Critical Thinking - Bug Bounty Podcast Episode 50: Mathias "Fall in a well" Karlsson - Bug Bounty Prophet
Dec 21, 2023
Hacking master Mathias Karlsson discusses burnout, collaboration, and specialization in bug bounty. They dive into technical details of MXSS and XSLT, character encoding, and predict the future of bug bounty. They also talk about the importance of finding insecure defaults, the beauty of simple code, and the benefits of sharing research. The evolution of bug bounty programs and the rise of bug bounty budgets are explored. Techniques for bypassing Web Application Firewalls and the importance of persistence in bug bounty programs are discussed.
Chapters
Transcript
Episode notes
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
Introduction
00:00 • 2min
Dealing with Burnout and Personal Issues
02:21 • 2min
Bug Bounty: A Lucrative Revenue Stream
04:14 • 5min
Finding Insecure Defaults and the Demise of Asset Note
09:37 • 4min
The Beauty of Simple Code and the Struggle with Complexity
13:16 • 2min
Underrated tip for bug bounty hunting with headless browsers
15:20 • 2min
Benefits of Sharing Research
17:16 • 4min
Bug Bounty Programs Evolution
20:50 • 20min
Building and Automating in the Old School Hacking Community
40:41 • 4min
Reminiscing about a Friend and Discussing Visual Studio Code and Docker
44:24 • 2min
Coding Tools and Scanner Application Demo
46:14 • 18min
The Rise of Bug Bounty Programs
01:04:11 • 14min
Length, Positive Feedback, and Nerd Sniping
01:18:12 • 14min
Mutation XSS and its Impact
01:31:54 • 13min
Byte Order Mark and Encoding Bugs
01:45:08 • 13min
Bypassing Web Application Firewalls
01:58:06 • 14min
Bug Bounty Programs and the Importance of Persistence
02:11:54 • 11min
Discussion on Content Type Redefinition and Research
02:22:54 • 2min