Critical Thinking - Bug Bounty Podcast

Episode 69: Johan Carlsson - 3 Month Check-in on Full-time Bug Bounty.

May 2, 2024

Johan Carlsson, a dedicated bug bounty hunter, shares his journey transitioning to full-time bug hunting. He discusses the thrill of discovering vulnerabilities like a CSP bypass in GitHub and a critical flaw in GitLab. Johan highlights his focus on complex bug types like ReDoS and OAuth, emphasizing the unpredictability that accompanies bug hunting. He also offers insights into balancing personal life with his bug bounty career, navigating financial challenges, and the importance of community support in this unique profession.

01:49:04

Creator website

Episode guests

Johan Carlsson

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Johan Carlsson discusses his transition to full-time bug bounty hunting, emphasizing the blend of previous technical skills and newfound security focus.

He shares insights on identifying complex vulnerabilities, particularly a CSP bypass, highlighting the importance of understanding security policies in web applications.

Carlsson reflects on managing the financial aspects of bug hunting while balancing work and personal life, stressing the need for structured routines and clear income strategies.

Deep dives

Introduction to CSP Evaluator and Tools

The episode discusses the CSP Evaluator, a tool aimed at assessing the security posture of Content Security Policies. New features in Nuclei 3.2, particularly for authenticated scanning and advanced fuzzing support, are highlighted. Authenticated scanning streamlines the process by automatically managing login templates, which enhances coverage for penetration testing. Advanced fuzzing expands the potential to identify vulnerabilities by allowing fuzzing within various data structures, headers, and cookies.

Intro

2min

From Art to Ethical Hacking

15min

Exploiting Form Vulnerabilities and Hotwire Framework Insights

6min

Manipulating Web Technologies and Exploiting Vulnerabilities

12min

Unveiling Web Vulnerabilities

22min

Understanding Hacking Roles: Exploitation vs. Reconnaissance

2min

Unveiling CI/CD Vulnerabilities

10min

Celebrating Successes in Bug Bounty Hunting

2min

Navigating Framework Challenges and Full-time Bug Bounty Insights

3min

10.

Navigating Bug Bounty and Family Life

15min

11.

Navigating the Bug Bounty Lifestyle

18min

12.

Closing Reflections on Bug Bounty Collaboration

3min

Episode 69: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Johan Carlsson to hear about some updates on his bug hunting journey. We deep-dive a CSP bypass he found in GitHub, a critical he found in GitLab's pipeline, and also talk through his approach to using script gadgets and adapting to highly CSP'd environments. Then we talk about his transition to full-time bug hunting, including the goals he’s set, the successes and challenges, and his current focus on specific bug types like ReDoS and OAuth, and the serendipitous nature of bug hunting.

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Nuclei 3.2 Release: https://nux.gg/podcast

Today’s Guest:

https://twitter.com/joaxcar

https://joaxcar.com/blog/

Resources

Github CSP Bypass

https://gist.github.com/joaxcar/6e5a0a34127704f4ea9449f6ce3369fc

CSP Validator

https://cspvalidator.org/

Cross Window Forgery

https://www.paulosyibelo.com/2024/02/cross-window-forgery-web-attack-vector.html

Gitlab Crit

https://gist.github.com/joaxcar/9419b2df8778f26e9b02a741a8ec12f8

Timestamps

(00:00:00) Introduction

(00:09:34) Github CSP Bypass

(00:38:48) Script Gadgets and growth through Gitlab

(00:53:53) Gitlab pipeline bug

(01:12:32) Full-time Bug Bounty

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Critical Thinking - Bug Bounty Podcast

Episode 69: Johan Carlsson - 3 Month Check-in on Full-time Bug Bounty.

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Introduction to CSP Evaluator and Tools

Journey into Full-time Bug Bounty

Exploration of Complex Bugs

User Interaction as an Exploitation Mechanism

Income and Financial Management in Bug Bounty

Balancing Work-Life Dynamics

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

Critical Thinking - Bug Bounty Podcast

Episode 69: Johan Carlsson - 3 Month Check-in on Full-time Bug Bounty.

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Introduction to CSP Evaluator and Tools

Journey into Full-time Bug Bounty

Exploration of Complex Bugs

User Interaction as an Exploitation Mechanism

Income and Financial Management in Bug Bounty

Balancing Work-Life Dynamics

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights