Hacking AI Series: Vulnus ex Machina - Part 1

Critical Thinking - Bug Bounty Podcast

Player FM - Internet Radio Done Right

44 subscribers

הוסף לפני two שנים

תוכן מסופק על ידי Justin Gardner (Rhynorater) & Joseph Thacker (Rez0), Justin Gardner (Rhynorater), and Joseph Thacker (Rez0). כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Justin Gardner (Rhynorater) & Joseph Thacker (Rez0), Justin Gardner (Rhynorater), and Joseph Thacker (Rez0) או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.

Carol Costello Presents: The God Hook

1
1 | The False Prophet 34:56

לפני 8 ימים34:56

הפעל מאוחר יותר

רשימות

לייק

אהבתי

34:56

In this premiere episode of "The God Hook," host Carol Costello introduces the chilling story of Richard Beasley, infamously known as the Ohio Craigslist Killer. In previously unreleased jailhouse recordings, Beasley portrays himself as a devout Christian, concealing his manipulative and predatory behavior. As the story unfolds, it becomes clear that Beasley's deceitfulness extends beyond the victims he buried in shallow graves. Listen to the preview of a bonus conversation between Carol and Emily available after the episode. Additional info at carolcostellopresents.com . Do you have questions about this series? Submit them for future Q&A episodes . Subscribe to our YouTube channel to see additional videos, photos, and conversations. For early and ad-free episodes and exclusive bonus content, subscribe to the podcast via Supporting Cast or Apple Podcasts. EPISODE CREDITS Host - Carol Costello Co-Host - Emily Pelphrey Producer - Chris Aiola Sound Design & Mixing - Lochlainn Harte Mixing Supervisor - Sean Rule-Hoffman Production Director - Brigid Coyne Executive Producer - Gerardo Orlando Original Music - Timothy Law Snyder SPECIAL THANKS Kevin Huffman Zoe Louisa Lewis GUESTS Doug Oplinger - Former Managing Editor of the Akron Beacon Journal Volkan Topalli - Professor of Criminal Justice and Criminology Amir Hussain - Professor of Theological Studies Learn more about your ad choices. Visit megaphone.fm/adchoices Support our show by becoming a premium member! https://evergreenpodcasts.supportingcast.fm…

לפני שנה 32:20

MP3•בית הפרקים

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater and Rez0 on Twitter:

https://x.com/Rhynorater

https://x.com/rez0__

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

====== Resources ======

Building Reliable Web Agents

https://x.com/pk_iv/status/1904178892723941777

17 security checks from VIBE to PRODUCTION

https://x.com/Kaamiiaar/status/1902342578185630000

How to Hack AI Agents and Applications

https://josephthacker.com/hacking/2025/02/25/how-to-hack-ai-apps.html

AI Crash Course Repo

https://github.com/henrythe9th/ai-crash-course

Deep Dive into LLMs like ChatGPT

https://www.youtube.com/watch?v=7xTGNNLPyMI

====== Timestamps ======

(00:00:00) Introduction

(00:01:54) AI News

(00:08:09) How to Hack AI Agents and Applications

(00:14:26) The Recon Process

(00:25:06) Initial Probing & Steering

120 פרקים

#Tech #Justin Gardner (Rhynorater

Critical Thinking - Bug Bounty Podcast

Hacking AI Series: Vulnus ex Machina - Part 1

Critical Thinking - Bug Bounty Podcast

44 subscribers

published לפני שנה

שתפו

MP3•בית הפרקים

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater and Rez0 on Twitter:

https://x.com/Rhynorater

https://x.com/rez0__

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

====== Resources ======

Building Reliable Web Agents

https://x.com/pk_iv/status/1904178892723941777

17 security checks from VIBE to PRODUCTION

https://x.com/Kaamiiaar/status/1902342578185630000

How to Hack AI Agents and Applications

https://josephthacker.com/hacking/2025/02/25/how-to-hack-ai-apps.html

AI Crash Course Repo

https://github.com/henrythe9th/ai-crash-course

Deep Dive into LLMs like ChatGPT

https://www.youtube.com/watch?v=7xTGNNLPyMI

====== Timestamps ======

(00:00:00) Introduction

(00:01:54) AI News

(00:08:09) How to Hack AI Agents and Applications

(00:14:26) The Recon Process

(00:25:06) Initial Probing & Steering

120 פרקים

#Tech #Justin Gardner (Rhynorater

Όλα τα επεισόδια

Critical Thinking - Bug Bounty Podcast

1
Episode 120: SpaceRaccoon - From Day Zero to Zero Day 1:36:57

לפני 5 ימים1:36:57

1:36:57

Episode 120: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner welcomes Eugene to talk (aka fanboy) about his new book, 'From Day Zero to Zero Day.' We walk through what to expect in each chapter, including Binary Analysis, Source and Sink Discovery, and Fuzzing everything.Then we give listeners a special deal on the book. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater https://x.com/rez0__ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch ! Today’s Sponsor - ThreatLocker User Store https://www.criticalthinkingpodcast.io /tl-userstore Today’s guest: https://x.com/spaceraccoonsec ====== Resources ====== Buy SpaceRaccoon's Book: From Day Zero to Zero Day https://nostarch.com/zero-day USE CODE 'ZERODAYDEAL' for 30% OFF Pwning Millions of Smart Weighing Machines with API and Hardware Hacking https://spaceraccoon.dev/pwning-millions-smart-weighing-machines-api-hardware-hacking/ ====== Timestamps ====== (00:00:00) Introduction (00:04:58) From Day Zero to Zero Day (00:12:06) Mapping Code to Attack Surface (00:17:59) Day Zero and Taint Analysis (00:22:43) Automated Variant Analysis & Binary Taxonomy (00:31:35) Source and Sink Discovery (00:40:22) Hybrid Binary Analysis & Quick and Dirty Fuzzing (00:56:00) Coverage-Guided Fuzzing, Fuzzing Everything, & Beyond Day Zero (01:02:16) Bug bounty, Vuln research, & Governmental work (01:10:23) Source Code Review & Pwning Millions of Smart Weighing Machines…

Critical Thinking - Bug Bounty Podcast

1
Episode 119: Abusing Iframes from a client-side hacker 33:54

לפני 19 ימים33:54

33:54

Episode 119: In this episode of Critical Thinking - Bug Bounty Podcast Justin does a mini deep dive into the world of iframes, starting with why they’re significant, their attributes, and how to attack them. CORRECTION: Some of my comments on the latest episode of the pod were woefully inaccurate about the `csp` attribute of an iframe. Def should have read the spec more thoroughly. Please see the #corrections channel in Discord for the deets. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater https://x.com/rez0__ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch ! ====== Resources ====== Episode with JR0ch17 ctbb.show/61 Exacerbating Cross-Site Scripting: The Iframe Sandwich https://coopergyoung.com/exacerbating-cross-site-scripting-the-iframe-sandwich/ ====== Timestamps ====== (00:00:00) Introduction (00:01:20) Why are Iframes useful (00:05:11) Attributes of Iframes (00:21:39) Iframe Attacks (00:29:53) Iframe Fun Facts…

Critical Thinking - Bug Bounty Podcast

1
Episode 118: Hacking Happy Hour: 0days on Tap and SQLi Shots 58:29

לפני 26 ימים58:29

58:29

Episode 118: In this episode of Critical Thinking - Bug Bounty Podcast we cover a host of news, including clientside tidbits, “Credentialless” iframes, prototype pollution, and what constitutes a polyglot in llms.txt. Follow us on X Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow Rhynorater and Rez0 on X ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord ! You can also find some hacker swag ! ====== Resources ====== p4fg passed 1 Million! /reports/:id.json - $25K Crit Hacking Crypto pt1 The art of payload obfuscation Analyzing the Next.js Middleware Bypass Nahamsec's Merch store llms.txt polyglot prompt injection React Router and the Remix’ed path Pre-Authentication SQL Injection in Halo ITSM Pwning Millions of Smart Weighing Machines MCP Server Oauth Cline “Credentialless” iframes Tiny XSS Payloads Types of Pollution ====== Timestamps ====== (00:00:00) Introduction (00:05:56) Next.js Middleware bypass & Polyglots in llms.txt (00:16:35) CPDoS on React Router (00:24:26) Loose Types Sink Ships & Pwning Smart Scales (00:32:30) MCP Server Oauth & Cline (00:39:40) Clientside Tidbits & Prototype Pollutions…

Critical Thinking - Bug Bounty Podcast

1
Hacking AI Series: Vulnus ex Machina - Part 1 32:20

לפני 5 weeks32:20

32:20

Episode 117: In this episode of Critical Thinking - Bug Bounty Podcast Joseph introduces Vulus Ex Machina: A 3-part mini-series on hacking AI applications. In this part, he lays the groundwork and focuses on AI reconnaissance. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater https://x.com/rez0__ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch ! ====== Resources ====== Building Reliable Web Agents https://x.com/pk_iv/status/1904178892723941777 17 security checks from VIBE to PRODUCTION https://x.com/Kaamiiaar/status/1902342578185630000 How to Hack AI Agents and Applications https://josephthacker.com/hacking/2025/02/25/how-to-hack-ai-apps.html AI Crash Course Repo https://github.com/henrythe9th/ai-crash-course Deep Dive into LLMs like ChatGPT https://www.youtube.com/watch?v=7xTGNNLPyMI ====== Timestamps ====== (00:00:00) Introduction (00:01:54) AI News (00:08:09) How to Hack AI Agents and Applications (00:14:26) The Recon Process (00:25:06) Initial Probing & Steering…

Critical Thinking - Bug Bounty Podcast

1
Episode 116: Auth Bypasses and Google VRP Writeups 26:48

לפני 6 weeks26:48

26:48

Episode 116: In this episode of Critical Thinking - Bug Bounty Podcast Justin gives a quick rundown of Portswigger’s SAML Roulette writeup, as well as some Google VRP reports, and a Next.js middleware exploit. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater https://x.com/rez0__ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch ! Today’s Sponsor: ThreatLocker Cloud Control - https://www.threatlocker.com/platform/cloud-control ====== Resources ====== SAML roulette: the hacker always wins https://portswigger.net/research/saml-roulette-the-hacker-always-wins Loophole of getting Google Form associated with Google Spreadsheet with no editor/owner access https://bughunters.google.com/reports/vrp/yBeFmSrJi Loophole to see the editors of a Google Document with no granted access(owner/editor) with just the fileid (can be obtained from publicly shared links with 0 access) https://bughunters.google.com/reports/vrp/7EhAw2hur Cloud Tools for Eclipse - Chaining misconfigured OAuth callback redirection with open redirect vulnerability to leak Google OAuth Tokens with full GCP Permissions https://bughunters.google.com/reports/vrp/F8GFYGv4g Next.js, cache, and chains: the stale elixir https://zhero-web-sec.github.io/research-and-things/nextjs-cache-and-chains-the-stale-elixir Next.js and the corrupt middleware: the authorizing artifact https://zhero-web-sec.github.io/research-and-things/nextjs-and-the-corrupt-middleware ====== Timestamps ====== (00:00:00) Introduction (00:02:59) SAML roulette (00:13:08) Google bugs (00:20:16) Next.js and the corrupt middleware…

