Critical Thinking - Bug Bounty Podcast

Episode 33: In this episode of Critical Thinking - Bug Bounty Podcast, we welcome Inti De Ceukelaire, a seasoned bug hunter known for his creative storytelling and impactful show-and-tell bugs…and let us tell you, his stories do not disappoint! From his bug bounty journey to some pretty wild hacks, Inti captivates us as only Inti can. We discuss the potential life-saving impact of bug bounty reports, especially in areas such as transportation and medical devices. We also cover hacker mentality, the benefits of objective-based challenges, and the need for collaboration and alignment within the bug bounty community. It’s a mesmerizing episode, so sit back and be swept away by Inti’s tales.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterToday’s Guest:https://twitter.com/securintiInti's Shopify Show-and-Tellhttps://hackerone.com/reports/1086108Hakluke's article on Bug Bounty Standardshttps://github.com/hakluke/bug-bounty-standardsResearching MissingNo Glitch in Pokemonhttps://youtu.be/p8OBktd42GIIntigritihttps://www.intigriti.com/Timestamps:(00:00:00) Introduction(00:03:01) Show-and-Tells and Storytelling in Live Hacking Events(00:08:30) Impact Assessment and the potential real-life significance of reporting vulnerabilities.(00:13:50) Ethical dilemmas, gaming the systems, and safe harbor.(00:23:30) Inti’s Hacking Journey(00:27:26) Hacker mentality, brainstorming, and goal-setting.(00:46:28) The benefit of mental resets, fresh perspectives, and ‘surprise collaboration’(00:52:55) Inti’s Story 1: CSS Injection bugs(01:06:20) Inti’s Story 2: The Ticket Trick(01:14:00) Inti’s Story 3: The Gotcha PasswordBug(01:18:30) Upcoming Intigriti Live Hacking Event

Topics discussed in this podcast include web race conditions, exploiting sub states in state machines, mismatched confirmation codes, a tool for enumerating Windows short names, hacking rewards programs, Mac-based authentication challenges, the sandwich attack for password reset endpoints, tight security measures, and finishing a real estate venture to focus on the podcast and bug bounty hunting.

Alex Chapman, a seasoned InfoSec hacker and bug bounty hunter, shares his hacking journey, the power of collaboration in bug bounty hunting, challenges of balancing hacking with other responsibilities, and the necessity of flexibility and taking breaks. They also discuss the distinction between full exploitation and proof of concept for RCE and crashes, managing time and notes in bug bounties, and exploring Perforce and testing with Python.

Renowned bug bounty hunter Shubs shares his journey from burgers to bugs and his love of collaboration. The podcast covers topics such as the art of debugging, ethics and economics of bug bounty hunting, the transition to Entrepreneur, and the evolution of Assetnote from a reconnaissance tool to enterprise security software suite.

In this episode, Assetnote engineer Sean Yeoh discusses the importance of message brokers, bottleneck prevention, and pursuing optimization. They also explore bug bounty tips, engineering quandaries, and DNS wildcards. The chapter descriptions cover building a signature scanner, starting with simple automation, evaluating and optimizing applications, the role of message brokers in bug bounty programs, networking in Kubernetes, and optimizing performance in PostgreSQL.

