Critical Thinking - Bug Bounty Podcast

Episode 49: Getting Live Hacking Event Invites & Bug Bounty Collab with Nagli

Dec 14, 2023

Nagli, cybersecurity expert and bug bounty hunter, joins Justin Gardner to discuss recent hacking discoveries. They explore finding and exploiting a backup file, vulnerabilities through Swagger files, and debate an 'undisclosed' domain. They reflect on the Live Hacking Event circuit in 2023 and preview what's to come in 2024. They also share strategies for getting invited to live hacking events and discuss their experience at previous events.

51:33

Creator website

Episode guests

Nagli

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Live hacking events offer opportunities for hackers to collaborate, showcase skills, and earn significant bug bounties.

Maintaining motivation for bug bounties outside of live hacking events can be challenging due to the lack of external factors like competition and recognition.

Deep dives

The Ambassador World Cup provided new opportunities for hackers to attend live hacking events

The Ambassador World Cup allowed more hackers to attend live hacking events and provided opportunities for them to showcase their skills. The competition was fierce, with teams battling it out to secure a spot in the finals. The top teams competed on the same target, adding an extra level of challenge. Bug bounties were paid out promptly, adding to the excitement of the event.

Introduction

2min

Exploring Exposed Source Code and the Importance of Speed

7min

Bug Reporting and Source Code Disclosure

14min

Bug Bounties, Rewriting Exploits, and Live Hacking Events

4min

Live Hacking Event Experience

7min

Finding a Vulnerability in Dab-Dab and Skylido

1min

Strategies for Getting Invited to Live Hacking Events

17min

Episode 49: In this episode of Critical Thinking - Bug Bounty Podcast, Justin Gardner is once again joined by Nagli to discuss some of their recent hacking discoveries. They talk about finding and exploiting a backup file in an ASP.NET app, discovering vulnerabilities through Swagger files, and debating the vulnerability of a specific ‘undisclosed’ domain. Then they reflect on 2023’s Live Hacking Event circuit, and preview what’s to come in 2024’s.

This episode sponsored by Wordfence! Wordfence recently launched a game-changer of a bug bounty program with ALL WordPress plugins over 50k installs are in-scope. They are currently paying 6.25x their normal bounty amounts, and have agreed to give CT listeners a 10% bonus on top of that! If you wanna pop some crits and see those bounties roll in, head over to https://ctbb.show/wf for more info and keep an eye on the CTBB Discord for inspiration/collabs.

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Today’s Guest

Episode Resources:

Shockwave

Why So Serial

New LHE Standards Dropped

Timestamps:

(00:00:00) Introduction

(00:02:37) wwwroot .zip Hack Recap

(00:13:44) Swagger File Hack Recap

(00:18:27) Undisclosed URL Hack Recap

(00:24:29) 2023 LHE Circut Recap

(00:37:14) 2024 LHE Preview and New Standards