Critical Thinking - Bug Bounty Podcast

1
Episode 115: Mentee to Career Hacker - Mokusou (So Sakaguchi) 1:40:58

לפני 7 weeks1:40:58

1:40:58

Episode 115: In this episode of Critical Thinking - Bug Bounty Podcast Justin and So Sakaguchi sit down to walk through some recent bugs, before having a live mentorship session. They also talk about Reflector, and finish up by doing a bonus podcast segment in Japanese! Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to https://x.com/realytcracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater https://x.com/rez0__ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch ! Today’s Sponsor: ThreatLocker Cloud Control - https://www.threatlocker.com/platform/cloud-control Today’s Guest: https://x.com/Mokusou4 ====== Resources ====== So's last appearance in episode 40 ctbb.show/40 ====== Timestamps ====== (00:00:00) Introduction (00:04:11) So's Facebook Bug (00:14:37) So and Justin's Google Bug (00:33:39) Live Mentorship Session (00:56:29) Reflector (01:13:22) Bonus - Podcast in Japanese…

Critical Thinking - Bug Bounty Podcast

1
Episode 114: Single Page Application Hacking Playbook 1:22:25

לפני 8 weeks1:22:25

1:22:25

Episode 114: In this episode of Critical Thinking - Bug Bounty Podcast we’re diving into SPA and how to attack them.We also cover a host of news items, including some bug write-ups, AI updates, and a new tool called Hackadvisor. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater https://x.com/rez0__ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch ! Today’s Sponsor: ThreatLocker Cloud Control ====== Resources ====== Hacking High-Profile Bug Bounty Targets: Deep Dive into a Client-Side Chain Research finds 12,000 ‘Live’ API Keys and Passwords in DeepSeek's Training Data Hackadvisor WP Extensions Notebook LM Pressing Buttons with Popups Response to @RenwaX23 Prompt Injection Attacks for Dummies Shadow Repeater parallel-prettier ====== Timestamps ====== (00:00:00) Introduction (00:02:15) Bug Write-up from @busf4ctor (00:09:44) Scanning Common Crawl (00:16:30) Hackadvisor and WP/Chrome Extension News (00:24:15) Notebook LM, and Recent AI Updates (00:31:58) Write-up from @J0R1AN and Related POC from @RenwaX23 (00:38:10) Prompt Injection Attacks for Dummies (00:42:29) ShadowRepeater (00:47:04) Single-page applications…

Critical Thinking - Bug Bounty Podcast

1
Episode 113: Best Technical Takeaways from Portswigger Top 10 2024 1:29:19

לפני 9 weeks1:29:19

1:29:19

Episode 113: In this episode of Critical Thinking - Bug Bounty Podcast we’re breaking down the Portswigger Top 10 from 2024. There’s some bangers in here! Follow us on X at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on X: ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag ! ====== Resources ====== Hijacking OAUTH flows via Cookie Tossing ChatGPT Account Takeover - Wildcard Web Cache Deception OAuth Non-Happy Path to ATO CVE-2024-4367 - Arbitrary JavaScript execution in PDF.js DoubleClickjacking: A New Era of UI Redressing WorstFit: Unveiling Hidden Transformers in Windows ANSI SQL Injection Isn't Dead: Smuggling Queries at the Protocol Level Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server Middleware, middleware everywhere – and lots of misconfigurations to fix ====== Timestamps ====== (00:00:00) Introduction (00:09:56) Hijacking OAuth flows via Cookie Tossing (00:17:30) ChatGPT Account Takeover (00:25:28) OAuth Non-Happy Path to ATO (00:29:24) CVE-2024-4367 (00:37:37) DoubleClickjacking: (00:44:54) Exploring the DOMPurify library (00:48:01) WorstFit (00:56:29) Unveiling TE.0 HTTP Request Smuggling (01:06:40) SQL Injection Isn't Dead: Smuggling Queries at the Protocol Level (01:14:05) Confusion Attacks…

Critical Thinking - Bug Bounty Podcast

1
Episode 112: Interview with Ciarán Cotter (MonkeHack) - Critical Lab Researcher and Full-time Hunter 1:07:37

לפני 10 weeks1:07:37

1:07:37

Episode 112: In this episode of Critical Thinking - Bug Bounty Podcast Joseph Thacker is joined by Ciarán Cotter (Monke) to share his bug hunting journey and give us the rundown on some recent client-side and server-side bugs. Then they discuss WebSockets, SaaS security, and cover some AI news including Grok 3, Nuclei -AI Flag, and some articles by Johann Rehberger. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater https://x.com/rez0__ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch ! Today’s Guest - Ciarán Cotter https://x.com/monkehack ====== Resources ====== Msty https://msty.app/ From Day Zero to Zero Day https://nostarch.com/zero-day Nuclei - ai flag https://x.com/pdiscoveryio/status/1890082913900982763 ChatGPT Operator: Prompt Injection Exploits & Defenses https://embracethered.com/blog/posts/2025/chatgpt-operator-prompt-injection-exploits/ Hacking Gemini's Memory with Prompt Injection and Delayed Tool Invocation https://embracethered.com/blog/posts/2025/gemini-memory-persistence-prompt-injection/ ====== Timestamps ====== (00:00:00) Introduction (00:01:04) Bug Rundowns (00:13:05) Monke's Bug Bounty Background (00:20:03) Websocket Research (00:34:01) Connecting Hackers with Companies (00:34:56) Grok 3, Msty, From Day Zero to Zero Day (00:42:58) Full time Bug Bounty, SaaS security, and Threat Modeling while AFK (00:54:49) Nuclei - ai flag, ChatGPT Operator, and Hacking Gemini's Memory…

