Exploring Special Characters, Cache Poisoning, and Automation in Bug Bounty Programs

Episode 78: In this episode of Critical Thinking - Bug Bounty Podcast we’re talking about writing reports. We share some tips that we’ve learned, and discuss ways that AI can (and can’t) help with that process. We also talk about the benefit of using tools like Fabric, Loom, and ShareX.

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Today’s Sponsor - ThreatLocker

Resources:

XSS WAF Bypass by multi-char HTML entities

Shazzer

Next.js and cache poisoning

Nagli's Nuclei Template

hey why can't you fix this one bug

Justin's reporting templating software

Fabric

BB Report Formatter

2to3 Automated Python Converter

ShareX

Skitch

Timestamps:

(00:00:00) Introduction

(00:04:00) XSS WAF Bypass by Multi-char HTML Entities

(00:11:59) Next.js and Cache Poisoning

(00:18:03) Nagli's Nuclei Template and Sean Yeoh's Blog

(00:27:34) Report Writing and AI

(00:50:02) Reporting tips