Episode 131: In this episode of Critical Thinking - Bug Bounty Podcast we're covering Christmas in July with several banger articles from Searchlight Cyber, as well as covering things like Raycast for Windows, Third-Person prompting, and touch on the recent McDonalds Leak
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater and Rez0 on Twitter:
https://x.com/Rhynorater
https://x.com/rez0__
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today’s Sponsor is Adobe. Use code CTBBP0907 in your first report on Adobe Behance, Portfolio, Fonts or Acrobat Web, and earn a one-time 10% bonus reward!
====== Resources ======
v1 Instance Metadata Service protections bypass
Would you like an IDOR with that? Leaking 64 million McDonald’s job applications
How we got persistent XSS on every AEM cloud site, thrice
Google docs now supports export as markdown
Abusing Windows, .NET quirks, and Unicode Normalization to exploit DNN (DotNetNuke)
How I Scanned all of GitHub’s “Oops Commits” for Leaked Secrets
Bug bounty, feedback, strategy and alchemy
====== Timestamps ======
(00:00:00) Introduction
(00:05:39) Metadata Service protections bypass & Mcdonalds Leak
(00:12:30) Christmas in July with Searchlight Cyber Pt 1
(00:19:43) Export as Markdown, Raycast for Windows, & Third-Person prompting
(00:23:56) Christmas in July with Searchlight Cyber Pt 2
(00:27:39) GitHub’s “Oops Commits” for Leaked Secrets
(00:36:53) Bug bounty, feedback, strategy and alchemy
