Critical Thinking - Bug Bounty Podcast

Episode 57: Technical breakdown from Miami Hacking Event - H1-305

Feb 8, 2024

Justin and Joel discuss client-side routing and path traversal bugs, challenges of cutting losses, and importance of time tracking. They explore OAuth vulnerabilities, hacking competition strategies, and the significance of setting clear goals. The podcast also touches on web element vulnerabilities in HTML5 and the technical breakdown from a Miami hacking event.

32:34

Creator website

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Importance of client-side routing and path traversal in bug classes.

Knowing when to cut losses in bug hunting and tracking time for setting goals.

Deep dives

Focus on Client-Side Bugs and Routing Issues

The episode delves into the significance of client-side bugs and routing challenges faced during a live hacking event. It emphasizes the growing importance of paying attention to client-side routing, suggesting that client-side path traversal will be a prevalent bug class in the future. The discussion also highlights the potential risks of client-side path traversals when combined with open redirects and manipulating content being placed in applications.

Introduction

2min

Navigating Complex Browser Security and Hacking Competitions

8min

Technical Challenges and Collaborative Reflections

13min

Relocation, Reflections on Chaos, and Authentication Vulnerabilities in Large Companies

2min

Exploiting Bugs with Application Understanding

4min

Exploring Vulnerabilities in Web Elements Within HTML5

4min

Episode 57: In this episode of Critical Thinking - Bug Bounty Podcast, Justin and Joel are live from Miami, and recap their experience and share takeaways from the live hacking event. They highlight the importance of paying attention to client-side routing and the growing bug class of client-side path traversal. They also discuss the challenges of knowing when to cut your losses and the value of tracking time and setting goals.

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Timestamps:

(00:00:00) Introduction

(00:03:50) Miami LHE Recap and Takeaways

(00:05:57) Keeping time and cutting losses.

(00:19:07) Roles and Goals

(00:23:33) OAuth

(00:28:52) HTML5 image to img Tip

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

Critical Thinking - Bug Bounty Podcast

Episode 57: Technical breakdown from Miami Hacking Event - H1-305

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Focus on Client-Side Bugs and Routing Issues

Knowing When to Cut Losses in Bug Bounty Hunting

Intimate Understanding of Application Flows and Auth

Exploration of HTML5 Spec Anecdotes

Remember Everything You Learn from Podcasts