Critical Thinking - Bug Bounty Podcast

Episode 77: Bug Bounty Mental - Practical Tips for Staying Sharp & Motivated

Jun 27, 2024
Explore MongoDB NoSQL injection challenges and practical bug hunting tips. Uncover security vulnerabilities in Kakao Chat app and iOS authentication processes. Learn about time-based token risks and hacking car diagnostic ports. Discover the impact of gluten on focus and energy levels. Get insights on meal preparation, managing caloric intake, and optimizing well-being for bug hunters. Understand the importance of setting realistic goals and navigating job changes.
Ask episode
AI Snips
Chapters
Transcript
Episode notes
INSIGHT

MongoDB Scalability Issues

  • MongoDB, despite being advertised as "web scale," may not handle high write volumes efficiently.
  • Justin's recon system, using MongoDB, faced scaling issues due to continuous data updates.
ADVICE

Time-Based Secret Vulnerabilities

  • Be wary of systems using predictable time-based secrets for things like password resets.
  • Tools like "Reset Tolkien" can exploit these vulnerabilities by guessing tokens based on timestamps.
ADVICE

Testing Mobile OAuth

  • Mobile OAuth vulnerabilities often arise from simple issues like setting auth tokens on every request.
  • Test for this by setting document.location to an attacker URL and checking for leaked tokens in requests.
Get the Snipd Podcast app to discover more snips from this episode
Get the app