Critical Thinking - Bug Bounty Podcast

Episode 18: In this episode of Critical Thinking - Bug Bounty Podcast, we dive into everything source-code related: how to get source-code and what to do with it once you have. This episode is packed with great examples of successful source code review, tips on how to review code yourself, and the tools you'll need along the way.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterCrossing the KASM:https://www.youtube.com/watch?v=NwMY1umhpggPWNAssistant by Elttam:https://www.elttam.com/blog/pwnassistant/#contentAndre's Git Arbitrary Configuration Injection:https://blog.ethiack.com/en/blog/git-arbitrary-configuration-injection-cve-2023-29007Jub0b's a Smorgasbord of a Bug Chain:https://jub0bs.com/posts/2023-05-05-smorgasbord-of-a-bug-chain/Ankur Sundara's Cookie Bugs - Smuggling & Injection:https://twitter.com/ankursundara/status/1654556463703134208?t=7nTUSszPB6fS3MkATzxpaQ&s=19James Kettle's Notes on Novel Pathways to Poisoning (cool quirks in here):https://twitter.com/albinowax/status/1654767919690031106?t=vbVEOML5_QnWByi0m8Nv4A&s=19Ignore Irrelevant Scripts During Debugging by Johan Carlsson:https://twitter.com/joaxcar/status/1653787336105156616Every known way to get references to windows:https://bluepnume.medium.com/every-known-way-to-get-references-to-windows-in-javascript-223778bede2dVS Code Todo Highlight:https://marketplace.visualstudio.com/items?itemName=wayou.vscode-todo-highlightVS Code:https://code.visualstudio.com/

Episode 17: In this episode of Critical Thinking - Bug Bounty Podcast we talk with five legendary hackers about some of their favorite bugs. Live. From LA.Corben Leo “Lorben CEO” @hacker_Sam “ZLZ” “ZOZL” “The King” Curry @samwcyoFrans “The Legend” Rosen @fransrosenJonathan “Doc” Bouman @JonathanBoumanNagli…NagliNagli @naglinagliShoutout to Jonathan Bouman’s Mom!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterFOLLOW OUR LINKEDIN ACCOUNT FOR NAGLI:https://www.linkedin.com/company/ctbbpodcastSam Curry’s shoutout - Ian Carrol’s Seats.Aero: https://seats.aero/

Episode 16: In this episode of Critical Thinking - Bug Bounty Podcast we talk about the hacker’s toolkit. Joel and Justin talk about their VPS setup, go-to hacking tools, most often used Linux commands, and the ways they duct tape all of these together for the big hacks.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on Twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterOur Boi @rez0__ Dropping Some AI Hackz:https://twitter.com/rez0__/status/1648685943539245056?s=20LiveOverflow Prompt Injection:https://www.youtube.com/watch?v=Sv5OLj2nVAQJoel’s Private Network Solution:https://www.zerotier.com/Stok & Tomnomnom on Vim/Bash:https://www.youtube.com/watch?v=l8iXMgk2nnYLatest GhostScript RCE:https://offsec.almond.consulting/ghostscript-cve-2023-28879.htmlIntigriti CSRF Basics & Jub0b's Legendary SameSite Article:https://twitter.com/intigriti/status/1646104705561403398https://jub0bs.com/posts/2021-01-29-great-samesite-confusion/Nahamcon:http://nahamcon.com/Pentah0wnage:https://research.aurainfosec.io/pentest/pentah0wnage/DNSChef:https://github.com/iphelix/dnschefHttpx:https://github.com/projectdiscovery/httpxEspanso:https://espanso.org/GoWitness:https://github.com/sensepost/gowitness

Episode 15: In this episode of Critical Thinking - Bug Bounty Podcast we talk with the latest Million-Dollar bug bounty hunter: @naglinagli . He talks about his climb from $1,000 in bounties to $1,000,000, recon tips and tricks, and some bug reports that made the news and landed him the "Best Bug" award at a H1 Live Hacking event.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterFollow Nagli and his new startup Shockwave:https://twitter.com/naglinaglihttps://twitter.com/shockwave_secHackMD Collaborative Notes:https://hackmd.io/Ian Carroll's Airline Miles Website:https://seats.aeroNagli's Tweet in ChatGPT Web Cache Deception:https://twitter.com/naglinagli/status/1639343866313601024Timestamps:(00:00:00) Intro(00:04:40) Nagli’s Climb(00:05:40) What kind of vulns do you look for?(00:09:25) Working with other hackers(00:10:20) Bug Bounty Hunter’s Guild(00:12:35) Shockwave product(00:14:12) Outsourcing tool development(00:18:46) What got you started?(00:21:13) Manual hacking vs recon suite + LHE focus(00:25:00) How do you take notes(00:29:42) Biggest things that you’ve learned over the past 2 years(00:31:29) How do you ingest new techniques?(00:31:50) Collaboration(00:37:20) Justin Ranting about “Trained Eyes”(00:40:18) Time spent coding vs hacking(00:45:28) Travel and spending habits(00:54:16) Grep is Nagli’s database(00:56:20) Nagli’s ChatGPT Web Cache Deception(00:58:44) What does your alerting look like?(01:01:50) Nagli’s “Most Critical” SSRF(01:04:30) Burp Active Scan

