Critical Thinking - Bug Bounty Podcast

Episode 23: In this episode of Critical Thinking - Bug Bounty Podcast, we delve into a different aspect of hardware - Our personal loadouts. We go through the equipment and gear we use to get our jobs done, and share stories about why we picked what we have. We also touch on live hacking events, the growing acceptance of white hat hacking, and some pretty cool news going on in the hacker world. Don't miss this episode packed with tips and strategies for both beginners and seasoned hackers alike!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterBlog post on hacking root EPP servershttps://hackcompute.com/hacking-epp-servers/Behind this Website:https://github.com/jonkeegan/behind-this-websiteTweet about vRealize Network Insight: https://summoning.team/blog/vmware-vrealize-network-insight-rce-cve-2023-20887/Zoom's new vulnerability impact scoring system:https://viss.zoom.com/specificationsUplift Deskshttps://www.upliftdesk.com/Synergyhttps://symless.com/synergyAhnestly chair reviews:https://www.youtube.com/c/AhnestlyOur producer’s new audio drama ‘Homicide at Heavensgate’https://link.sentinelstudios.net/homicideTimestamps:(00:00:00) Introduction(00:02:28) Navigating hacking events and imposter syndrome(00:06:30) Blog post on hacking root EPP servers(00:10:01) The growing acceptance of white-hat hacking(00:12:25) Finding Website Owners and Contact Information(00:16:45) VMware vRealize Network Insight CVEs and nginx reverse proxy bypass(00:21:30) Zoom's new vulnerability impact scoring system(00:27:24) The Importance of Analyzing Systemic Problems in Black Box Testing(00:30:40) Documentation, Vulnerable by Design, and acceptable risk(Start of main content)(00:34:37) Leveling up your Hacker Setup(00:37:13) The Importance of your body(00:41:30) Investing in ergonomic equipment for computer work(00:42:27) Standing Desks: Uplift Desk and DIY standing desk options(00:46:00) Portable Tables: Flexible Workspace Solutions(00:47:30) Monitor Setup(00:54:40) Synergy: One keyboard and mouse across multiple devices(00:57:20) Capture Card: Using it as a software display(00:58:58) Keyboards and mice(01:03:27) Using a Chromebook for lightweight hacking(01:08:57) Chair Reviews: The Niche World of High-End Chairs

Episode 22: In this episode of Critical Thinking - Bug Bounty Podcast we talk about some basic/intermediate concepts related to Hardware Hacking. Specifically, we dive into extracting data from eMMC chips in order to get our hands on source code for IoT devices. Don't miss this episode packed with valuable insights, tips, and strategies for beginners and seasoned bug bounty hunters alike!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterCheckout NahamCon:https://bit.ly/42vnpMSRiverLoop Security Write-up: https://bit.ly/3oSKL1oGood Chip-Off Write-up:https://bit.ly/3IWym3qScratching chips to expose pins:https://bit.ly/45Tj21ihttps://bit.ly/3oJJt8ZChat with Corben on Degrees: https://youtu.be/N9P5PUx-PNQ?t=2311Gareth Hayes Tweet:https://bit.ly/3qvFNYWHuntress - John Hammond - MoveIt Response:https://bit.ly/42vTTXvCritical Thinking Hardware Hacking Setup - See the gear we're talking about (Affiliate links): https://linke.to/hardwarehackingsetTimestamps:(00:00:00) Introduction(01:03) NahamCon's Live Hacking Event and Justin's Presentation on PCI DSS(02:40) Depreciation of Data URLs in SVG Use Element(04:55) Gareth Hayes and knowledge sharing in the hacking community(07:50) Move It vulnerability and and John Hammond’s epic 4 am rants(12:18) Identifying promising leads in bug bounty hunting, and knowing when to move on(Start of main content)(21:40) Hardware Recon, and using Test Pins to Access EMMC Chip(26:16) Identifying Chip Pinouts and Continuity Testing(29:01) Using Logic Analyzers for Hardware Hacking(33:01) Importance of Fundamental Knowledge in Hacking, and the benefits of understanding Electrical Engineering(35:46) Replay Protected Memory Block Protocol(40:00) Bug Bounty Programs and Hardware Testing Support(41:05) Chip Pulling techniques and Essential Equipment for Hardware Hacking(59:50) Tips for Buying Hardware Hacking Tools: Research and Specific Use Cases(01:06:35) Hardware Hacking: Just scratching the surface.(01:08:45) Vulnerability Disclaimer: Pulling OS from a chip does not constitute a Vulnerability.

