Episode 7: PortSwigger Top 10, TruffleSecurity Drama, and More!
Critical Thinking - Bug Bounty Podcast
00:00
How to Encrypt JWTs With Default Keys
Joel: This is reminding me of, um, I've seen this in a couple CTFs and puzzles. Essentially it'll be using the default like, or like the example code as in your, in your like production. And so you can test with an empty key or a known key or an example key to see whether or not they may have signed it using that. Joel: There's actually a tool called cookie monster, which helps check for like, uh, default keys and stuff like that.
Transcript
Play full episode
