Critical Thinking - Bug Bounty Podcast

Episode 103: Getting ANSI about Unicode Normalization

Dec 26, 2024

Dive into the potential vulnerabilities of ANSI codes and the world of large language models as the hosts uncover innovative hacking techniques. Explore the intricacies of Unicode normalization and its impact on web security, especially concerning command injections. Delve into cookie manipulation challenges and learn about the balance between hackbots and cybersecurity. The discussion also highlights success stories within the community, showcasing the importance of collaboration and sharing knowledge in the ever-evolving tech landscape.

01:00:30

Creator website

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

The podcast discusses the peculiar behavior of Safari's cookie handling, raising questions about potential vulnerabilities across different browsers.

ThreatLocker's elevation control feature allows precise user permissions, thereby reducing security risks associated with broad administrative rights.

Research revealed JSON manipulation attacks in Ruby on Rails, emphasizing the need for thorough testing of middleware that processes JSON input.

Deep dives

Curious Cookie Behavior in Safari

A unique issue with Safari’s handling of cookies was revealed, wherein setting a cookie with a specific value causes it to be truncated at spaces. This peculiarity raises questions about underlying processes that might be at play, such as whether the browser is eliminating spaces around commas. It suggests an area for further research into cookie handling behaviors across different browsers. Understanding these quirks can provide insights into potential vulnerabilities and mitigations in web applications.

Intro

2min

Festive Security Insights

5min

Simplifying Technical Documentation with Docker and Micro Blogging

2min

Unpacking CSRF Vulnerabilities

4min

Unicode Vulnerabilities and Security Risks

20min

Exploiting Vulnerabilities with LLMs

7min

Exploring Cross-Site Leaks and Browser Security

3min

Exploring Hackbots and Bug Bounty Strategies

16min

Community Success Stories and New Software Announcement

2min

Episode 103: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph delve into the vulnerabilities associated with ANSI codes and large language models (LLMs), as well as talk through some new research and the value of micro-blogging in general.

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord!

We offer Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Check out our new SWAG store!

Join our Shift waitlist!

Today’s Sponsor - ThreatLocker. Check out their Elevation Control! https://www.criticalthinkingpodcast.io/tl-ec

Resources

_json Juggling Attack

Cross-Site POST Requests Without a Content-Type Header

Worst Fit

Orange Tsai on Worst Fit

Handling Cookies is a Minefield

Terminal DiLLMa

XS-Leaking flags with CSS: A CTFd 0day

Hacking Back the AI-Hacker