Critical Thinking - Bug Bounty Podcast

1
Episode 111: How to Bypass DOMPurify in Bug Bounty with Kevin Mizu 1:49:15

לפני 11 weeks1:49:15

1:49:15

Episode 111: In this episode of Critical Thinking - Bug Bounty Podcast Justin interviews Kevin Mizu to showcase his knowledge regarding DOMPurify and its misconfigurations. We walk through some of Kevin’s research, highlighting things like Dangerous allow-lists and URI Attributes, DOMPurify hooks, node manipulation, and DOM Clobbering. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater https://x.com/rez0__ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch ! ====== Resources ====== Exploring the DOMPurify library: Bypasses and Fixes (1/2) https://mizu.re/post/exploring-the-dompurify-library-bypasses-and-fixes Exploring the DOMPurify library: Hunting for Misconfigurations (2/2) https://mizu.re/post/exploring-the-dompurify-library-hunting-for-misconfigurations Dom-Explorer tool https://yeswehack.github.io/Dom-Explorer/shared?id=772a440c-b0c2-4991-be71-3e271cf7954f CT Episode 61: A Hacker on Wall Street - JR0ch17 https://www.criticalthinkingpodcast.io/episode-61-a-hacker-on-wall-street-jr0ch17/ ====== Timestamps ====== (00:00:00) Introduction (00:01:44) Kevin Mizu - Background and Bring-a-bug (00:15:09) DOMPurify (00:29:04) Misconfigurations - Dangerous allow-lists (00:39:09) Dangerous URI attributes configuration (00:46:08) Bad usage (00:59:55) DOMPurify Hooks: before, after, and upon SanitizeAttribute (01:29:15) Node manipulation, nodeName namespace case confusion, & DOM Clobbering DOS (01:36:51) Misc concepts for future research…

Critical Thinking - Bug Bounty Podcast

1
Episode 110: Oauth Gadget Correlation and Common Attacks 49:41

לפני 12 weeks49:41

49:41

Episode 110: In this episode of Critical Thinking - Bug Bounty Podcast we hit some quick news items including a DOMPurify 3.2.3 Bypass, O3 mini updates, and a cool postLogger Chrome Extension. Then, we hone in on OAuth vulnerabilities, API keys, and innovative techniques hackers use to exploit these systems. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to https://x.com/realytcracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater https://x.com/rez0__ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch ! ====== Resources ====== DOMPurify 3.2.3 Bypass Jason Zhou's post about O3 mini Live Chat Blog #2: Cisco Webex Connect postLogger Chrome Extension postLogger Webstore Link Common OAuth Vulnerabilities nOAuth: How Microsoft OAuth Misconfiguration Can Lead to Full Account Takeover Account Takeover using SSO Logins Kai Greshake ====== Timestamps ====== (00:00:00) Introduction (00:01:44) DOMPurify 3.2.3 Bypass (00:06:37) O3 mini (00:10:29) Ophion Security: Cisco Webex Connect (00:15:54) Discord Community News (00:19:12) postLogger Chrome Extension (00:21:04) Common OAuth Vulnerabilities & Lessons learned from Google’s APIs…

Critical Thinking - Bug Bounty Podcast

1
Episode 109: Creative Recon - Alternative Techniques 1:01:42

לפני 13 weeks1:01:42

1:01:42

Episode 109: In this episode of Critical Thinking - Bug Bounty Podcast we start off with a quick recap of some of the DeepSeek Drama that’s been going down, and discuss AI in CAPTCHA and 2FA as well. Then we switch to cover some other news before settling in to talk about Alternative Recon Techniques Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to https://x.com/realytcracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater https://x.com/rez0__ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch ! Today’s Sponsor - ThreatLocker. Check out their Managed Detection and Response! ====== Resources ====== Resources Wiz Research Uncovers Exposed DeepSeek Database Bypass Bot Detection Tweet from sw33tLie rsc 2fa Stealing HttpOnly cookies with the cookie sandwich technique Report Pointers for Collaborative Chains Clone2Leak: Your Git Credentials Belong To Us Deanonymization via cache GoogleChrome related-website-sets ====== Timestamps ====== (00:00:00) Introduction (00:02:03) DeepSeek debacle and Bypass Bot Detection (00:23:48) Stealing HttpOnly cookies with the cookie sandwich technique (00:30:54) Report Pointers for Collaborative Chains (00:34:43) Clone2Leak: Your Git Credentials Belong To Us (00:40:04) Deanonymization for Signal and Discord (00:41:53) Alternative Recon Techniques…

Critical Thinking - Bug Bounty Podcast

1
Episode 108: How to Hack Salesforce, ServiceNow, and Other SaaS Products With Aaron Costello 1:31:08

לפני 14 weeks1:31:08

1:31:08

Episode 108: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph bring on Aaron Costello to discuss SaaS security and misconfigurations as a bug class. He also gives some in-depth examples from Salesforce, ServiceNow, and Power Pages. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to https://x.com/realytcracker for the awesome intro music! ====== Links ====== Follow your hosts on Twitter: https://x.com/Rhynorater https://x.com/rez0__ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch ! Today’s Sponsor: AppOmni. Get AppOmni's Definitive Guide to SaaS Security https://www.criticalthinkingpodcast.io/AppOmni Today’s Guest: https://x.com/ConspiracyProof ====== Resources ====== Aaron's Blog https://www.enumerated.ie/ Data Exposure and ServiceNow: The Elephant in the ITSM Room https://www.enumerated.ie/index/servicenow-data-exposure Salesforce Lightning - An in-depth look at exploitation vectors for the everyday community https://www.enumerated.ie/index/salesforce Lightning Components: A Treatise on Apex Security from an External Perspective https://go.appomni.com/hubfs/Collateral/AppOmni_Labs_White_Paper_Apex_Security.pdf?utm_campaign=Network%20Computing&utm_source=referral&utm_content=network_computing Microsoft Power Pages: Data Exposure Reviewed https://appomni.com/ao-labs/microsoft-power-pages-data-exposure-reviewed/ ====== Timestamps ====== (00:00:00) Introduction (00:03:00) Aaron Costello, Arbitrary File Upload, & App Cache Manifest Poison bug (00:13:37) SAAS Misconfigurations as a bug class (00:43:27) SalesForce Misconfigurations (01:11:30) Microsoft Power Pages…

