Episode 158: In this episode of Critical Thinking - Bug Bounty Podcast we talk about our takeaways from the CTBB Charity Hackalong, and then break down some InsertScript POCs, what a $55,000 bug can look like, and if Smart People Ever Say They’re Smart.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
Crit Research Lab:
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag!
Today's Sponsor: Join Justin at Zero Trust World in March and get $200 off registration with Code ZTWCTBB26
https://ztw.com/
====== Resources ======
InsertScript - XSS Challenge Solution
InsertScript - Redirect AuthHeader
CRLF injection on a 302 redirect
Multiple XSS in Meta Conversion API Gateway Leading to Zero-Click Account Takeover
Arcanum Hack Tips
Trail of Bits Releases Claude Skills
what a $55,000 bug can look like
Pwning Claude Code in 8 Different Ways
Do Smart People Ever Say They’re Smart?
====== Timestamps ======
(00:00:00) Introduction
(00:04:18) Takeaways from CT Charity Hackalong
(00:22:21) InsertScript POCs & Rez0 and teknogeek's IOT Adventures
(00:32:16) CRLF injection on a 302 redirect & Multiple XSS in Meta
(00:41:00) Trail of Bits, what a $55,000 bug can look like, & Pwning Claude Code
(00:54:16) Do Smart People Ever Say They’re Smart?