In this episode of Critical Thinking - Bug Bounty Podcast, we chat with Corben Leo about his journey in bug bounty hunting and ethical hacking. We discuss the state of DNS rebinding in 2023, a Twitter thread by Douglas Day (@ArchAngelDDay) on one-hundred bug bounty rules, and our own unique approaches to bug hunting. We also discuss Corben's recon-focused bug hunting methodology and how he developed it. Don't miss this episode filled with valuable tips, insights, and Corben's Boring Mattress Company.Follow us on twitter at: @ctbbpodcastGet on our newsletter for some exclusive content: https://www.criticalthinkingpodcast.io/subscribeWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterToday’s Guest:https://twitter.com/hacker_Article on the State of DNS Rebinding in 2023:https://research.nccgroup.com/2023/04/27/state-of-dns-rebinding-in-2023/See @ArchAngelDDay's twitter thread about 100 bug bounty rules:https://twitter.com/ArchAngelDDay/status/1661924038875435008Talkback - Cybersecurity news aggregator:https://talkback.sh/PyPI announces mandatory 2FA:https://www.bleepingcomputer.com/news/security/pypi-announces-mandatory-use-of-2fa-for-all-software-publishers/Timestamps:(00:00:00) Introduction(01:05) State of DNS rebinding in 2023(04:40) 100 Bug Bounty Rules by @ArchAngelDDay(05:30) Give yourself a ‘no bug’ limit(07:00) The value of reporting Low and Medium Bugs for Bug Bounty Programs(11:15) Reporting Out of Scope Bugs(14:30) Reporting IDORs as Access Control Bugs(17:28) Talkback(18:12) PyPI's mandatory 2FA implementation for software publishers(Start of main content)(20:07) Starting out in bug bounty/ethical hacking(25:00) Hacking methodology and mentorship(28:15) Identifying Load Balancers(33:20) Triage and live events:(38:30) College and Computer Science vs. Cybersecurity(45:45) Importance of writing for the Hacker Community(51:21) Storytelling and report writing.(55:00) When to stop doing recon and start hacking(01:00:58) Lessons Learned from BreachlessAI and the pivot to Boring Mattress Co.

Episode 20: In this episode of Critical Thinking - Bug Bounty Podcast, we dive into the world of "hacker brain hacks'' and overcoming challenges in bug bounty hunting. We discuss custom word lists, the rising popularity of Caido as a potential Burp Suite replacement, and Cloudflared tunnels for hosting POCs. We also tackle the mental aspects of bug bounty hunting, from procrastination to imposter syndrome, and share tips for staying motivated and avoiding burnout. Don't miss this episode packed with valuable insights and advice for both beginners and seasoned bug bounty hunters!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterCaido:https://caido.ioTweet from D3mondev on Sequence Diagram:https://twitter.com/d3mondev/status/1660803152755453952Sequence diagram software:https://sequencediagram.orgTimestamps:(00:00:00) Introduction(00:02:36) "Sequence Diagram": Sequence mapping for PoCs(00:04:10) "SubReconGPT": AI and GPT in Bug Bounty Hacking(00:08:30) "Caido": A Potential Replacement for Burp Suite(00:11:34) HackerOne's New Features(00:13:00) Cloudflared Tunnels for Red Team Assessments and Payload Hosting(00:16:07) Mental challenges in Bug Bounty Hunting(00:17:50) Procrastination Education: Letting fear of failure drive you into always learning, never doing.(00:22:46) Analysis Paralysis: Starting with Bug Bounty Programs vs VDPs(00:27:07) Automation Obsession: "When you're hacking, hack. When you're automating, automate."(00:14:34) Imposter Syndrome: You may not be the best, but you're not the worst either.(00:31:55) Motivation Deprivation: Stay curious, and set tiered goals(00:36:07) Automation Obsession pt2: Do we need to say it again?(00:37:25) Reconnaissance Cognizance: Spending too much time on recon and not enough time on hacking(00:40:00) Bad Rabbit Holes, RIP Your Goals: Identifying good and bad rabbit holes(00:46:01) Set Your Goal Poles: Setting specific goals for yourself.(00:48:29) Impact Lacked: Fixating on something that's funky, but simply doesn’t really have impact(00:51:00) The Burn-out turn-out: Mending, maintenance, and finding identity and self-worth outside hacking(00:58:19) Responsibility Volatility: Balancing Responsibilities and Freedom as a Bug Bounty Hunter(01:00:30) Payout Phase-out: Don't stop once you've found one bug.(01:02:04) Report on URN Injection

