Critical Thinking - Bug Bounty Podcast

The podcast highlights the best technical moments from the past year, including topics such as exploiting meta tags and base tags in HTML, client-side path traversal and cookie jar overflow, cross environment authentication bugs, the open-faced iframe sandwich, JS hoisting, Sean Yeoh on subdomains vs IP in recon, reversing enterprise software, building out a recon flow, hacking IIS servers, automating code review with JS Weasel and AI, post message vulnerabilities and listener tracking, hiding content from scrapers and XSLT transforms, exploring the Perforce version control system and testing methodologies, Python, reverse engineering, and bug bounties.

In this podcast episode, the hosts discuss noteworthy news items such as a Hacker One Crit and Blind CSS. They also recap their personal bug bounty stats for 2023 and share their goals for 2024. Topics include keyboard shortcut utility systems, CTF challenges, blind CSS exfiltration, and the importance of research and exploration in the hacking community.

Hacking master Mathias Karlsson discusses burnout, collaboration, and specialization in bug bounty. They dive into technical details of MXSS and XSLT, character encoding, and predict the future of bug bounty. They also talk about the importance of finding insecure defaults, the beauty of simple code, and the benefits of sharing research. The evolution of bug bounty programs and the rise of bug bounty budgets are explored. Techniques for bypassing Web Application Firewalls and the importance of persistence in bug bounty programs are discussed.

Nagli, cybersecurity expert and bug bounty hunter, joins Justin Gardner to discuss recent hacking discoveries. They explore finding and exploiting a backup file, vulnerabilities through Swagger files, and debate an 'undisclosed' domain. They reflect on the Live Hacking Event circuit in 2023 and preview what's to come in 2024. They also share strategies for getting invited to live hacking events and discuss their experience at previous events.

Sam Erb, Google Security Engineer and DEFCON Black Badge winner, discusses the importance of understanding how systems work to find vulnerabilities, his engineering background influencing his hunting style and methodologies, his career development and work with Google, recent Google Vulnerability Programs, centralized management and control of API endpoints, exploring majors and career paths in security engineering and computer science, accessing open data and hosting, experience at Google and involvement in bug bounty program, hacking on Google and manipulating protobufs, discussion on Brand Indicators for Message Identification (BIMI) and abuse-related methodologies, and bug reports and prioritizing fixes.

The podcast discusses the struggles of bug bounty hunting, including feeling disconnected after live hacking events and the frustration of not finding bugs. They highlight the significance of perseverance and getting into a flow state. They explore topics such as client-side paths, manipulating webpack map files, and exploiting XSS vulnerabilities in iframed domains. They also discuss the benefits of Google's extension for hacking and techniques for bypassing Content Security Policy.

This podcast delves into the world of SAML and its vulnerabilities, providing insights on bug hunting methodology, the SAML authentication flow, exploiting transformations, and various types of SAML bugs and vulnerabilities.

Frans Rosén, an OG bug bounty hunter and co-founder of Detectify, joins the podcast to discuss bug exploitation, developer terminology, collaboration challenges, and balancing hacking with parenting. They cover topics such as discovering s3 subdomain takeovers, attacking modern web technologies, and account hijacking using Dirty Dancing in sign-in OAuth flows.

The podcast delves into URL parsing and authentication bypass techniques, highlighting common tips and tricks for bypassing restrictions. It covers topics such as OAuth vulnerabilities, controversy surrounding vulnerability reports, Facebook login ATO, and the risks of centralization. The hosts also discuss the importance of understanding URL components, potential issues with OAuth flows in Android apps, and the vulnerabilities of URL parsing in bug bounty programs.

In this episode, they discuss the challenges of building an HTTP proxy tool, the importance of user feedback in shaping its development, and the balance between basic and nice-to-have features. They also explore the usefulness of collections in organizing HTTP requests, customization options for workflows, upcoming features in the Kaido tool, collaboration in bug bounty reporting, and the introduction of Kaido as an enterprise vulnerability management platform.