Episode 140: Crit Research Lab Update & Client-Side Tricks Galore
Critical Thinking - Bug Bounty Podcast18 Sep 2025

Episode 140: Crit Research Lab Update & Client-Side Tricks Galore

Episode 140: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph give an update from The Crit Research Lab, as well as some writeups on postMessage vulnerabilities, Cookie Chaos, and more.

Follow us on X at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Send us feedback at info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater and Rez0

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord!

Get some hacker swag here!

====== This Week in Bug Bounty ======

Cross-site request forgery

HackerOne New Milestone Program

Email santerra.holler@bugcrowd.com for media opportunities

====== Resources ======

Exploiting Web Worker XSS with Blobs

Critical Research Lab

Rez0's Tweet

CVE-2022-21703: cross-origin request forgery against Grafana

Conversation about Forcing Quirks Mode

AI Busniess Logic & POC or GTFO

Hunting postMessage Vulnerabilities – Part 1

Hunting postMessage Vulnerabilities – Part 2

Executive Offense

Cookie Chaos: How to bypass Host and Secure cookie prefixes

====== Timestamps ======

(00:00:00) Introduction

(00:05:48) Crit Research Update

(00:13:00) Encouragement & Collaboration

(00:19:37) Cross-origin request forgery & Anthropic's web fetch

(00:29:17) Quirks Mode, AI Business Logic & POC or GTFO

(00:44:21) Hunting postMessage & Claude Code browserbase

(00:51:25) Community story, Executive Offense, & Cookie Chaos

Avsnitt(161)

Episode 137: How We Do AI-Assisted Whitebox Review, New CSPT Gadgets, and Tools from SLCyber

Episode 137: How We Do AI-Assisted Whitebox Review, New CSPT Gadgets, and Tools from SLCyber

Episode 137: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner and Joseph Thacker reunite to talk about AI Hacking Assistants, CSPT and cache deception, and a bunch of tools lik...

28 Aug 202549min

Episode 136: Hacking Cluely, AI Prod Sec, and How To Not Get Sued with Jack Cable

Episode 136: Hacking Cluely, AI Prod Sec, and How To Not Get Sued with Jack Cable

Episode 136: In this episode of Critical Thinking - Bug Bounty Podcast, Joseph Thacker sits down with Jack Cable to get the scoop on a significant bug in Cluely’s desktop application, as well as the r...

21 Aug 202550min

Episode 135: Akamai's Ryan Barnett on WAFs, Unicode Confusables, and Triage Stories

Episode 135: Akamai's Ryan Barnett on WAFs, Unicode Confusables, and Triage Stories

Episode 135: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Ryan Barnett for a deep dive on WAFs. We also recap his Exploiting Unicode Normalization talk from DEFCON, ...

14 Aug 20251h 26min

Episode 134: XBOW - AI Hacking Agent and Human in the Loop with Diego Djurado

Episode 134: XBOW - AI Hacking Agent and Human in the Loop with Diego Djurado

Episode 134: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Diego Djurado to give us the scoop on XBOW. We cover a little about its architecture and approach to hunting, the...

4 Aug 20251h 53min

Episode 133: Building Hacker Communities - Bug Bounty Village, getDisclosed, and the LHE Squad

Episode 133: Building Hacker Communities - Bug Bounty Village, getDisclosed, and the LHE Squad

Episode 133: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Harley and Ari from H1 to talk some about community management roles within Bug Bounty, as well as discuss the ev...

31 Juli 20251h 16min

Episode 132: Archive Testing Methodology with Mathias Karlsson

Episode 132: Archive Testing Methodology with Mathias Karlsson

Episode 132: In this episode of Critical Thinking - Bug Bounty Podcast, Justin Gardner is joined by Mathias Karlsson to discuss vulnerabilities associated with archives. They talk about his new tool, ...

24 Juli 20251h 49min

Episode 131: SL Cyber Writeups, Bug Bounty Metastrategy, and Orphaned Github Commits

Episode 131: SL Cyber Writeups, Bug Bounty Metastrategy, and Orphaned Github Commits

Episode 131: In this episode of Critical Thinking - Bug Bounty Podcast we're covering Christmas in July with several banger articles from Searchlight Cyber, as well as covering things like Raycast for...

17 Juli 202550min

Episode 130: Minecraft Hacks to Google Hacking Star - Valentino

Episode 130: Minecraft Hacks to Google Hacking Star - Valentino

Episode 130: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by Valentino, who shares his journey from hacking Minecraft to becoming a Google hunter. He talks us through sev...

10 Juli 20251h 8min

Populärt inom Teknik

uppgang-och-fall
elbilsveckan
market-makers
bilar-med-sladd
natets-morka-sida
rss-elektrikerpodden
rss-laddstationen-med-elbilen-i-sverige
rss-veckans-ai
skogsforum-podcast
bli-saker-podden
bosse-bildoktorn-och-hasse-p
rss-uppgang-och-fall
rss-en-ai-till-kaffet
rss-ai-med-katarina-gospic-och-viggo-cavling
rss-technokratin
developers-mer-an-bara-kod
rss-digitala-influencer-podden
rss-sogeti-sweden-podcasts
rss-fabriken-2
rss-snacka-om-ai