Critical Thinking - Bug Bounty Podcast

1
Episode 107: Bypassing Cross-Origin Browser Headers 1:06:17

לפני 15 weeks1:06:17

1:06:17

Episode 107: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph are tackling the subject of cross-origin security headers. They also cover some news items including Google’s OAuth login flaw, RAINK, and gift card hacking. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to https://x.com/realytcracker for the awesome intro music! ====== Links ====== Follow your hosts on Twitter: https://x.com/Rhynorater https://x.com/rez0__ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch ! Today’s Sponsor - ThreatLocker. Check out their Managed Detection and Response! https://www.criticalthinkingpodcast.io/tl-mdr ====== Resources ====== A Proud Dad's Tale of Two Bug Hunting Daughters and Their Responsible Disclosures Google’s OAuth login flaw Rez0's Ai tweet Rez0's Follow-up Raink from BishopFox Gift cards security research Top 10 web hacking techniques of 2024 Cross-Origin-Opener-Policy: preventing attacks from popups ====== Timestamps ====== (00:00:00) Introduction (00:05:13) Hacking with your kids (00:09:46) H1/bc pentests (00:12:23) Google’s OAuth login flaw (00:18:01) Raink & Rez0's AI tweets (00:28:46) Giftcard hacking & Portswigger top 10 voting (00:34:23) Cross Origin Web Headers…

Critical Thinking - Bug Bounty Podcast

1
Episode 106: Announcing our new cohost... 58:10

לפני 16 weeks58:10

58:10

Episode 106: In this episode of Critical Thinking - Bug Bounty Podcast we are pleased to announce our new co-host of the podcast: Joseph Thacker Aka Rez0! We discuss Joseph's transition to full-time bug bounty hunting, his goals, and what he’s looking forward to bringing to the pod. We also cover some news items including doubleclickjacking, character set attacks, SVG XSS, and more. Follow us on twitter at: @ctbbpodcast Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Rez0 on twitter: https://x.com/Rhynorater https://x.com/rez0__ ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Check out our new SWAG store at https://ctbb.show/swag ! Resources DoubleClickjacking: A New Era of UI Redressing https://www.paulosyibelo.com/2024/12/doubleclickjacking-what.html XBOW Validation Benchmarks https://github.com/xbow-engineering/validation-benchmarks Jorian tweet https://x.com/J0R1AN/status/1871586792455163975 Simplified Payload https://portswigger-labs.net/xss/charset.php?x=%1b$B%1b(B%3Ca%20href=javas%1B(Jcript:alert(1)%3Etest%3C/a%3E&charset= SVG XSS Payload https://x.com/garethheyes/status/1876953751245783534 curl-cffi https://pypi.org/project/curl-cffi/ Bypassing File Upload Restrictions To Exploit CSPT https://blog.doyensec.com/2025/01/09/cspt-file-upload.html AI-Crash-Course https://github.com/henrythe9th/AI-Crash-Course?tab=readme-ov-file Timestamps (00:00:00) Introduction (00:02:15) Rez0's journey to Full-time hunter, Tool developer, and new Co-host (00:21:04) DoubleClickjacking (00:31:48) XBOW Validation Benchmarks, Charset Thoughts, and SVG XSS (00:42:28) curl-cffi, CSPT, and AI Crash Course…

Critical Thinking - Bug Bounty Podcast

1
Episode 105: Best Critical Thinking Moments from 2024 2:17:47

לפני 17 weeks2:17:47

2:17:47

Episode 105: In this episode of Critical Thinking - Bug Bounty Podcast we're back with another Best-of episode recapping some of our top moments of 2024. Follow us on twitter at: @ctbbpodcast Ssend us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Rez0 on twitter: https://x.com/Rhynorater https://x.com/rez0__ ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Check out our new SWAG store at https://ctbb.show/swag ! Today’s Sponsor - ThreatLocker. Check out their Elevation Control! https://www.criticalthinkingpodcast.io/tl-ec Resources Episode 53 ctbb.show/53 Episode 59 ctbb.show/59 Episode 65 ctbb.show/65 Episode 69 ctbb.show/69 Episode 80 ctbb.show/80 Episode 81 ctbb.show/81 Episode 86 ctbb.show/86 Episode 87 ctbb.show/87 Episode 91 ctbb.show/91 Episode 93 ctbb.show/93 Episode 99 ctbb.show/99 Timestamps (00:00:00) Introduction (00:03:59) Episode 53 (00:17:12) Episode 59 (00:32:45) Episode 65 (00:48:08) Episode 69 (01:02:37) Episode 80 (01:18:09) Episode 81 (01:28:59) Episode 86 (01:41:04) Episode 87 (01:54:48) Episode 91 (02:01:48) Episode 93 (02:09:37) Episode 99…

Critical Thinking - Bug Bounty Podcast

1
Episode 104: 2024 Hacker Stats & 2025 Goals 29:00

לפני 18 weeks29:00

29:00

Episode 104: In this episode of Critical Thinking - Bug Bounty Podcast Justin reflects upon the past year and walks through some of the bug bounty goals he had for 2024, and how he feels like he did. Then he sets some goals for 2025, as well as some exciting CT news for the coming year. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Rez0 on X: https://x.com/rhynorater https://x.com/rez0__ ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Check out our new SWAG store at https://ctbb.show/swag ! Resources CTBB Full Time Guild ctbb.show/ft Critical Research Lab ctbb.show/crl CT Episode 51 - 2024 Goals https://www.criticalthinkingpodcast.io/episode-51-hacker-stats-2023-2024-goals/ Personal BB inventory and goals https://ctbb.show/blog Timestamps (00:00:00) introduction (00:00:57) Critical Thinking 2025 Announcements (00:04:21) Personal Inventory of 2024 (00:24:05) Goals for 2025…

