Critical Thinking - Bug Bounty Podcast

Justin Gardner (Rhynorater) & Joel Margolis (teknogeek)
  • 5,0 (1)
  • TECHNOLOGIES
  • CHAQUE SEMAINE
Critical Thinking - Bug Bounty Podcast

A "by Hackers for Hackers" podcast focused on technical content ranging from bug bounty tips, to write-up explanations, to the latest hacking techniques.

  1. -3 J

    Episode 96: Cookies & Caching with MatanBer

    Episode 96: In this episode of Critical Thinking - Bug Bounty Podcast we’re back with Matanber to hit some stuff we ran out of time on last episode. We talk about advanced cookie parsing techniques and exploitation methods, Safari's unique behaviors regarding cookie handling and debugging methods, and some of the writeups from the HeroCTF v6. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s Guest: https://x.com/MtnBer Resources: Cookie Bugs - Smuggling & Injection https://blog.ankursundara.com/cookie-bugs/#:~:text=Cookie%20Smuggling iOS Webkit Debug Proxy https://github.com/google/ios-webkit-debug-proxy HeroCTF v6 Writeups https://mizu.re/post/heroctf-v6-writeups Timestamps (00:00:00) Introduction (00:01:29) Cookie exploits (00:21:32) Matan's Safari Adventure (00:29:49) HeroCTF 6 writeups

    49 min

  2. 31 OCT.

    Episode 95: Attacking Chrome Extensions with MatanBer - Big Impact on the Client-Side

    Episode 95: In this episode of Critical Thinking - Bug Bounty Podcast In this episode, Justin is joined by MatanBer to delve into the intricacies of browser extensions. We talk about the structure and threat models, and cover things like service workers, extension pages, and isolated worlds. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s Sponsor - AssetNote. Listen to their podcast https://www.criticalthinkingpodcast.io/sspod Today’s Guest: https://x.com/MtnBer Resources Universal Code Execution by Chaining Messages in Browser Extensions https://spaceraccoon.dev/universal-code-execution-browser-extensions/ DOMLogger++ https://github.com/kevin-mizu/domloggerpp BBRE Metamask bug https://youtu.be/HnI0w156rtw?si=QixP8SX6JuRFz6PA Bench Press: Leaking Text Nodes with CSS https://blog.pspaul.de/posts/bench-press-leaking-text-nodes-with-css/ Timestamps: (00:00:00) Introduction (00:03:08) Structure & Threat Model for Browser Extension (00:28:28) Extension Attack scenarios (01:01:26) Attacking Extension Pages (01:26:35) Attacking Service Workers (01:46:23) Getting source code and dynamic debugging

    1 h 56 min

  3. 24 OCT.

    Episode 94: Zendesk Fiasco & the CTBB Naughty List

    Episode 94: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel give their perspectives on the recent Zendesk fiasco and the ethical considerations surrounding it. They also highlight the launch of AuthzAI and some research from Ophion Security Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s Sponsor - AssetNote. Listen to their podcast https://www.criticalthinkingpodcast.io/sspod Resources: New music drop from our Boi YT https://x.com/realytcracker/status/1847599657569956099 AuthzAI https://authzai.com/ Ron Chan https://x.com/ngalongc Misconfigured User Auth Leads to Customer Messages https://www.ophionsecurity.com/post/live-chat-blog-1-misconfigured-user-auth-leads-to-customer-messages Zendesk Write-up https://gist.github.com/hackermondev/68ec8ed145fcee49d2f5e2b9d2cf2e52 Response from Zendesk https://gist.github.com/hackermondev/68ec8ed145fcee49d2f5e2b9d2cf2e52?permalink_comment_id=5232589#gistcomment-5232589 Timestamps (00:00:00) Introduction (00:05:29) AuthzAI and the return of Ron Chan (00:13:50) Ophion Security Research (00:18:12) Zendesk Drama

    49 min

  4. 17 OCT.

