Critical Thinking - Bug Bounty Podcast

Episode 13: In this episode of Critical Thinking - Bug Bounty Podcast we talk about how to determine if a bug bounty program is good or not from the policy page. We also cover some news including Acropalypse, ZDI's Pwn2Own Competition, Node's Request library's SSRF Bypass, and a new scanning tool by JHaddix. Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterJHaddix AWSScrape Tool:https://twitter.com/Jhaddix/status/1637140192728612865?s=20Acropalypse Links:https://twitter.com/ItsSimonTime/status/1636857478263750656https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.htmlhttps://twitter.com/David3141593/status/1638222624084951040https://twitter.com/David3141593/status/1638293029059477505SSRF Bypass in NodeJS:https://blog.doyensec.com/2023/03/16/ssrf-remediation-bypass.htmlZDI's Pwn2Own:https://twitter.com/thezdiKuzu7shiki's Awesome Pixiv Report:https://hackerone.com/reports/1861974https://twitter.com/kuzu7shikiSome of the Programs we talk about:https://hackerone.com/instacarthttps://hackerone.com/semrushhttps://hackerone.com/yahoohttps://hackerone.com/paypal

Episode 12: In this episode of Critical Thinking - Bug Bounty Podcast we talk with Jason Haddix about his eclectic hacking techniques, Hacker -> Hacker CISO life, and some crazy vulns he found. This episode is chock full of awesome tips so give it a good listen!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterFollow JHaddix on Twitter:https://twitter.com/jhaddixBuddoBot:https://buddobot.com/BC Hunt:https://github.com/bugcrowd/HUNT/blob/master/README.mdOne List For All:https://github.com/six2dez/OneListForAllAssetNote Wordlists:https://wordlists.assetnote.io/Backslash Powered Scanner:https://portswigger.net/bappstore/9cff8c55432a45808432e26dbb2b41d8Jason’s Handy Dandy Acronyms:SSWLR - Sensitive Secrets Were Leaked RecentlyStatusSizeWordsLinesResponse TimeCOTS Software - Common Off-The-Shelf Software

Episode 11: In this episode of Critical Thinking - Bug Bounty Podcast we talk about CVSS (the good, the bad, and the ugly), Web Cache Deception (an underrated vuln class) and a sick SSTI Joel and Fisher found.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterMDSec Outlook Vuln:https://twitter.com/MDSecLabs/status/1635791863478091778Jub0bs User-Existance Oracle Tweet:https://twitter.com/jub0bs/status/1633786349529513986James Kettle's Tweet About BB ID Header Standardization:https://twitter.com/albinowax/status/163595150679175577615K Snapchat Numeric IDOR:https://hackerone.com/reports/1819832Bug Bounty Reports Explained:https://www.bugbountyexplained.com/CVSS Calculator:https://nvd.nist.gov/vuln-metrics/cvss/v3-calculatorWeb Cache Deception Write-up:https://www.blackhat.com/docs/us-17/wednesday/us-17-Gil-Web-Cache-Deception-Attack.pdf

Episode 10: In this episode of Critical Thinking - Bug Bounty Podcast we talk about what its like to be a full-time bug bounty hunter, a tonne of bug bounty news, and some great report summaries from Justin’s two mentees: Kodai and Soma. Follow us on twitter at: https://twitter.com/ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterHackVertor https://portswigger.net/bappstore/65033cbd2c344fbabe57ac060b5dd100 Not_An_Aardvark (Teddy Katz) Blog: https://blog.teddykatz.com/ Tweets from PortSwigger Research:https://twitter.com/PortSwiggerRes/status/1632742844535324677https://twitter.com/PortSwiggerRes/status/1630221223874445314https://twitter.com/PortSwiggerRes/status/1629131380473970688HackerOne LHE Standards: https://www.hackerone.com/hackerone-community-blog/get-invited-how-live-hacking-event-invites-have-changed Rez0 Bug Bounty Tweet: https://twitter.com/rez0__/status/1553371602770960384?t=NCr_esHcEts9PrcjxIZ5uw&s=19Rojan’s Github Bug: https://twitter.com/uraniumhacker/status/1633199768263593984Goodbye Daily Swig: https://portswigger.net/daily-swig/were-going-teetotal-its-goodbye-to-the-daily-swig Gareth Heyes JavaScript for Hackers:https://leanpub.com/javascriptforhackers/

Episode 9: In this episode of Critical Thinking - Bug Bounty Podcast we talk about Headless Browser SSRF and drop a tool called RebindMultiA. Joel also walks us through a web3 bug and we cover some bug bounty news from the past week. As always, we drop some bug bounty tips and give you some attack vectors to think about.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Truffle Security End-To-End Encryption Video:https://www.youtube.com/watch?v=BBcZcoIZ1JcHackerOne World Cup:https://www.hackerone.com/hackers/brand-ambassador-programHackerOne World Cup Sign Up Form for USA:https://docs.google.com/forms/d/e/1FAIpQLSeRQpH2y0J-opxlsz8dPkvnIu8BqC_DA3CJe_eFhTFroPwdcg/viewformChatGPT API:https://openai.com/blog/introducing-chatgpt-and-whisper-apisMegachad RobertMD GitHub Issue:https://github.com/nccgroup/singularity/issues/2Justin’s RebindMultiA Tool:https://github.com/Rhynorater/rebindMultiABrandon Dorsey’s WhoNow Tool:https://github.com/brannondorsey/whonowNCC Group’s Singularity:https://github.com/nccgroup/singularityChromium Disclosed Bugs:https://chromium-disclosed-bugs.appspot.com/NahamSec Talk on Headless Browser SSRF:https://docs.google.com/presentation/d/1JdIjHHPsFSgLbaJcHmMkE904jmwPM4xdhEuwhy2ebvo/htmlpresenJonathan Bowman - LFI via <annotation>:https://medium.com/@jonathanbouman/local-file-inclusion-at-ikea-com-e695ed64d82fWASM Port Scanning:https://github.com/avilum/portsscanJack Halon - Chrome Browser Exploitation:https://twitter.com/jack_halon/status/1583957704930131968DNSChef:https://github.com/iphelix/dnschef

