Episode 103: Getting ANSI about Unicode Normalization
Critical Thinking - Bug Bounty Podcast26 Dec 2024

Episode 103: Getting ANSI about Unicode Normalization

Episode 103: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph delve into the vulnerabilities associated with ANSI codes and large language models (LLMs), as well as talk through some new research and the value of micro-blogging in general.

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord!

We offer Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Check out our new SWAG store!

Join our Shift waitlist!

Today’s Sponsor - ThreatLocker. Check out their Elevation Control! https://www.criticalthinkingpodcast.io/tl-ec

Resources

_json Juggling Attack

Cross-Site POST Requests Without a Content-Type Header

Worst Fit

Orange Tsai on Worst Fit

Handling Cookies is a Minefield

Terminal DiLLMa

XS-Leaking flags with CSS: A CTFd 0day

Hacking Back the AI-Hacker

Johann Computer use demo

How I Became The Most Valuable Hacker

Timestamps

(00:00:00) Introduction

(00:01:39) _json Juggling Attack and Cross-Site POST Requests Without a Content-Type Header

(00:10:55) Worst Fit and Unicode Mapping

(00:20:08) Handling Cookies is a Minefield

(00:28:11) Terminal DiLLMa & CTFd 0day

(00:41:18) Hacking Back the AI-Hacker

(00:47:30) Becoming Most Valuable Hacker

Avsnitt(171)

Episode 139: James Kettle - Pwning in Prod & How to do Web Security Research

Episode 139: James Kettle - Pwning in Prod & How to do Web Security Research

Episode 139: In this episode of Critical Thinking - Bug Bounty Podcast Justin finally sits down with the great James Kettle to talk about HTTP Proxys, metagaming research, avoiding burnout, and why HT...

11 Sep 20252h 21min

Episode 138: Caido Tools and Workflows

Episode 138: Caido Tools and Workflows

Episode 138: In this episode of Critical Thinking - Bug Bounty Podcast We’re talking Caido tools and workflows. Justin gives us a list of some of the Caido tools that have caught his interest, as well...

4 Sep 202522min

Episode 137: How We Do AI-Assisted Whitebox Review, New CSPT Gadgets, and Tools from SLCyber

Episode 137: How We Do AI-Assisted Whitebox Review, New CSPT Gadgets, and Tools from SLCyber

Episode 137: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner and Joseph Thacker reunite to talk about AI Hacking Assistants, CSPT and cache deception, and a bunch of tools lik...

28 Aug 202549min

Episode 136: Hacking Cluely, AI Prod Sec, and How To Not Get Sued with Jack Cable

Episode 136: Hacking Cluely, AI Prod Sec, and How To Not Get Sued with Jack Cable

Episode 136: In this episode of Critical Thinking - Bug Bounty Podcast, Joseph Thacker sits down with Jack Cable to get the scoop on a significant bug in Cluely’s desktop application, as well as the r...

21 Aug 202550min

Episode 135: Akamai's Ryan Barnett on WAFs, Unicode Confusables, and Triage Stories

Episode 135: Akamai's Ryan Barnett on WAFs, Unicode Confusables, and Triage Stories

Episode 135: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Ryan Barnett for a deep dive on WAFs. We also recap his Exploiting Unicode Normalization talk from DEFCON, ...

14 Aug 20251h 26min

Episode 134: XBOW - AI Hacking Agent and Human in the Loop with Diego Djurado

Episode 134: XBOW - AI Hacking Agent and Human in the Loop with Diego Djurado

Episode 134: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Diego Djurado to give us the scoop on XBOW. We cover a little about its architecture and approach to hunting, the...

4 Aug 20251h 53min

Episode 133: Building Hacker Communities - Bug Bounty Village, getDisclosed, and the LHE Squad

Episode 133: Building Hacker Communities - Bug Bounty Village, getDisclosed, and the LHE Squad

Episode 133: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Harley and Ari from H1 to talk some about community management roles within Bug Bounty, as well as discuss the ev...

31 Juli 20251h 16min

Episode 132: Archive Testing Methodology with Mathias Karlsson

Episode 132: Archive Testing Methodology with Mathias Karlsson

Episode 132: In this episode of Critical Thinking - Bug Bounty Podcast, Justin Gardner is joined by Mathias Karlsson to discuss vulnerabilities associated with archives. They talk about his new tool, ...

24 Juli 20251h 49min

Populärt inom Teknik

uppgang-och-fall
elbilsveckan
bilar-med-sladd
market-makers
rss-uppgang-och-fall
rss-elektrikerpodden
rss-laddstationen-med-elbilen-i-sverige
rss-veckans-ai
skogsforum-podcast
gubbar-som-tjotar-om-bilar
har-vi-akt-till-mars-an
rss-powerboat-sverige-podcast
developers-mer-an-bara-kod
bli-saker-podden
hej-bruksbil
rss-en-ai-till-kaffet
natets-morka-sida
rss-technokratin
rss-sakerhetspodcasten
rss-snacka-om-ai