Critical Thinking - Bug Bounty Podcast

Episode 90: 5k Clickjacking, Encryption Oracles, and Cursor for PoCs

Sep 26, 2024

Tune in for some hilarious tales from the coding world, including food expense reports linked to an app development tool. Discover the intricacies of exploiting a major clickjacking vulnerability in Google Docs. They also dive deep into the alarming ease of hijacking Telegram accounts in seconds. Alongside debates on AI coding tools and SQL injections, the podcast highlights the gaming spirit in ethical hacking and introduces a new merch store for fans. It's a blend of tech insights and lighthearted banter that you won't want to miss!

51:42

Creator website

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Cursor is a tool that aids in generating proof of concept exploits, though its effectiveness varies based on user needs.

Anticipated changes in AirPods aim to enhance communication quality during calls by maintaining higher audio quality with simultaneous microphone use.

The competitive environment of bug bounties fosters collaboration among ethical hackers, encouraging continuous learning and discovery of vulnerabilities.

Deep dives

Using Cursor for App Development

Cursor is highlighted as a tool that can assist in writing an app, though personal experiences with it vary significantly based on user needs. One user found it particularly useful for generating proof of concept (POC) exploits, allowing for quick modifications to code when working with languages like HTML, CSS, and JavaScript, which are common in web development. However, some users believe the initial hype surrounding Cursor could be misleading, particularly when it comes to more complex application development where context is crucial. Issues noted involve the AI not maintaining code context or making unnecessary changes, leading developers to revert to manual coding after initial experimentation.

Intro

2min

Time Zones and Tech Talks

8min

Frustrations of Duping and Exciting Swag Store Launch

4min

Exploring the Capabilities and Limitations of AI-Driven Coding Tools

5min

Navigating Web App Development and Bug Bounty Programs

5min

Exploring AI Models and Security Vulnerabilities

15min

Navigating the New Kaido Plugin Ecosystem

5min

Exploiting Google Docs: Clickjacking Vulnerabilities

5min

Exploiting Security Vulnerabilities in Telegram

3min

Episode 90: In this episode of Critical Thinking - Bug Bounty Podcast Joel and Justin recap some of their recent hacking ups and downs and have a lively chat about Cursor. Then they cover some some research about SQL Injections, Clickjacking in Google Docs, and how to steal your Telegram account in 10 seconds.

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Find the Hackernotes: https://blog.criticalthinkingpodcast.io/

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Shop our new swag store at ctbb.show/swag

Today’s Sponsor: Project Discovery - tldfinder: https://www.criticalthinkingpodcast.io/tldfinder

Resources:

Breaking Down Barriers: Exploiting Pre-Auth SQL Injection in WhatsUp Gold

Content-Type that can be used for XSS

Clickjacking Bug in Google Docs

Justin's Gadget Link

https://www.youtube.com/signin?next=https%3A%2F%2Faccounts.youtube.com%2Faccounts%2FSetSID%3Fcontinue%3Dhttps%3A%2F%2Fwww.google.com%252Famp%252fpoc.rhynorater.com

Stealing your Telegram account in 10 seconds flat

Timestamps

(00:00:00) Introduction

(00:08:28) Recent Hacks and Dupes

(00:14:00) Cursor

(00:25:02) Exploiting Pre-Auth SQL Injection in WhatsUp Gold

(00:34:17) Content-Type that can be used for XSS

(00:40:25) Caido updates

(00:43:14) Clickjacking in Google Docs, and Stealing Telegram account

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Critical Thinking - Bug Bounty Podcast

Episode 90: 5k Clickjacking, Encryption Oracles, and Cursor for PoCs

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Using Cursor for App Development

AirPods Communication Quality Improvements

Ethical Hacking Perspective on Road Rage

Bug Bounty Experiences and Shared Knowledge

Emerging Threats from Clickjacking and Google Drive

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

Critical Thinking - Bug Bounty Podcast

Episode 90: 5k Clickjacking, Encryption Oracles, and Cursor for PoCs

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Using Cursor for App Development

AirPods Communication Quality Improvements

Ethical Hacking Perspective on Road Rage

Bug Bounty Experiences and Shared Knowledge

Emerging Threats from Clickjacking and Google Drive

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights