Critical Thinking - Bug Bounty Podcast Ep 100 - 8 Fav Bugs of 2024, Farewell Joel, Hello Shift - Cursor of Hacking
6 snips
Dec 5, 2024 Join bug bounty experts Nagli, Shubs, Douglas Day, Alex Chapman, Nahamsec, and Rez0 as they share their favorite bugs of 2024. Nagli dives into a complex Azure DevOps vulnerability, while Shubs discusses pre-authentication exploits. Douglas reveals an account takeover lapse in a streaming service, and Alex describes a tricky XSS issue. Nahamsec highlights teamwork in a collaborative bug event, and Rez0 explains a server-side template injection in Shift AI. Celebrate a milestone while gaining insights into the wild world of ethical hacking!
AI Snips
Chapters
Transcript
Episode notes
Nagli's Cloud Pwn
- Nagli found a critical bug by chaining several vulnerabilities, including a leaked Azure DevOps bearer token.
- This allowed him to access the Azure AD, enumerate users, and find stale accounts with expired emails, eventually gaining access to an internal CRM application and achieving RCE.
Matt Brown's NTP Time Travel
- Matt Brown bypassed parental controls on an IoT device by spoofing NTP time data using a tool called DeLorean.
- This allowed him to trick the device into thinking it was daytime, bypassing bedtime restrictions and demonstrating a broader threat model applicable to smart locks.
Douglas Day's Event Takeover
- Douglas Day discovered an ATO vulnerability on a company's event broadcasting subdomain through a third-party streaming service.
- By exploiting an IDOR and changing the admin's email, he gained access to their organization and other sensitive information.