Critical Thinking - Bug Bounty Podcast Episode 77: Bug Bounty Mental - Practical Tips for Staying Sharp & Motivated
Jun 27, 2024
Explore MongoDB NoSQL injection challenges and practical bug hunting tips. Uncover security vulnerabilities in Kakao Chat app and iOS authentication processes. Learn about time-based token risks and hacking car diagnostic ports. Discover the impact of gluten on focus and energy levels. Get insights on meal preparation, managing caloric intake, and optimizing well-being for bug hunters. Understand the importance of setting realistic goals and navigating job changes.
AI Snips
Chapters
Transcript
Episode notes
MongoDB Scalability Issues
- MongoDB, despite being advertised as "web scale," may not handle high write volumes efficiently.
- Justin's recon system, using MongoDB, faced scaling issues due to continuous data updates.
Time-Based Secret Vulnerabilities
- Be wary of systems using predictable time-based secrets for things like password resets.
- Tools like "Reset Tolkien" can exploit these vulnerabilities by guessing tokens based on timestamps.
Testing Mobile OAuth
- Mobile OAuth vulnerabilities often arise from simple issues like setting auth tokens on every request.
- Test for this by setting document.location to an attacker URL and checking for leaked tokens in requests.