hacker -> Hacker CISO life, and some crazy vulns he found. This e...

23 Mars 20231h 46min

Episode 11: CV$$, Web Cache Deception, and SSTI

Episode 11: CV$$, Web Cache Deception, and SSTI

Episode 11: In this episode of Critical Thinking - Bug Bounty Podcast we talk about CVSS (the good, the bad, and the ugly), Web Cache Deception (an underrated vuln class) and a sick SSTI Joel and Fish...

16 Mars 20231h 3min

Episode 10: The Life of a Full-Time Bug Bounty Hunter + BB News + Reports from Mentees

Episode 10: The Life of a Full-Time Bug Bounty Hunter + BB News + Reports from Mentees

Episode 10: In this episode of Critical Thinking - Bug Bounty Podcast we talk about what its like to be a full-time bug bounty hunter, a tonne of bug bounty news, and some great report summaries from ...

9 Mars 20231h 16min

Populärt inom Teknik

uppgang-och-fall
market-makers
elbilsveckan
bilar-med-sladd
rss-elektrikerpodden
rss-veckans-ai
skogsforum-podcast
rss-laddstationen-med-elbilen-i-sverige
natets-morka-sida
bosse-bildoktorn-och-hasse-p
bli-saker-podden
rss-uppgang-och-fall
rss-en-ai-till-kaffet
developers-mer-an-bara-kod
rss-digitala-influencer-podden
rss-it-sakerhetspodden
rss-fabriken-2
rss-sogeti-sweden-podcasts
rss-powerboat-sverige-podcast
rss-ai-med-katarina-gospic-och-viggo-cavling