    Episode 93: A Chat with Dr. Bouman - Life as a Hacker and a Doctor

    Episode 93: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Dr. Jonathan Bouman to discuss his unique journey as both a Hacker and a Healthcare Professional. We talk through how he balances his dual careers, some ethical considerations of hacking in the context of healthcare, and highlight some experiences he’s had with Amazon's bug bounty program. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Find the Hackernotes: https://blog.criticalthinkingpodcast.io/ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s Sponsor - ThreatLocker. Checkout their ThreatLocker Detect! https://www.criticalthinkingpodcast.io/tl-detect Today’s Guest - https://x.com/jonathanbouman?lang=en Resources Anyone can Access Deleted and Private Repository Data on GitHub Filesender Github Remote Code execution at ws1.aholdusa .com APK-MITM Hacking Dutch healthcare system Fitness Youtube Channels https://www.youtube.com/channel/UCpQ34afVgk8cRQBjSJ1xuJQ https://www.youtube.com/@BullyJuice Timestamps (00:00:00) Introduction (00:07:28) Medicine and Hacking (00:19:36) Hacking on Amazon (00:34:33) Collaboration and consistency (00:44:13) SSTI Methodology (01:06:10) iOS Hacking Methodology (01:13:23) Hacking Healthcare (01:32:19) Health tips for hacking

    1 h 41 min

  5. 10 OCT.

    Episode 92 - SAML XPath Confusion, Chinese DNS Poisoning, and AI Powered 403 Bypasser

    Episode 92: In this episode of Critical Thinking - Bug Bounty Podcast In this episode Justin and Joel tackle a host of new research and write-ups, including Ruby SAML, 0-Click exploits in MediaTek Wi-Fi, and Vulnerabilities caused by The Great Firewall Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Find the Hackernotes: https://blog.criticalthinkingpodcast.io/ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s Sponsor - ThreatLocker. Checkout their ThreatLocker Detect! https://www.criticalthinkingpodcast.io/tl-detect Resources: Insecurity through Censorship Ruby-SAML / GitLab Authentication Bypass 0-Click exploit discovered in MediaTek Wi-Fi chipsets New Caido Plugin to Generate Wordlists Bebik’s 403 Bypassor CSPBypass Arb Read & Arb write on LLaMa.cpp by SideQuest XSS WAF Bypass One payload for all Timestamps (00:00:00) Introduction (00:02:08) Vulnerabilities Caused by The Great Firewall (00:07:25) Ruby SAML Bypass (00:19:55) 0-Click exploit discovered in MediaTek Wi-Fi chipsets (00:24:36) New Caido Wordlist Plugin (00:31:00) CSPBypass.com (00:35:37) Arb Read & Arb write on LLaMa.cpp by SideQuest (00:43:10) Helpful WAF Bypass

    48 min

  6. 3 OCT.

    Episode 91: Zero to LHE in 9 Months (feat gr3pme)

    Episode 91: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner sits down with Critical Thinking’s own HackerNotes writer Brandyn Murtagh (gr3pme) to talk about his journey with Bug Bounty. We cover mentorship, networking and LHEs, ecosystem hacking, emotional regulation, and the need for self-care. Then we wrap up with some fun bugs. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Find the Hackernotes: https://blog.criticalthinkingpodcast.io/ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Shop our new swag store at ctbb.show/swag Today’s Sponsor: Project Discovery - tldfinder: https://www.criticalthinkingpodcast.io/tldfinder Today’s guest: https://x.com/gr3pme Resources: Lessons Learned for LHEs https://x.com/Rhynorater/status/1579499221954473984 Timestamps: (00:00:00) Introduction (00:07:02) Mentorship in Bug Bounty (00:16:30) LHE lessons, takeaways, and the benefit of feedback and networking (00:41:28) Choosing Targets (00:49:03) Vuln Classes (00:58:54) Bug Reports

    1 h 23 min

  7. 26 SEPT.

