Critical Thinking - Bug Bounty Podcast

Johan Carlsson, a dedicated bug bounty hunter, shares his journey transitioning to full-time bug hunting. He discusses the thrill of discovering vulnerabilities like a CSP bypass in GitHub and a critical flaw in GitLab. Johan highlights his focus on complex bug types like ReDoS and OAuth, emphasizing the unpredictability that accompanies bug hunting. He also offers insights into balancing personal life with his bug bounty career, navigating financial challenges, and the importance of community support in this unique profession.

Security researcher Mathias discusses HTMX vulnerabilities and bug bounty challenges like CSP bypass, XSS conversions, and HTMX disable bypasses. They also explore CDN-CGI functionality, CTF Challenge results, and the use of HTMX in larger applications with performance trade-offs.

Exploring the benefits of Vulnerability Disclosure Programs (VDPs) and the ongoing Program VS Hacker debate. Touching on leaderboard accuracy and financial support for talented individuals. Delving into bug bounty hunting challenges and governance of bug fixes and hacker compensation. Valuing research in bug bounty programs and the importance of immediate response in securing systems.

In this podcast, they discuss YesWeHack Louis Vuitton LHE, importance of failure in bug bounty, CDN CGI research, benefits of cold showers, Louis Vuitton live hacking event, bug bounty dominance, browser market share insights, OAuth flow vulnerabilities, Kaido workflows, Blink's features, DOM secrets, data attributes in frameworks.

Sam Curry, an ethical hacker, discusses pushing boundaries in bug bounty hunting, hacking Tesla, casinos, Starbucks, and getting detained at the airport. Topics include hacking ethics, bug bounty efficacy, collaboration, and secondary context bugs.

.NET Remoting exploitation, Dom Purify bypass, Cloudflare CDN-CGI endpoint, JavaScript deobfuscation, bug bounty collaboration, impactful POCs, hiding XSS payloads with URL updates

JHaddix, bug bounty hunting expert, discusses updates to The Bug Hunter's Methodology, threat intelligence, buying credentials from the dark web, new recon techniques, and integrating AI into workflows. The podcast touches on red teaming, FIS hunting, and personal hacking journey insights.

Exploring HTML quirks and bug bounty journeys, discussing the Yelp Cookie Bridge Bug and unique CSS exfiltration techniques. Delving into community engagement, bypassing authorization checks, and innovative CSS data extraction methods.

Guest Jasmin Landry shares stories about startup security, bug bounties, discovering OAuth-related bugs, and differences between structured learning and self-teaching. They walk through arbitrary ATO's, SSTI to RCE bugs, and emphasize the challenges and surprises in bug hunting.

Exploring top web hacking techniques of 2023 such as state machine smashing, NTLM token theft via Akamai servers, SMTP smuggling, PHP filter chains, HTTP request splitting, hacking Microsoft Teams, cookie manipulation, and EPP server takeovers. The hosts analyze and debate these advanced hacking methods with insightful commentary and practical examples.