Critical Thinking - Bug Bounty Podcast Episode 124: Bug Bounty Lifestyle = Less Hacking Time?
26 snips
May 29, 2025 Join the hosts as they tackle the latest in bug bounty news, including Louis Vuitton's new program and a serious OpenPGP.js vulnerability. They share insights on balancing the flexibility of bug hunting with structured approaches for success. Discover the art of mentoring novices, advanced exploitation techniques, and the significance of automating cybersecurity efforts. Plus, hear about the transition to full-time bug bounty hunting and the joys it brings, along with reflections on personal achievements in the hacking journey.
AI Snips
Chapters
Transcript
Episode notes
Hands-On Bug Training Success
- Justin Gardner runs hacking training sessions for friends to help them learn bug bounty basics quickly.
- In one session, they found two real bugs right away, generating contagious excitement among participants.
Supabase ID Bypass Trick
- When testing Supabase-based apps, try using less than (LT) or greater than (GT) with UUIDs to find insecure data access.
- This exploits a quirk where UUIDs are treated as numeric values, leading to possible data leaks.
Click Detection in Iframes
- Detecting user clicks inside cross-origin iframes can be done by monitoring navigator.userActivation state.
- Consuming user activation via window.open and close resets state, allowing repeated detection.