Ep 100 - 8 Fav Bugs of 2024, Farewell Joel, Hello Shift - Cursor of Hacking
Dec 5, 2024
auto_awesome
Join bug bounty experts Nagli, Shubs, Douglas Day, Alex Chapman, Nahamsec, and Rez0 as they share their favorite bugs of 2024. Nagli dives into a complex Azure DevOps vulnerability, while Shubs discusses pre-authentication exploits. Douglas reveals an account takeover lapse in a streaming service, and Alex describes a tricky XSS issue. Nahamsec highlights teamwork in a collaborative bug event, and Rez0 explains a server-side template injection in Shift AI. Celebrate a milestone while gaining insights into the wild world of ethical hacking!
The milestone 100th episode celebrated the podcast's journey with reflections and appreciation for the community's support and engagement.
One co-host announced their departure from the show, prioritizing personal passions while assuring listeners of continued podcast evolution.
Eight hackers shared their most impactful bugs of the year, showcasing diverse ingenuity and expertise within the cybersecurity community.
The introduction of the AI tool Shift aims to revolutionize hacking workflows by automating tasks and streamlining productivity for users.
Deep dives
Discovering a Critical Bug
A team member identified a critical bug that raised concerns about user accounts within an organization, prompting further investigation. This sparked an inquiry into the number of users in the system, leading to the discovery of over 200,000 accounts. The exploration aimed to find stale or dead accounts to understand the implications for security. This initial finding highlighted the potential scale and seriousness of the issue.
Inaugural Episode Celebrations and Giveaways
The episode marked the 100th episode milestone of the podcast, celebrating the journey and growth over the years. There was an intention to host giveaways, including prizes such as tools, swag, and premium subscriptions, which added excitement for the audience. Listeners were directed to enter the giveaways through an easy-to-access link. This milestone was a moment of reflection and gratitude toward the community for their support.
Team Changes and Personal Reflections
One of the co-hosts announced their decision to step back from the podcast due to personal reasons, emphasizing a desire to focus on individual passions and balance life responsibilities. They expressed gratitude for their time on the show, acknowledging the challenges of juggling a full-time job with podcasting. The dynamics of the show would evolve, but both hosts ensured listeners that the podcast would continue to thrive. The departing host plans to return as a guest in future episodes.
Highlighting Noteworthy Hacks
The episode featured accounts from eight hackers sharing their most impactful bugs from the year, showcasing a variety of expertise and creativity within the community. One particularly notable bug involved exploiting cloud resources and retrieving sensitive data through clever techniques. The hackers discussed the challenges of finding and exploiting vulnerabilities, illustrating the intricate thought processes behind successful hacks. These shared experiences inspired listeners and served as a learning opportunity for up-and-coming hackers.
Innovative Use of JavaScript
A contributing hacker detailed an intricate approach involving JavaScript to circumvent security through a denial of service vector. They leveraged specific functionality within a web application to prompt unexpected behaviors that could lead to critical exploitation. This involved creative thinking about how to manipulate requests and responses between different components of an application. The discussion highlighted the importance of understanding underlying technologies in effective cybersecurity practices.
Shift AI Plugin Introduction
The hosts introduced an innovative AI plugin for Kaido called Shift, designed to enhance the workflow for hackers by integrating AI capabilities into their tools. Features include the ability to automate HTTP requests and intelligently formulate responses based on user input. The aim is to streamline the hacking process and reduce the time spent on repetitive tasks. Feedback from beta users is crucial for further development and refinement of the tool.
Features and Expectations of the Beta Rollout
Listeners learned about the various features of the Shift plugin, including memory capabilities for storing relevant data and renaming functionality for replay tabs based on user-defined criteria. The aim is to create a seamless integration of tools that enhances productivity and organization within hacking workflows. Participants in the beta will have the opportunity to provide feedback, ensuring the product meets community needs. The anticipation for a broader rollout emphasizes the show's commitment to fostering innovation in cybersecurity practices.
Episode 100: In this episode of Critical Thinking - Bug Bounty Podcast we have a mixed bag. We celebrate 100 episodes of Critical Thinking, but also bid farewell to Joel, who will be leaving the show as a co-host, but returning as guest. Then we hear from a bunch of friends about their 'best bug of the year', before capping the episode with the announcement of a new AI tool we've been working on!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