Critical Thinking - Bug Bounty Podcast

1
Episode 103: Getting ANSI about Unicode Normalization 1:00:30

לפני 19 weeks1:00:30

1:00:30

Episode 103: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph delve into the vulnerabilities associated with ANSI codes and large language models (LLMs), as well as talk through some new research and the value of micro-blogging in general. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord ! We offer Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Check out our new SWAG store ! Join our Shift waitlist ! Today’s Sponsor - ThreatLocker. Check out their Elevation Control! https://www.criticalthinkingpodcast.io/tl-ec Resources _json Juggling Attack Cross-Site POST Requests Without a Content-Type Header Worst Fit Orange Tsai on Worst Fit Handling Cookies is a Minefield Terminal DiLLMa XS-Leaking flags with CSS: A CTFd 0day Hacking Back the AI-Hacker Johann Computer use demo How I Became The Most Valuable Hacker Timestamps (00:00:00) Introduction (00:01:39) _json Juggling Attack and Cross-Site POST Requests Without a Content-Type Header (00:10:55) Worst Fit and Unicode Mapping (00:20:08) Handling Cookies is a Minefield (00:28:11) Terminal DiLLMa & CTFd 0day (00:41:18) Hacking Back the AI-Hacker (00:47:30) Becoming Most Valuable Hacker…

Critical Thinking - Bug Bounty Podcast

1
Episode 102: Building Web Hacking Micro Agents with Jason Haddix 1:02:49

לפני 20 weeks1:02:49

1:02:49

Episode 102: In this episode of Critical Thinking - Bug Bounty Podcast Justin grabs Jason Haddix to help brainstorm the concept of AI micro-agents in hacking, particularly in terms of web fuzzing, WAF bypasses, report writing, and more.They discuss the importance of contextual knowledge, the cost implications, and the strengths of different LLM Models. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Check out our new SWAG store at https://ctbb.show/swag ! Today’s Guest - https://x.com/Jhaddix Resources Keynote: Red, Blue, and Purple AI - Jason Haddix https://www.youtube.com/watch?v=XHeTn7uWVQM Attention in transformers, https://www.youtube.com/watch?v=eMlx5fFNoYc Shift https://shiftwaitlist.com/ The Darkest Side of Bug Bounty https://www.youtube.com/watch?v=6SNy0u6pYOc Timestamps (00:00:00) Introduction (00:01:25) Micro-agents and Weird Machine Tricks (00:11:05) Web fuzzing with AI (00:18:15) Brainstorming Shift and micro-agents (00:34:40) Strengths of different AI Models, and using AI to write reports (00:54:21) The Darkest Side of Bug Bounty…

Critical Thinking - Bug Bounty Podcast

1
Episode 101: CTBB Hijacked: Rez0__ on AI Attack Vectors with Johann Rehberger 51:24

לפני 21 weeks51:24

51:24

Episode 101: In this episode of Critical Thinking - Bug Bounty Podcast we’ve been hijacked! Rez0 takes control of this episode, and sits down with Johann Rehberger to discuss the intricacies of AI application vulnerabilities. They talk through the importance of understanding system prompts, and various obfuscation techniques used to bypass security measures, the best AI platforms, and the evolving landscape of AI security. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s Sponsor - ThreatLocker. Check out their Elevation Control! https://www.criticalthinkingpodcast.io/tl-ec Today’s Guest: https://x.com/wunderwuzzi23 Resources Johann's blog https://embracethered.com/blog/ zombais https://embracethered.com/blog/posts/2024/claude-computer-use-c2-the-zombais-are-coming/ Copirate https://embracethered.com/blog/posts/2024/m365-copilot-prompt-injection-tool-invocation-and-data-exfil-using-ascii-smuggling/ Timestamps (00:00:00) Introduction (00:01:59) Biggest things to look for in AI hacking (00:11:58) Best AI companies to hack on (00:15:59) URL Redirects and Obfuscation Techniques (00:24:05) Copirate (00:35:50) prompt injection guardrails and threats…

Critical Thinking - Bug Bounty Podcast

1
Ep 100 - 8 Fav Bugs of 2024, Farewell Joel, Hello Shift - Cursor of Hacking 1:41:40

לפני 22 weeks1:41:40

1:41:40

Episode 100: In this episode of Critical Thinking - Bug Bounty Podcast we have a mixed bag. We celebrate 100 episodes of Critical Thinking, but also bid farewell to Joel, who will be leaving the show as a co-host, but returning as guest. Then we hear from a bunch of friends about their 'best bug of the year', before capping the episode with the announcement of a new AI tool we've been working on! Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Resources Delorean https://github.com/jselvi/Delorean Shift shiftwaitlist.com Timestamps (00:00:00) Introduction (00:07:32) Nagli (00:19:09) Shubs (00:35:00) Matt Brown (00:39:42) Matanber (00:57:52) Douglas Day (01:05:18) Alex Chapman (01:15:02) Nahamsec (01:25:45) Rez0 (01:28:20) Shift Announcement…

Critical Thinking - Bug Bounty Podcast

1
Episode 99: Back to the Basics - Web Fundamental to 100k a Year in Bug Bounty 1:42:54

לפני 23 weeks1:42:54

1:42:54

Episode 99: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Roni dissect an old thread of Justin's talking about how best to start bug bounty with the goal of making $100k in the first year. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s Sponsor - AssetNote: Check out their ASMR board (no not that kind!) https://assetnote.io/asmr Today’s Guest - https://x.com/0xLupin Resources Justin's Twitter Thread https://x.com/Rhynorater/status/1699395452481769867 Timestamps (00:00:00) Introduction (00:03:00) Web Fundamentals Education (00:46:01) Threat Modeling and Hacking Goals (01:18:58) Vuln Types and finding Specialization…