Episode 14: In this episode of Critical Thinking - Bug Bounty Podcast we talk about Dynamic Analysis within Mobile Hacking and a bunch of random hacker stuff. It's a good time. Enjoy the pod.Follow us on Twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on Twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterJoel’s Alternative to UberTooth One:https://www.amazon.com/Bluetooth-UD100-G03-Exchangeable-Bluesoleil-Microsoft/dp/B0161B5ATMD3monDev’s Burp VPS Plug-in:https://github.com/d3mondev/burp-vps-proxyFireProx:https://github.com/ustayready/fireproxJoel’s Universal SSL De-pinning Frida Script:https://gist.github.com/teknogeek/4dc35fb3801bd7f13e5f0da5b784c725Command-line Fuzzy Finder:https://github.com/junegunn/fzfJustin’s two article recommendations for using Frida:https://tinyurl.com/5n94d6ryhttps://tinyurl.com/yfy3n5f5Copy screen of physical device:https://tinyurl.com/ymdrscm5Flipper:https://flipperzero.one/BetterCap BLE Module:https://www.bettercap.org/modules/ble/Timestamps:(00:00:00) Intro(00:00:55) Hacker Chats(00:03:27) Podcast Content Commentary(00:04:09) SSRF Rebinding Error Confession(00:06:02) Flipper Zero(00:07:58) Bettercap BLE(00:09:36) Sena USB Bluetooth Adapter(00:12:41) Burp VPS Proxy Plugin(00:13:55) Fireprox(00:15:40) Dynamic Mobile Hacking(00:17:40) Dynamic Analysis Overview(00:18:18) Emulator Talk(00:24:29) Joel’s APK Analysis Flow(00:26:30) Cert Pinning(00:32:17) Joel’s SSL Cert Pinning Script(00:35:29) Hands-on look at Frida(00:50:11) Frida on Non-rooted Devices(00:58:22) Tracing Errors to Overwritable Functions(01:00:39) Native Libraries(01:09:18) GenyMobile Screen Mirroring Tool(01:11:50) Justin’s Report of the Day and Custom SSL Pinning(01:18:15) Joel’s First Ever Bug, Jailbreak Detection Bypass

Episode 13: In this episode of Critical Thinking - Bug Bounty Podcast we talk about how to determine if a bug bounty program is good or not from the policy page. We also cover some news including Acropalypse, ZDI's Pwn2Own Competition, Node's Request library's SSRF Bypass, and a new scanning tool by JHaddix. Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterJHaddix AWSScrape Tool:https://twitter.com/Jhaddix/status/1637140192728612865?s=20Acropalypse Links:https://twitter.com/ItsSimonTime/status/1636857478263750656https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.htmlhttps://twitter.com/David3141593/status/1638222624084951040https://twitter.com/David3141593/status/1638293029059477505SSRF Bypass in NodeJS:https://blog.doyensec.com/2023/03/16/ssrf-remediation-bypass.htmlZDI's Pwn2Own:https://twitter.com/thezdiKuzu7shiki's Awesome Pixiv Report:https://hackerone.com/reports/1861974https://twitter.com/kuzu7shikiSome of the Programs we talk about:https://hackerone.com/instacarthttps://hackerone.com/semrushhttps://hackerone.com/yahoohttps://hackerone.com/paypal

Episode 12: In this episode of Critical Thinking - Bug Bounty Podcast we talk with Jason Haddix about his eclectic hacking techniques, Hacker -> Hacker CISO life, and some crazy vulns he found. This episode is chock full of awesome tips so give it a good listen!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterFollow JHaddix on Twitter:https://twitter.com/jhaddixBuddoBot:https://buddobot.com/BC Hunt:https://github.com/bugcrowd/HUNT/blob/master/README.mdOne List For All:https://github.com/six2dez/OneListForAllAssetNote Wordlists:https://wordlists.assetnote.io/Backslash Powered Scanner:https://portswigger.net/bappstore/9cff8c55432a45808432e26dbb2b41d8Jason’s Handy Dandy Acronyms:SSWLR - Sensitive Secrets Were Leaked RecentlyStatusSizeWordsLinesResponse TimeCOTS Software - Common Off-The-Shelf Software

