Critical Thinking - Bug Bounty Podcast

Episode 107: Bypassing Cross-Origin Browser Headers

Jan 23, 2025
Dive into the world of cybersecurity as the hosts discuss the intricacies of cross-origin security headers and share insights from their experiences. Discover vulnerabilities in Google's OAuth system and learn about gift card hacking exploits. Explore the importance of teaching kids about tech through fun anecdotes and the role of community in supporting innovative research. With a new co-host and engaging discussions on AI in security, this episode is packed with information for both tech lovers and aspiring hackers alike!
Ask episode
AI Snips
Chapters
Transcript
Episode notes
ANECDOTE

Bug Hunting Daughters' Discovery

  • Dustin Kirkland shared a story of his two daughters finding bugs in Google's parental control features.
  • They responsibly disclosed the bugs and were rewarded, inspiring early ethical hacking experiences.
ADVICE

Enable Research Grants for Pen Tests

  • Enable research grants on Google bug hunters profile to get paid flat fees plus bounties for pen tests.
  • Actively check platforms like HackerOne and Bugcrowd for pen tests with combined payouts.
INSIGHT

OAuth Domain Reuse Risks

  • OAuth login flaws include reusing domains of defunct startups to access accounts via SSO.
  • Registering expired domains can lead to significant privilege escalation in third-party systems.
Get the Snipd Podcast app to discover more snips from this episode
Get the app