Critical Thinking - Bug Bounty Podcast

1
Episode 98: Team 82 Sharon Brizinov - The Live Hacking Polymath 1:43:57

לפני 24 weeks1:43:57

1:43:57

Episode 98: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner sits down with Sharon,to discuss his journey from early iOS development to leading a research team at Claroty. They address the differences between HackerOne and Pwn2Own, and talk through some intricacies of IoT security, and some less common IoT attack surfaces. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s Sponsor - ThreatLocker: Check out Network Control! https://www.criticalthinkingpodcast.io/tl-nc And AssetNote: Check out their ASMR board (no not that kind!) https://assetnote.io/asmr Today’s Guest: https://sharonbrizinov.com/ Resources The Claroty Research Team https://claroty.com/team82 Pwntools https://github.com/Gallopsled/pwntools Scan My SMS http://scanmysms.com Gotta Catch 'Em All: Phishing, Smishing, and the birth of ScanMySMS https://www.youtube.com/watch?v=EhNsXXbDp3U Timestamps (00:00:00) Introduction (00:03:31) Sharon's Origin Story (00:21:58) Transition to Bug Bounty and Pwn2Own vs HackerOne (00:47:05) IoT/ICS Hacking Methodology (01:10:13) Cloud to Device Communication (01:18:15) Bug replication and uncommon attack surfaces (01:30:58) Documentation tracker, reCaptcha bypass, and ScanMySMS…

Critical Thinking - Bug Bounty Podcast

1
Episode 97: Bcrypt Hash Input Truncation & Mobile Device Threat Modeling 53:05

לפני 25 weeks53:05

53:05

Episode 97: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel jump into some cool news items, including a recent Okta Bcrypt vulnerability, insights into crypto bugs, and some intricacies of Android and Chrome security. They also explore the latest research from Portswigger on payload concealment techniques, and the introduction of the Lightyear tool for PHP exploits. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s Sponsor - ThreatLocker: Check out Network Control! https://www.criticalthinkingpodcast.io/tl-nc And AssetNote: Check out their ASMR board (no not that kind!) https://assetnote.io/asmr Resources Okta bcrypt Android Web Attack Surface Writeups Concealing payloads in URL credentials Dumping PHP files with Lightyear Limit maximum number of filter chains Dom-Explorer tool launched MultiHTMLParse JSON Crack Caido/Burp notes plugin Timestamps (00:00:00) Introduction (00:02:43) Okta Release and bcrypt (00:10:26) Android Web Attack Surface Writeups (00:20:21) More Portswigger Research (00:28:29) Lightyear and PHP filter chains (00:35:09) Dom-Explorer (00:45:24) The JSON Debate (00:49:59) Notes plugin for Burp and Caido…

Critical Thinking - Bug Bounty Podcast

1
Episode 96: Cookies & Caching with MatanBer 49:09

לפני 26 weeks49:09

49:09

Episode 96: In this episode of Critical Thinking - Bug Bounty Podcast we’re back with Matanber to hit some stuff we ran out of time on last episode. We talk about advanced cookie parsing techniques and exploitation methods, Safari's unique behaviors regarding cookie handling and debugging methods, and some of the writeups from the HeroCTF v6. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s Guest: https://x.com/MtnBer Resources: Cookie Bugs - Smuggling & Injection https://blog.ankursundara.com/cookie-bugs/#:~:text=Cookie%20Smuggling iOS Webkit Debug Proxy https://github.com/google/ios-webkit-debug-proxy HeroCTF v6 Writeups https://mizu.re/post/heroctf-v6-writeups Timestamps (00:00:00) Introduction (00:01:29) Cookie exploits (00:21:32) Matan's Safari Adventure (00:29:49) HeroCTF 6 writeups…

Critical Thinking - Bug Bounty Podcast

1
Episode 95: Attacking Chrome Extensions with MatanBer - Big Impact on the Client-Side 1:56:23

לפני 27 weeks1:56:23

1:56:23

Episode 95: In this episode of Critical Thinking - Bug Bounty Podcast In this episode, Justin is joined by MatanBer to delve into the intricacies of browser extensions. We talk about the structure and threat models, and cover things like service workers, extension pages, and isolated worlds. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s Sponsor - AssetNote. Listen to their podcast https://www.criticalthinkingpodcast.io/sspod Today’s Guest: https://x.com/MtnBer Resources Universal Code Execution by Chaining Messages in Browser Extensions https://spaceraccoon.dev/universal-code-execution-browser-extensions/ DOMLogger++ https://github.com/kevin-mizu/domloggerpp BBRE Metamask bug https://youtu.be/HnI0w156rtw?si=QixP8SX6JuRFz6PA Bench Press: Leaking Text Nodes with CSS https://blog.pspaul.de/posts/bench-press-leaking-text-nodes-with-css/ Timestamps: (00:00:00) Introduction (00:03:08) Structure & Threat Model for Browser Extension (00:28:28) Extension Attack scenarios (01:01:26) Attacking Extension Pages (01:26:35) Attacking Service Workers (01:46:23) Getting source code and dynamic debugging…

Critical Thinking - Bug Bounty Podcast

1
Episode 94: Zendesk Fiasco & the CTBB Naughty List 49:29

לפני 28 weeks49:29

49:29

Episode 94: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel give their perspectives on the recent Zendesk fiasco and the ethical considerations surrounding it. They also highlight the launch of AuthzAI and some research from Ophion Security Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s Sponsor - AssetNote. Listen to their podcast https://www.criticalthinkingpodcast.io/sspod Resources: New music drop from our Boi YT https://x.com/realytcracker/status/1847599657569956099 AuthzAI https://authzai.com/ Ron Chan https://x.com/ngalongc Misconfigured User Auth Leads to Customer Messages https://www.ophionsecurity.com/post/live-chat-blog-1-misconfigured-user-auth-leads-to-customer-messages Zendesk Write-up https://gist.github.com/hackermondev/68ec8ed145fcee49d2f5e2b9d2cf2e52 Response from Zendesk https://gist.github.com/hackermondev/68ec8ed145fcee49d2f5e2b9d2cf2e52?permalink_comment_id=5232589#gistcomment-5232589 Timestamps (00:00:00) Introduction (00:05:29) AuthzAI and the return of Ron Chan (00:13:50) Ophion Security Research (00:18:12) Zendesk Drama…