Episode 11: In this episode of Critical Thinking - Bug Bounty Podcast we talk about CVSS (the good, the bad, and the ugly), Web Cache Deception (an underrated vuln class) and a sick SSTI Joel and Fisher found.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterMDSec Outlook Vuln:https://twitter.com/MDSecLabs/status/1635791863478091778Jub0bs User-Existance Oracle Tweet:https://twitter.com/jub0bs/status/1633786349529513986James Kettle's Tweet About BB ID Header Standardization:https://twitter.com/albinowax/status/163595150679175577615K Snapchat Numeric IDOR:https://hackerone.com/reports/1819832Bug Bounty Reports Explained:https://www.bugbountyexplained.com/CVSS Calculator:https://nvd.nist.gov/vuln-metrics/cvss/v3-calculatorWeb Cache Deception Write-up:https://www.blackhat.com/docs/us-17/wednesday/us-17-Gil-Web-Cache-Deception-Attack.pdf

Episode 10: In this episode of Critical Thinking - Bug Bounty Podcast we talk about what its like to be a full-time bug bounty hunter, a tonne of bug bounty news, and some great report summaries from Justin’s two mentees: Kodai and Soma. Follow us on twitter at: https://twitter.com/ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterHackVertor https://portswigger.net/bappstore/65033cbd2c344fbabe57ac060b5dd100 Not_An_Aardvark (Teddy Katz) Blog: https://blog.teddykatz.com/ Tweets from PortSwigger Research:https://twitter.com/PortSwiggerRes/status/1632742844535324677https://twitter.com/PortSwiggerRes/status/1630221223874445314https://twitter.com/PortSwiggerRes/status/1629131380473970688HackerOne LHE Standards: https://www.hackerone.com/hackerone-community-blog/get-invited-how-live-hacking-event-invites-have-changed Rez0 Bug Bounty Tweet: https://twitter.com/rez0__/status/1553371602770960384?t=NCr_esHcEts9PrcjxIZ5uw&s=19Rojan’s Github Bug: https://twitter.com/uraniumhacker/status/1633199768263593984Goodbye Daily Swig: https://portswigger.net/daily-swig/were-going-teetotal-its-goodbye-to-the-daily-swig Gareth Heyes JavaScript for Hackers:https://leanpub.com/javascriptforhackers/

Episode 9: In this episode of Critical Thinking - Bug Bounty Podcast we talk about Headless Browser SSRF and drop a tool called RebindMultiA. Joel also walks us through a web3 bug and we cover some bug bounty news from the past week. As always, we drop some bug bounty tips and give you some attack vectors to think about.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Truffle Security End-To-End Encryption Video:https://www.youtube.com/watch?v=BBcZcoIZ1JcHackerOne World Cup:https://www.hackerone.com/hackers/brand-ambassador-programHackerOne World Cup Sign Up Form for USA:https://docs.google.com/forms/d/e/1FAIpQLSeRQpH2y0J-opxlsz8dPkvnIu8BqC_DA3CJe_eFhTFroPwdcg/viewformChatGPT API:https://openai.com/blog/introducing-chatgpt-and-whisper-apisMegachad RobertMD GitHub Issue:https://github.com/nccgroup/singularity/issues/2Justin’s RebindMultiA Tool:https://github.com/Rhynorater/rebindMultiABrandon Dorsey’s WhoNow Tool:https://github.com/brannondorsey/whonowNCC Group’s Singularity:https://github.com/nccgroup/singularityChromium Disclosed Bugs:https://chromium-disclosed-bugs.appspot.com/NahamSec Talk on Headless Browser SSRF:https://docs.google.com/presentation/d/1JdIjHHPsFSgLbaJcHmMkE904jmwPM4xdhEuwhy2ebvo/htmlpresenJonathan Bowman - LFI via <annotation>:https://medium.com/@jonathanbouman/local-file-inclusion-at-ikea-com-e695ed64d82fWASM Port Scanning:https://github.com/avilum/portsscanJack Halon - Chrome Browser Exploitation:https://twitter.com/jack_halon/status/1583957704930131968DNSChef:https://github.com/iphelix/dnschef