    Episode 90: 5k Clickjacking, Encryption Oracles, and Cursor for PoCs

    Episode 90: In this episode of Critical Thinking - Bug Bounty Podcast Joel and Justin recap some of their recent hacking ups and downs and have a lively chat about Cursor. Then they cover some some research about SQL Injections, Clickjacking in Google Docs, and how to steal your Telegram account in 10 seconds. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Find the Hackernotes: https://blog.criticalthinkingpodcast.io/ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Shop our new swag store at ctbb.show/swag Today’s Sponsor: Project Discovery - tldfinder: https://www.criticalthinkingpodcast.io/tldfinder Resources: Breaking Down Barriers: Exploiting Pre-Auth SQL Injection in WhatsUp Gold Content-Type that can be used for XSS Clickjacking Bug in Google Docs Justin's Gadget Link https://www.youtube.com/signin?next=https%3A%2F%2Faccounts.youtube.com%2Faccounts%2FSetSID%3Fcontinue%3Dhttps%3A%2F%2Fwww.google.com%252Famp%252fpoc.rhynorater.com Stealing your Telegram account in 10 seconds flat Timestamps (00:00:00) Introduction (00:08:28) Recent Hacks and Dupes (00:14:00) Cursor (00:25:02) Exploiting Pre-Auth SQL Injection in WhatsUp Gold (00:34:17) Content-Type that can be used for XSS (00:40:25) Caido updates (00:43:14) Clickjacking in Google Docs, and Stealing Telegram account

    52 min

  8. 19 SEPT.

    Episode 89: The Untapped Bug Bounty Landscape of IoT w/ Matt Brown

    Episode 89: In this episode of Critical Thinking - Bug Bounty Podcast We’re joined live by Matt Brown to talk about his journey with hacking in the IoT. We cover the specializations and challenges in hardware hacking, and Matt’s personal Methodology. Then we switch over to touch on BGA Reballing, Certificate Pinning and Validation, and some of his own bug stories. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Find the Hackernotes: https://blog.criticalthinkingpodcast.io/ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s Sponsor: Project Discovery - tldfinder: https://www.criticalthinkingpodcast.io/tldfinder Today’s Guess Matt Brown: https://x.com/nmatt0 Resources: Decrypting SSL to Chinese Cloud Servers https://www.youtube.com/watch?v=3qSxxNvuEtg mitmrouter https://github.com/nmatt0/mitmrouter certmitm Automatic Exploitation of TLS Certificate Validation Vulns https://www.youtube.com/watch?v=w_l2q_Gyqfo and https://media.defcon.org/DEF%20CON%2031/DEF%20CON%2031%20presentations/Aapo%20Oksman%20-%20certmitm%20automatic%20exploitation%20of%20TLS%20certificate%20validation%20vulnerabilities.pdf https://github.com/aapooksman/certmitm HackerOne Detailed Platform Standards https://docs.hackerone.com/en/articles/8369826-detailed-platform-standards Timestamps: (00:00:00) Introduction (00:13:33) Specialization and Challenges of IOT Hacking (00:33:03) Decrypting SSL to Chinese Cloud Servers (00:47:00) General IoT Hacking Methodology (01:26:00) Certificate Pinning and Certificate Validation (01:34:35) BGA Reballing (01:43:26) Bug Stories

    1 h 58 min
Tout afficher (96)

À propos

A "by Hackers for Hackers" podcast focused on technical content ranging from bug bounty tips, to write-up explanations, to the latest hacking techniques.

Informations

  • Création
    Justin Gardner (Rhynorater) & Joel Margolis (teknogeek)
  • Années d’activité
    2023 - 2024
  • Épisodes
    96
  • Classification
    Contenu explicite
  • Copyright
    © Critical Thinking Podcast
  • Site web de l’émission
    Critical Thinking - Bug Bounty Podcast

Vous aimeriez peut‑être aussi

Pour écouter des épisodes au contenu explicite, connectez‑vous.

Recevez les dernières actualités sur cette émission

Connectez‑vous ou inscrivez‑vous pour suivre des émissions, enregistrer des épisodes et recevoir les dernières actualités.
Choisissez un pays ou une région

Afrique, Moyen‑Orient et Inde

Asie‑Pacifique

Europe

Amérique latine et Caraïbes

États‑Unis et Canada