Episode 28: In this episode of Critical Thinking - Bug Bounty Podcast, the CSRF’s up, dude! We kick off with a debate about whether or not deep link vulns in mobile apps can be considered CSRF. We also talk browser extensions and tools like Hackbar, PwnFox, and JS Weasel, and Justin tries to invent a whole new vuln term. There’s plenty of good stuff here, so what are you waiting for? Jump on in!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterrez0's latest tiphttps://twitter.com/rez0__/status/168134822190014466019Hackbarhttps://addons.mozilla.org/en-US/firefox/addon/hackbartool/PwnFoxhttps://twitter.com/adrien_jeanneau/status/1681364665354289152JS Weaselhttps://www.jswzl.io/Charlie Eriksenhttps://twitter.com/CharlieEriksenLink to talk by Rojanhttps://twitter.com/uraniumhacker/status/1681381857383030785Bypassing GitHub's OAuth flowhttps://blog.teddykatz.com/2019/11/05/github-oauth-bypass.htmlGreat SameSite Confusionhttps://jub0bs.com/posts/2021-01-29-great-samesite-confusion/Check out Nahamsec's Channelhttps://www.youtube.com/c/nahamsecTimestamps:(0:01:45) The deep link debate(00:08:00) LHE and in-person interviews(00:09:25) SQLMAP and raw requests(00:11:11) Hackbar, PwnFox, and browser extensions(00:16:45) JS Weasel tool and its features(00:25:28) Rojan's Research and Public Talks(Start of main content)(00:28:36) Cross-Site Request Forgery (CSRF)(00:35:00) Bypassing GitHub's OAuth flow(00:45:00) A Small SameSite Story(00:48:50) CSRF Exploitation Techniques(01:07:15) CSRF Bug Stories(01:15:30) NahamSec and DEFCON

Episode 27: In this episode of Critical Thinking - Bug Bounty Podcast, we've switched places and now Joel is home while Justin is on the move. We break down seven esoteric web vulnerabilities, and talk Cookies, Config File Injections, Client-side path traversals and more. We also briefly discuss appliance hacking, new tools, and shout out some new talent in the hacking space. Don't miss this episode full of cool vulns, and experience Justin's vocal decline in real time.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterEncrypted Doesn't Mean Authenticated:https://blog.assetnote.io/2023/07/04/citrix-sharefile-rce/Tweet about headless chrome browserhttps://twitter.com/bhavukjain1/status/1678719047209484288?t=NWnZvwHTRMyH_lVC-uXe0g&s=19Shout out to new talent within the hacking spacehttps://twitter.com/haxrobhttps://twitter.com/atc1441Tweet about hacking Google Search Appliancehttps://twitter.com/orange_8361/status/1677378401957724160Bitquark releases shortscanhttps://twitter.com/bitquark/status/1677647450989838338Hacking Starbuckshttps://samcurry.net/hacking-starbucks/Justin's CookieJar Toolhttps://apps.rhynorater.dev/checkCookieJarOverflow.htmlHackTrickshttps://book.hacktricks.xyz/pentesting-web/hacking-with-cookies/cookie-jar-overflowXSLeakhttps://xsleaks.devTimestamps:(00:00:00) Introduction(00:04:00) Assetnote on ShareFile RCE(00:13:05) Headless Browsers(00:17:00) Hacker Content Creators(00:22:51) Appliance Hacking(00:30:31) Shortscan Release(Start of main content)(00:35:39) Config File Injection(00:44:00) Client-side Path Traversal(00:51:33) Cookie Bombing(00:58:00) Cookie Jar Overflow(01:03:50) XSLeak(01:10:49) UNC Path Injection(01:15:50) Impactful Link Hijack

In this episode of Critical Thinking - Bug Bounty Podcast, we're back with Joel, fresh (haha) off of back-to-back live hack events in London and Seoul. We compare the different vibes of each LHE, then we dive into the technical thick of it, and talk web browsers, XSS vectors, new tools, CVSS 4.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:______Hunting for NGINX alias traversals in the wildPortSwigger TweetSoroush's Follow-upTweet about magic math element<22 weird XSS behaviorLupin’s follow-upPatch diffingChanges to CVSS 4.0Ask FIRSTdotORG what's going onJsluiseJS import() behavior'JavaScript for Hackers'CSP Evaluator:Dom ClobberingHTML Injection Cheat SheetGareth Heyes website/game______Timestamps:(00:00:00) Introduction(00:04:10) LHE Vibes(00:07:45) "Hunting for NGINX alias traversals in the wild"(00:12:30) Payouts in BB programs(00:16:05) New XSS vectors and popovers(00:24:15) The "magical math element" in Firefox(00:27:15) LiveOverflow on HTML parsing quirks(00:32:10) Mr. Tux Racer, Woocommerce, and WordPress(00:40:00) Changes in the CVSS 4 draft spec(00:45:00) TomNomNom's new tool Jsluise(00:51:15) JavaScript's import function & "JavaScript for Hackers"(01:09:15) Prototype pollution & DOM clobbering(01:18:10) Base tags and CSS Games