Episode 8: In this episode of Critical Thinking - Bug Bounty Podcast we drop some critical bugs which leak raw credit card info. We also discuss some CSS Injection & PostMessage related techniques. It's a short one but a good one! Don't miss it!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterCSS Escape Blog Post:https://mathiasbynens.be/notes/css-escapesRez0’s blog on ChatGPT:https://rez0.blog/hacking/2023/02/21/hacking-with-chatgpt.htmlAll the ways to get a reference to a frame (shoutout to @wcbowling for the article):https://bluepnume.medium.com/every-known-way-to-get-references-to-windows-in-javascript-223778bede2dCSS Painting API:https://developer.mozilla.org/en-US/docs/Web/API/CSS_Painting_APIImport Chaining:https://d0nut.medium.com/better-exfiltration-via-html-injection-31c72a2dae8b

Episode 7: In this episode of Critical Thinking - Bug Bounty Podcast we talk about PortSwigger's Top 10 Web Hacking Techniques of 2022 (link below), some drama surrounding TruffleSecurity's XSS Hunter, and, as always, some great bug bounty tips.Sorry if the audio is a little rough around the edges this time, should be better than ever next time.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterPortSwigger's Top 10 Web Hacking Techniques of 2022:https://portswigger.net/research/top-10-web-hacking-techniques-of-2022Ian Carroll Cookie Monster:https://github.com/iangcarroll/cookiemonsterFrans Rosen's postMessage Tracker Chrome Extension:https://github.com/fransr/postMessage-trackerNotes from Justin on postMessages:https://rhynorater.github.io/postMessage-BraindumpFrans Rosen's research on nginx misconfiguration that are similar to #6:https://blog.detectify.com/2020/11/10/common-nginx-misconfigurations/"Mount" Wycheproof 😂:https://github.com/google/wycheproofhttps://en.wikipedia.org/wiki/Mount_WycheproofNathan Davison - Abusing Hop-by-Hop headers:https://nathandavison.com/blog/abusing-http-hop-by-hop-request-headersAwesome example of client-side path traversal:https://erasec.be/blog/client-side-path-manipulation/Joohoi Ffuf 2.0:https://infosec.exchange/@joohoi/109806822104162973FeroxBuster:https://github.com/epi052/feroxbuster

Episode 6: In this episode of Critical Thinking - Bug Bounty Podcast we sit down with mobile hacking legend Joel Margolis and get the scoop on his approach to popping bugs on Android.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterJoel’s HackerOne Android Hacking Introduction:https://t.ly/f87DAndroid Pixel Lock Screen Bypasshttps://t.ly/Q_qqExploiting Deeplink URLs:https://inesmartins.github.io/exploiting-deep-links-in-android-part1/index.htmlJoel’s get_schemas tool:https://github.com/teknogeek/get_schemasExample AndroidManfest.xml we referenced:https://t.ly/mcN1https://t.ly/ErVVAndroid docs for intent filters:https://developer.android.com/guide/components/intents-filters.htmlAndroid docs for “setAllowContentaccess”:https://t.ly/hXOZAndroid docs for “setAllowFileAccess”:https://developer.android.com/reference/android/webkit/WebSettings#setAllowFileAccess(boolean)Add JavaScript Interface to Webview:https://developer.android.com/reference/android/webkit/WebView#addJavascriptInterface(java.lang.Object,%20java.lang.String)Joel’s SSL Pinning Bypass:https://gist.github.com/teknogeek/4dc35fb3801bd7f13e5f0da5b784c725Google Chrome Docs for Intent URLs:https://developer.chrome.com/docs/multidevice/android/intents/#considerationsJoel’s Bug Bounty Report:https://hackerone.com/reports/423467

Episode 5: In this episode of Critical Thinking - Bug Bounty Podcast we talk about the new XSS Hunter, MD5 collisions and using ChatGPT for security, and much more!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterSave All Resources Chrome Extension: https://chrome.google.com/webstore/detail/save-all-resources/abpdnfjocnmdomablahdcfnoggeeiedb?hl=enCorben's AMA: https://twitter.com/hacker_/status/1620514351521366016Collisions repo: https://github.com/corkami/collisions

Episode 4: In this episode of Critical Thinking - Bug Bounty Podcast we have part two of our series on the H1-407 HackerOne Live Hacking Event. This time, we have a special guest SpaceRaccoon (@spaceraccoonsec) talking about techniques and takeaways from the event.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterSpaceraccoon’s blog:https://spaceraccoon.dev/Spaceraccoon’s twitter:https://twitter.com/spaceraccoonsecResponder (NTLM Hash harvesting tool):https://github.com/lgandx/ResponderThe malware reversing course Spaceraccoon recommended:https://courses.zero2auto.com/Offensive Security Exploit Development Courses:https://www.offensive-security.com/courses-and-certifications/