Episode 19: In this episode of Critical Thinking - Bug Bounty Podcast we further discuss some tips and tricks for finding vulns once you’ve got source code and some banger tweets/tools that popped up in our feed this week. Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterPart 1:https://open.spotify.com/episode/2pdTaWHSzl9CY7PgRQtvTiNoperator’s Zip-Snip: https://twitter.com/noperator/status/1658313637189111808https://github.com/noperator/zip-sniphttps://noperator.dev/posts/zip-snip/Insecure’s SIP Bugs: https://twitter.com/ifsecure/status/1656591469518495745 AssetNote’s Sitecore Bugs: https://blog.assetnote.io/2023/05/10/sitecore-round-two/ Fyooer’s Shadow Clone: https://github.com/fyoorer/ShadowClone

Episode 18: In this episode of Critical Thinking - Bug Bounty Podcast, we dive into everything source-code related: how to get source-code and what to do with it once you have. This episode is packed with great examples of successful source code review, tips on how to review code yourself, and the tools you'll need along the way.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterCrossing the KASM:https://www.youtube.com/watch?v=NwMY1umhpggPWNAssistant by Elttam:https://www.elttam.com/blog/pwnassistant/#contentAndre's Git Arbitrary Configuration Injection:https://blog.ethiack.com/en/blog/git-arbitrary-configuration-injection-cve-2023-29007Jub0b's a Smorgasbord of a Bug Chain:https://jub0bs.com/posts/2023-05-05-smorgasbord-of-a-bug-chain/Ankur Sundara's Cookie Bugs - Smuggling & Injection:https://twitter.com/ankursundara/status/1654556463703134208?t=7nTUSszPB6fS3MkATzxpaQ&s=19James Kettle's Notes on Novel Pathways to Poisoning (cool quirks in here):https://twitter.com/albinowax/status/1654767919690031106?t=vbVEOML5_QnWByi0m8Nv4A&s=19Ignore Irrelevant Scripts During Debugging by Johan Carlsson:https://twitter.com/joaxcar/status/1653787336105156616Every known way to get references to windows:https://bluepnume.medium.com/every-known-way-to-get-references-to-windows-in-javascript-223778bede2dVS Code Todo Highlight:https://marketplace.visualstudio.com/items?itemName=wayou.vscode-todo-highlightVS Code:https://code.visualstudio.com/

Episode 17: In this episode of Critical Thinking - Bug Bounty Podcast we talk with five legendary hackers about some of their favorite bugs. Live. From LA.Corben Leo “Lorben CEO” @hacker_Sam “ZLZ” “ZOZL” “The King” Curry @samwcyoFrans “The Legend” Rosen @fransrosenJonathan “Doc” Bouman @JonathanBoumanNagli…NagliNagli @naglinagliShoutout to Jonathan Bouman’s Mom!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterFOLLOW OUR LINKEDIN ACCOUNT FOR NAGLI:https://www.linkedin.com/company/ctbbpodcastSam Curry’s shoutout - Ian Carrol’s Seats.Aero: https://seats.aero/

Episode 16: In this episode of Critical Thinking - Bug Bounty Podcast we talk about the hacker’s toolkit. Joel and Justin talk about their VPS setup, go-to hacking tools, most often used Linux commands, and the ways they duct tape all of these together for the big hacks.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on Twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterOur Boi @rez0__ Dropping Some AI Hackz:https://twitter.com/rez0__/status/1648685943539245056?s=20LiveOverflow Prompt Injection:https://www.youtube.com/watch?v=Sv5OLj2nVAQJoel’s Private Network Solution:https://www.zerotier.com/Stok & Tomnomnom on Vim/Bash:https://www.youtube.com/watch?v=l8iXMgk2nnYLatest GhostScript RCE:https://offsec.almond.consulting/ghostscript-cve-2023-28879.htmlIntigriti CSRF Basics & Jub0b's Legendary SameSite Article:https://twitter.com/intigriti/status/1646104705561403398https://jub0bs.com/posts/2021-01-29-great-samesite-confusion/Nahamcon:http://nahamcon.com/Pentah0wnage:https://research.aurainfosec.io/pentest/pentah0wnage/DNSChef:https://github.com/iphelix/dnschefHttpx:https://github.com/projectdiscovery/httpxEspanso:https://espanso.org/GoWitness:https://github.com/sensepost/gowitness

