Critical Thinking - Bug Bounty Podcast

Episode 107: Bypassing Cross-Origin Browser Headers

Jan 23, 2025

Dive into the world of cybersecurity as the hosts discuss the intricacies of cross-origin security headers and share insights from their experiences. Discover vulnerabilities in Google's OAuth system and learn about gift card hacking exploits. Explore the importance of teaching kids about tech through fun anecdotes and the role of community in supporting innovative research. With a new co-host and engaging discussions on AI in security, this episode is packed with information for both tech lovers and aspiring hackers alike!

01:06:17

Creator website

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

The crucial role of human oversight in cybersecurity incident response is emphasized, highlighting its importance alongside automated systems for effective management.

Engaging children in cybersecurity education can foster interest in technology and ethical hacking, as demonstrated through rewarding family-focused bug hunting experiences.

Recent research reveals vulnerabilities in cross-origin policies, indicating that traditional security measures may be inadequate against sophisticated web-based attacks.

Deep dives

Human Oversight in Cybersecurity

The necessity of human oversight in cybersecurity incident response is emphasized, particularly in high-stakes scenarios. While automated systems like ThreatLockerDetect can provide valuable logging and remediation tools, the human element remains crucial for effective incident management. A technique utilized by consultants included adjusting working hours to match the activity patterns of adversaries, highlighting the need for strategic thinking in cybersecurity practices. Furthermore, a new product offering, Cyber Hero Managed Detect and Response, promises continuous human monitoring to enhance network defense.

Intro

2min

Excitement Over New Beginnings and Fidget Innovations

2min

Balancing Achievements: Fitness and Tech

6min

Exploring AI and OAuth Vulnerabilities in Security

19min

Exploring Gift Card Vulnerabilities

4min

Navigating Cross-Origin Security

20min

Exploiting Service Workers and Web Headers

11min

Understanding Complex Concepts Through Different Learning Modalities

2min

Episode 107: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph are tackling the subject of cross-origin security headers. They also cover some news items including Google’s OAuth login flaw, RAINK, and gift card hacking.

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to https://x.com/realytcracker for the awesome intro music!

====== Links ======

Follow your hosts on Twitter:

https://x.com/Rhynorater

https://x.com/rez0__

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today’s Sponsor - ThreatLocker. Check out their Managed Detection and Response! https://www.criticalthinkingpodcast.io/tl-mdr

====== Resources ======

A Proud Dad's Tale of Two Bug Hunting Daughters and Their Responsible Disclosures

Google’s OAuth login flaw

Rez0's Ai tweet

Rez0's Follow-up

Raink from BishopFox

Gift cards security research

Top 10 web hacking techniques of 2024

Cross-Origin-Opener-Policy: preventing attacks from popups

====== Timestamps ======