Critical Thinking - Bug Bounty Podcast Episode 109: Creative Recon - Alternative Techniques
5 snips
Feb 6, 2025 Dive into the latest drama surrounding DeepSeek and the implications of AI in security measures like CAPTCHA and 2FA. Discover the challenges of AI training costs and the vulnerabilities linked to an AI database. Explore innovative vulnerability reporting techniques, highlighting 'report pointers' for credibility. Get insights into alternative reconnaissance methods in bug hunting, and learn how to uncover hidden assets and vulnerabilities using modern tools and AI. An exciting blend of technology and security awaits!
AI Snips
Chapters
Transcript
Episode notes
AI Models Shrink Under Load
- Load-dependent quantization reduces AI model size, making models less smart under heavy use.
- Smaller models become more vulnerable to prompt injections and jailbreaks during high load.
Inconsistent AI Exploit Replication
- Justin shared a frustrating experience where a crafted exploit worked repeatedly but failed during a team demo.
- This highlighted the inconsistency and unpredictability of AI exploit replicability.
Exploit Apache Tomcat Cookie Parsing
- Exploit Apache Tomcat's legacy cookie parsing mode triggered by $Version cookie to encapsulate HTTPOnly cookies.
- Use this "cookie sandwich" technique to extract or manipulate session tokens from JavaScript.