Episode 15: In this episode of Critical Thinking - Bug Bounty Podcast we talk with the latest Million-Dollar bug bounty hunter: @naglinagli . He talks about his climb from $1,000 in bounties to $1,000,000, recon tips and tricks, and some bug reports that made the news and landed him the "Best Bug" award at a H1 Live Hacking event.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterFollow Nagli and his new startup Shockwave:https://twitter.com/naglinaglihttps://twitter.com/shockwave_secHackMD Collaborative Notes:https://hackmd.io/Ian Carroll's Airline Miles Website:https://seats.aeroNagli's Tweet in ChatGPT Web Cache Deception:https://twitter.com/naglinagli/status/1639343866313601024Timestamps:(00:00:00) Intro(00:04:40) Nagli’s Climb(00:05:40) What kind of vulns do you look for?(00:09:25) Working with other hackers(00:10:20) Bug Bounty Hunter’s Guild(00:12:35) Shockwave product(00:14:12) Outsourcing tool development(00:18:46) What got you started?(00:21:13) Manual hacking vs recon suite + LHE focus(00:25:00) How do you take notes(00:29:42) Biggest things that you’ve learned over the past 2 years(00:31:29) How do you ingest new techniques?(00:31:50) Collaboration(00:37:20) Justin Ranting about “Trained Eyes”(00:40:18) Time spent coding vs hacking(00:45:28) Travel and spending habits(00:54:16) Grep is Nagli’s database(00:56:20) Nagli’s ChatGPT Web Cache Deception(00:58:44) What does your alerting look like?(01:01:50) Nagli’s “Most Critical” SSRF(01:04:30) Burp Active Scan

Episode 14: In this episode of Critical Thinking - Bug Bounty Podcast we talk about Dynamic Analysis within Mobile Hacking and a bunch of random hacker stuff. It's a good time. Enjoy the pod.Follow us on Twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on Twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterJoel’s Alternative to UberTooth One:https://www.amazon.com/Bluetooth-UD100-G03-Exchangeable-Bluesoleil-Microsoft/dp/B0161B5ATMD3monDev’s Burp VPS Plug-in:https://github.com/d3mondev/burp-vps-proxyFireProx:https://github.com/ustayready/fireproxJoel’s Universal SSL De-pinning Frida Script:https://gist.github.com/teknogeek/4dc35fb3801bd7f13e5f0da5b784c725Command-line Fuzzy Finder:https://github.com/junegunn/fzfJustin’s two article recommendations for using Frida:https://tinyurl.com/5n94d6ryhttps://tinyurl.com/yfy3n5f5Copy screen of physical device:https://tinyurl.com/ymdrscm5Flipper:https://flipperzero.one/BetterCap BLE Module:https://www.bettercap.org/modules/ble/Timestamps:(00:00:00) Intro(00:00:55) Hacker Chats(00:03:27) Podcast Content Commentary(00:04:09) SSRF Rebinding Error Confession(00:06:02) Flipper Zero(00:07:58) Bettercap BLE(00:09:36) Sena USB Bluetooth Adapter(00:12:41) Burp VPS Proxy Plugin(00:13:55) Fireprox(00:15:40) Dynamic Mobile Hacking(00:17:40) Dynamic Analysis Overview(00:18:18) Emulator Talk(00:24:29) Joel’s APK Analysis Flow(00:26:30) Cert Pinning(00:32:17) Joel’s SSL Cert Pinning Script(00:35:29) Hands-on look at Frida(00:50:11) Frida on Non-rooted Devices(00:58:22) Tracing Errors to Overwritable Functions(01:00:39) Native Libraries(01:09:18) GenyMobile Screen Mirroring Tool(01:11:50) Justin’s Report of the Day and Custom SSL Pinning(01:18:15) Joel’s First Ever Bug, Jailbreak Detection Bypass