Critical Thinking - Bug Bounty Podcast

1
Episode 93: A Chat with Dr. Bouman - Life as a Hacker and a Doctor 1:41:29

לפני 29 weeks1:41:29

1:41:29

Episode 93: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Dr. Jonathan Bouman to discuss his unique journey as both a Hacker and a Healthcare Professional. We talk through how he balances his dual careers, some ethical considerations of hacking in the context of healthcare, and highlight some experiences he’s had with Amazon's bug bounty program. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Find the Hackernotes: https://blog.criticalthinkingpodcast.io/ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s Sponsor - ThreatLocker. Checkout their ThreatLocker Detect! https://www.criticalthinkingpodcast.io/tl-detect Today’s Guest - https://x.com/jonathanbouman?lang=en Resources Anyone can Access Deleted and Private Repository Data on GitHub Filesender Github Remote Code execution at ws1.aholdusa .com APK-MITM Hacking Dutch healthcare system Fitness Youtube Channels https://www.youtube.com/channel/UCpQ34afVgk8cRQBjSJ1xuJQ https://www.youtube.com/@BullyJuice Timestamps (00:00:00) Introduction (00:07:28) Medicine and Hacking (00:19:36) Hacking on Amazon (00:34:33) Collaboration and consistency (00:44:13) SSTI Methodology (01:06:10) iOS Hacking Methodology (01:13:23) Hacking Healthcare (01:32:19) Health tips for hacking…

Critical Thinking - Bug Bounty Podcast

1
Episode 92 - SAML XPath Confusion, Chinese DNS Poisoning, and AI Powered 403 Bypasser 47:38

לפני 30 weeks47:38

47:38

Episode 92: In this episode of Critical Thinking - Bug Bounty Podcast In this episode Justin and Joel tackle a host of new research and write-ups, including Ruby SAML, 0-Click exploits in MediaTek Wi-Fi, and Vulnerabilities caused by The Great Firewall Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Find the Hackernotes: https://blog.criticalthinkingpodcast.io/ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s Sponsor - ThreatLocker. Checkout their ThreatLocker Detect! https://www.criticalthinkingpodcast.io/tl-detect Resources: Insecurity through Censorship Ruby-SAML / GitLab Authentication Bypass 0-Click exploit discovered in MediaTek Wi-Fi chipsets New Caido Plugin to Generate Wordlists Bebik’s 403 Bypassor CSPBypass Arb Read & Arb write on LLaMa.cpp by SideQuest XSS WAF Bypass One payload for all Timestamps (00:00:00) Introduction (00:02:08) Vulnerabilities Caused by The Great Firewall (00:07:25) Ruby SAML Bypass (00:19:55) 0-Click exploit discovered in MediaTek Wi-Fi chipsets (00:24:36) New Caido Wordlist Plugin (00:31:00) CSPBypass.com (00:35:37) Arb Read & Arb write on LLaMa.cpp by SideQuest (00:43:10) Helpful WAF Bypass…

Critical Thinking - Bug Bounty Podcast

1
Episode 91: Zero to LHE in 9 Months (feat gr3pme) 1:22:50

לפני 31 weeks1:22:50

1:22:50

Episode 91: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner sits down with Critical Thinking’s own HackerNotes writer Brandyn Murtagh (gr3pme) to talk about his journey with Bug Bounty. We cover mentorship, networking and LHEs, ecosystem hacking, emotional regulation, and the need for self-care. Then we wrap up with some fun bugs. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Find the Hackernotes: https://blog.criticalthinkingpodcast.io/ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Shop our new swag store at ctbb.show/swag Today’s Sponsor: Project Discovery - tldfinder: https://www.criticalthinkingpodcast.io/tldfinder Today’s guest: https://x.com/gr3pme Resources: Lessons Learned for LHEs https://x.com/Rhynorater/status/1579499221954473984 Timestamps: (00:00:00) Introduction (00:07:02) Mentorship in Bug Bounty (00:16:30) LHE lessons, takeaways, and the benefit of feedback and networking (00:41:28) Choosing Targets (00:49:03) Vuln Classes (00:58:54) Bug Reports…

ברוכים הבאים אל Player FM!

Player FM סורק את האינטרנט עבור פודקאסטים באיכות גבוהה בשבילכם כדי שתהנו מהם כרגע. זה יישום הפודקאסט הטוב ביותר והוא עובד על אנדרואיד, iPhone ואינטרנט. הירשמו לסנכרון מנויים במכשירים שונים.

תקשיבו ל-500+ נושאים

44 subscribers

דומה לCritical Thinking - Bug Bounty Podcast

Apple AirPods Pro 2 Wireless Earbuds, Active Noise Cancellation, Hearing Aid Feature, Bluetooth Headphones, Transparency, Personalized Spatial Audio, High-Fidelity Sound, H2 Chip, USB-C Charging

Amazon Fire TV Stick HD (newest model), free and live TV, Alexa Voice Remote, smart home controls, HD streaming

Amazon Basics Multipurpose Copy Printer Paper, 8.5" x 11", 20 lb, 8 Reams, 4000 Sheets, 92 Bright, White

פודקאסטים ששווה להאזין

Critical Thinking - Bug Bounty Podcast « » Hacking AI Series: Vulnus ex Machina - Part 1

Hacking AI Series: Vulnus ex Machina - Part 1

פודקאסטים ששווה להאזין

ברוכים הבאים אל Player FM!

The Let Them Theory: A Life-Changing Tool That Millions of People Can't Stop Talking About

The Let Them Theory: A Life-Changing Tool That Millions of People Can't Stop Talking About

Bounty Paper Towels Quick Size, White, 16 Family Rolls = 40 Regular Rolls (Packaging May Vary)

Mighty Patch™ Original patch from Hero Cosmetics - Hydrocolloid Acne Pimple Patch for Covering Zits and Blemishes in Face and Skin, Vegan-friendly and Not Tested on Animals (36 Count)

The Let Them Theory: A Life-Changing Tool That Millions of People Can't Stop Talking About

דומה לCritical Thinking - Bug Bounty Podcast

מדריך עזר מהיר

Critical Thinking - Bug Bounty Podcast « »
Hacking AI Series: Vulnus ex Machina - Part 1