Episode 25: In this episode of Critical Thinking - Bug Bounty Podcast we talk to Cosmin (@Inhibitor181), fresh off of winning his 2nd MVH! We chat about the time management and strategy of hacking Multi-Target LHEs, determining when to pivot, and how to find normalcy in bug bounty hunting and Live Hacking Events. We also touch on setting up Vuln Pipelines, creating mental models, and Cosmin's terrifying naming schemes. Don't miss this episode packed with both laughs and valuable insights for beginners and seasoned bug bounty hunters alike.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterToday’s Guest:https://twitter.com/inhibitor181Justin's weird episode with all the Dr. Suess Shithttps://rss.com/podcasts/ctbbpodcast/966055/?listen-on=trueTimestamps:(00:00:00) Introduction(00:02:52) MVH club and Multi-Target stragety (00:12:00) Deciding when to pivot(00:17:00) File Organization and 'unique' naming approaches(00:23:56) Staying up to date on features and updates(00:25:46) Hacking Sleep Habits(00:28:15) Finding 'Normal Life' in bug bounty and LHE(00:33:30) Vuln Pipelines, Wordlists, and full time bug bounty tips(00:44:15) Benefits of the Bug Bounty Community(00:47:45) Relationships with target companies and programs(00:53:15) Creating mental models(01:00:30) The Importance of writing good reports(01:04:30) How to choose what to hack

Episode 24: In this episode of Critical Thinking - Bug Bounty Podcast, we chat with Daniel Miessler and Rez0 about the emergence and potential of AI in hacking. We cover AI shortcuts and command line tools, AI in code analysis and the use of AI agents, and even brainstorm about the possible opportunities that integrating AI into hacking tools like Caido and Burp might present. Don't miss this episode packed with valuable insights and cutting-edge strategies for both beginners and seasoned bug bounty hunters alike.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterToday’s Guests:https://twitter.com/rez0__https://twitter.com/DanielMiesslerDaniel Miessler’s Unsupervised Learninghttps://danielmiessler.com/Simon Willison's Python Function Search Toolhttps://simonwillison.net/2023/Jun/18/symbex/oobabooga - web interface for modelshttps://github.com/oobabooga/text-generation-webuiState of GPThttps://karpathy.ai/stateofgpt.pdf AI Canarieshttps://danielmiessler.com/p/ai-agents-canaries GPT3.5https://community.openai.com/t/gpt-3-5-turbo-0613-function-calling-16k-context-window-and-lower-prices/263263 GPT Engineerhttps://github.com/AntonOsika/gpt-engineerTimestamps:(00:00:00) Introduction(00:05:40) Using AI for hacking: Developing hacking tools and workflow shortcuts(00:11:40) GPT Engineer and Small Developer for Security Vulnerability Mapping(00:22:40) The potential dangers of centralized vs. decentralized finance(00:24:10) Ethical hacking and circumventing ChatGPT restrictions(00:26:09) AI Agents, Reverse API, and Encoding/Decoding Tools(00:31:45) Limitations of AI in context window and processing large JavaScript files(00:36:50) Meta-prompter: Enhancing prompts for accurate responses from GPT(00:41:00) GPT-35 and the new 616K context model(45:08) Creating a loader for Burp Suite files or Caido instances(00:54:02) Hacking AI Features: Best Practices(01:00:00) AI plugin takeover and the need for verification of third-party plugins and tools