Critical Thinking - Bug Bounty Podcast

Episode 52: Best Technical Content from Year 1 of CTBB Podcast

Jan 4, 2024

The podcast highlights the best technical moments from the past year, including topics such as exploiting meta tags and base tags in HTML, client-side path traversal and cookie jar overflow, cross environment authentication bugs, the open-faced iframe sandwich, JS hoisting, Sean Yeoh on subdomains vs IP in recon, reversing enterprise software, building out a recon flow, hacking IIS servers, automating code review with JS Weasel and AI, post message vulnerabilities and listener tracking, hiding content from scrapers and XSLT transforms, exploring the Perforce version control system and testing methodologies, Python, reverse engineering, and bug bounties.

03:00:00

Creator website

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Exploiting XSS vulnerabilities using the iFrame sandwich technique in subdomains.

Using JS hoisting to modify content within an iFrame on a victim's domain.

The relevance of App Cache, Service Workers, and cookie stuffing in modern web security.

Utilizing JS Weasel and Clairvoyants together for efficient testing of GraphQL APIs.

The combination of CRLF injections and service workers for advanced remote code execution attacks.

Deep dives

Main Idea 1

The concept of an iFrame sandwich allows for exploiting XSS vulnerabilities in subdomains that are iFramed into the main domain.

Introduction

4min

Exploiting Meta Tags for Manipulation and Security

17min

Client Side Patch of Result Bug and Cookie Jar Overflow

15min

Cross Environment Authentication and Shared Secrets

14min

JS Hoisting and Exploiting Undefined Errors

11min

Asset Identification Challenges in Cloud-Native Apps

2min

The Trade-offs of Over-engineering in Bug Bounty Hunting

23min

Choosing a Programming Language, Data Sources, and Code Iteration

5min

Hacking IIS Servers: File and Folder Name Guessing, Shell Access, and XXE Payloads

9min

10.

Automating Code Review with JS Weasel and AI

25min

11.

Post Message Vulnerabilities and Listener Tracking

16min

12.

Building and Open-Sourcing a Parsing Function with Docker

2min

13.

Hiding Content from Scrapers and XSLT Transforms

28min

14.

Exploring the Perforce Version Control System and Testing Methodologies

1min

15.

Python, Reverse Engineering, and Bug Bounties

9min

Episode 52: In this episode of Critical Thinking - Bug Bounty Podcast we're going back and highlighting some of the best technical moments from the past year! Hope you enjoy this best of 2023 Supercut!

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Timestamps:

(00:00:00) Introduction

(00:02:55) Episode 26: Meta tags and base tags in HTML

(00:15:20) Episode 27: Client-side path traversal

(00:23:18) Episode 27: Cookie bombing + cookie jar overflow

(00:35:47) Episode 44: Cross environment authentication bugs

(00:43:17) Episode 47: The open-faced Iframe Sandwich

(00:50:19) Episode 47: js hoisting and classic Joel nerdsnipe

(00:58:28) Episode 29: Sean Yeoh on Subdomains vs IP in recon

(01:04:05) Episode 30: Shubs on reversing enterprise software

(01:24:58) Episode 30: Shubs on building out a recon flow

(01:29:36) Episode 30: Shubs on Hacking IIS Servers

(01:36:45) Episode 37: 0xLupin on smart JavaScript analysis tools

(01:45:42) Episode 45: Frans Rosen On App cache, Service workers cookie stuffing, and postMessage

(02:15:02) Episode 50: Mathias Karlsson on XSLT and MXSS

(02:39:26) Episode 27: Assetnote's sharefile RCE

(02:48:18) Episode 31: Perforce RCE

(02:53:48) Episode 48: Sam Erb's XSLT bug story

(02:58:47) Final thoughts and Special Thanks

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

Critical Thinking - Bug Bounty Podcast

Episode 52: Best Technical Content from Year 1 of CTBB Podcast

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Main Idea 1

Main Idea 2

Main Idea 3

Main Idea 4

App Cache, Service Workers, Cookie Stuffing, and Post Message

JS Weasel, Wordlist Generation, and Clairvoyants

CRLF Injections and Service Workers

AssetNote ShareFile RCE

XSLT Bug

Perforce RCE

Remember Everything You Learn from Podcasts