Episode 142: gr3pme's full-time hunting journey update, insane AI research, and some light news

Episode 110: In this episode of Critical Thinking - Bug Bounty Podcast we hit some quick news items including a DOMPurify 3.2.3 Bypass, O3 mini updates, and a cool postLogger Chrome Extension. Then, we hone in on OAuth vulnerabilities, API keys, and innovative techniques hackers use to exploit these systems.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to https://x.com/realytcracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!====== Resources ======DOMPurify 3.2.3 BypassJason Zhou's post about O3 miniLive Chat Blog #2: Cisco Webex ConnectpostLogger Chrome ExtensionpostLogger Webstore LinkCommon OAuth VulnerabilitiesnOAuth: How Microsoft OAuth Misconfiguration Can Lead to Full Account TakeoverAccount Takeover using SSO LoginsKai Greshake====== Timestamps ======(00:00:00) Introduction(00:01:44) DOMPurify 3.2.3 Bypass(00:06:37) O3 mini(00:10:29) Ophion Security: Cisco Webex Connect(00:15:54) Discord Community News(00:19:12) postLogger Chrome Extension(00:21:04) Common OAuth Vulnerabilities & Lessons learned from Google’s APIs

13 Feb 49min

Episode 109: In this episode of Critical Thinking - Bug Bounty Podcast we start off with a quick recap of some of the DeepSeek Drama that’s been going down, and discuss AI in CAPTCHA and 2FA as well. Then we switch to cover some other news before settling in to talk about Alternative Recon TechniquesFollow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to https://x.com/realytcracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter:https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today’s Sponsor - ThreatLocker. Check out their Managed Detection and Response!====== Resources ======ResourcesWiz Research Uncovers Exposed DeepSeek DatabaseBypass Bot DetectionTweet from sw33tLiersc 2faStealing HttpOnly cookies with the cookie sandwich techniqueReport Pointers for Collaborative ChainsClone2Leak: Your Git Credentials Belong To UsDeanonymization via cacheGoogleChrome related-website-sets====== Timestamps ======(00:00:00) Introduction(00:02:03) DeepSeek debacle and Bypass Bot Detection(00:23:48) Stealing HttpOnly cookies with the cookie sandwich technique(00:30:54) Report Pointers for Collaborative Chains(00:34:43) Clone2Leak: Your Git Credentials Belong To Us(00:40:04) Deanonymization for Signal and Discord(00:41:53) Alternative Recon Techniques

6 Feb 1h 1min

Episode 108: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph bring on Aaron Costello to discuss SaaS security and misconfigurations as a bug class. He also gives some in-depth examples from Salesforce, ServiceNow, and Power Pages.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to https://x.com/realytcracker for the awesome intro music!====== Links ======Follow your hosts on Twitter:https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today’s Sponsor: AppOmni. Get AppOmni's Definitive Guide to SaaS Security https://www.criticalthinkingpodcast.io/AppOmniToday’s Guest:https://x.com/ConspiracyProof====== Resources ======Aaron's Bloghttps://www.enumerated.ie/Data Exposure and ServiceNow: The Elephant in the ITSM Roomhttps://www.enumerated.ie/index/servicenow-data-exposureSalesforce Lightning - An in-depth look at exploitation vectors for the everyday communityhttps://www.enumerated.ie/index/salesforceLightning Components: A Treatise on ApexSecurity from an External Perspectivehttps://go.appomni.com/hubfs/Collateral/AppOmni_Labs_White_Paper_Apex_Security.pdf?utm_campaign=Network%20Computing&utm_source=referral&utm_content=network_computingMicrosoft Power Pages: Data Exposure Reviewedhttps://appomni.com/ao-labs/microsoft-power-pages-data-exposure-reviewed/====== Timestamps ======(00:00:00) Introduction(00:03:00) Aaron Costello, Arbitrary File Upload, & App Cache Manifest Poison bug(00:13:37) SAAS Misconfigurations as a bug class(00:43:27) SalesForce Misconfigurations(01:11:30) Microsoft Power Pages

30 Jan 1h 31min

Episode 107: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph are tackling the subject of cross-origin security headers. They also cover some news items including Google’s OAuth login flaw, RAINK, and gift card hacking.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to https://x.com/realytcracker for the awesome intro music!====== Links ======Follow your hosts on Twitter:https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today’s Sponsor - ThreatLocker. Check out their Managed Detection and Response! https://www.criticalthinkingpodcast.io/tl-mdr====== Resources ======A Proud Dad's Tale of Two Bug Hunting Daughters and Their Responsible DisclosuresGoogle’s OAuth login flawRez0's Ai tweetRez0's Follow-upRaink from BishopFoxGift cards security researchTop 10 web hacking techniques of 2024Cross-Origin-Opener-Policy: preventing attacks from popups====== Timestamps ======(00:00:00) Introduction(00:05:13) Hacking with your kids(00:09:46) H1/bc pentests(00:12:23) Google’s OAuth login flaw(00:18:01) Raink & Rez0's AI tweets(00:28:46) Giftcard hacking & Portswigger top 10 voting(00:34:23) Cross Origin Web Headers

