Episode 50: In this episode of Critical Thinking - Bug Bounty Podcast, Justin catches up with hacking master Mathias Karlsson, and talks about burnout, collaboration, and the importance of specialization. Then we dive into the technical details of MXSS and XSLT, character encoding, and give some predictions of what Bug Bounty might look like in the future…
Follow us on twitter at: @ctbbpodcast
Send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Follow your hosts Rhynorater & Teknogeek on twitter:
------ Ways to Support CTBBPodcast ------
Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.
Hop on the CTBB Discord!
We also do Discord subs at $25, $10, $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Today’s Guest
Episode Resources
How to Differentiate Yourself as a Hunter
MutateMethods
hackaplaneten
Article About Unicode and Character Sets
Byte Order Mark:
Character Encodings
ShapeCatcher
WAF Bypass
BountyDash
EXPLOITING HTTP'S HIDDEN ATTACK-SURFACE
Timestamps:
(00:00:00) Introduction
(00:10:06) Automation Setup and Assetnote Origins
(00:16:49) Sharing Tips, and Content Creation
(00:22:27) Collaboration and Optimization
(00:36:44) Working at Detectify
(00:51:45) Bug Bounty Burnout
(00:56:15) Early Days of Bug Bounty and Future Predictions
(01:19:00) Nerdsnipeability
(01:29:38) MXSS and XSLT
(01:54:20) Learning through being wrong
(02:00:15) Go-to Vulns