23 Jan 1h 6min

Episode 106: In this episode of Critical Thinking - Bug Bounty Podcast we are pleased to announce our new co-host of the podcast: Joseph Thacker Aka Rez0! We discuss Joseph's transition to full-time bug bounty hunting, his goals, and what he’s looking forward to bringing to the pod. We also cover some news items including doubleclickjacking, character set attacks, SVG XSS, and more.Follow us on twitter at: @ctbbpodcastFeel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Rez0 on twitter:https://x.com/Rhynoraterhttps://x.com/rez0__------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Check out our new SWAG store at https://ctbb.show/swag!ResourcesDoubleClickjacking: A New Era of UI Redressinghttps://www.paulosyibelo.com/2024/12/doubleclickjacking-what.htmlXBOW Validation Benchmarkshttps://github.com/xbow-engineering/validation-benchmarksJorian tweethttps://x.com/J0R1AN/status/1871586792455163975Simplified Payloadhttps://portswigger-labs.net/xss/charset.php?x=%1b$B%1b(B%3Ca%20href=javas%1B(Jcript:alert(1)%3Etest%3C/a%3E&charset=SVG XSS Payloadhttps://x.com/garethheyes/status/1876953751245783534curl-cffihttps://pypi.org/project/curl-cffi/Bypassing File Upload Restrictions To Exploit CSPThttps://blog.doyensec.com/2025/01/09/cspt-file-upload.htmlAI-Crash-Coursehttps://github.com/henrythe9th/AI-Crash-Course?tab=readme-ov-fileTimestamps(00:00:00) Introduction(00:02:15) Rez0's journey to Full-time hunter, Tool developer, and new Co-host(00:21:04) DoubleClickjacking(00:31:48) XBOW Validation Benchmarks, Charset Thoughts, and SVG XSS(00:42:28) curl-cffi, CSPT, and AI Crash Course

16 Jan 58min

Episode 105: In this episode of Critical Thinking - Bug Bounty Podcast we're back with another Best-of episode recapping some of our top moments of 2024.Follow us on twitter at: @ctbbpodcastSsend us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Rez0 on twitter:https://x.com/Rhynoraterhttps://x.com/rez0__------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Check out our new SWAG store at https://ctbb.show/swag!Today’s Sponsor - ThreatLocker. Check out their Elevation Control! https://www.criticalthinkingpodcast.io/tl-ecResourcesEpisode 53ctbb.show/53Episode 59ctbb.show/59Episode 65ctbb.show/65Episode 69ctbb.show/69Episode 80ctbb.show/80Episode 81ctbb.show/81Episode 86ctbb.show/86Episode 87ctbb.show/87Episode 91ctbb.show/91Episode 93ctbb.show/93Episode 99ctbb.show/99Timestamps(00:00:00) Introduction(00:03:59) Episode 53(00:17:12) Episode 59(00:32:45) Episode 65(00:48:08) Episode 69(01:02:37) Episode 80(01:18:09) Episode 81(01:28:59) Episode 86(01:41:04) Episode 87(01:54:48) Episode 91(02:01:48) Episode 93(02:09:37) Episode 99

9 Jan 2h 17min

Episode 104: In this episode of Critical Thinking - Bug Bounty Podcast Justin reflects upon the past year and walks through some of the bug bounty goals he had for 2024, and how he feels like he did. Then he sets some goals for 2025, as well as some exciting CT news for the coming year.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Rez0 on X:https://x.com/rhynoraterhttps://x.com/rez0__------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Check out our new SWAG store at https://ctbb.show/swag!ResourcesCTBB Full Time Guildctbb.show/ftCritical Research Labctbb.show/crlCT Episode 51 - 2024 Goalshttps://www.criticalthinkingpodcast.io/episode-51-hacker-stats-2023-2024-goals/Personal BB inventory and goalshttps://ctbb.show/blogTimestamps(00:00:00) introduction(00:00:57) Critical Thinking 2025 Announcements(00:04:21) Personal Inventory of 2024(00:24:05) Goals for 2025

2 Jan 29min

Episode 103: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph delve into the vulnerabilities associated with ANSI codes and large language models (LLMs), as well as talk through some new research and the value of micro-blogging in general.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord!We offer Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Check out our new SWAG store!Join our Shift waitlist!Today’s Sponsor - ThreatLocker. Check out their Elevation Control! https://www.criticalthinkingpodcast.io/tl-ecResources_json Juggling AttackCross-Site POST Requests Without a Content-Type HeaderWorst FitOrange Tsai on Worst FitHandling Cookies is a MinefieldTerminal DiLLMaXS-Leaking flags with CSS: A CTFd 0dayHacking Back the AI-HackerJohann Computer use demoHow I Became The Most Valuable HackerTimestamps(00:00:00) Introduction(00:01:39) _json Juggling Attack and Cross-Site POST Requests Without a Content-Type Header(00:10:55) Worst Fit and Unicode Mapping(00:20:08) Handling Cookies is a Minefield(00:28:11) Terminal DiLLMa & CTFd 0day(00:41:18) Hacking Back the AI-Hacker(00:47:30) Becoming Most Valuable Hacker

26 Dec 20241h