A "by Hackers for Hackers" podcast focused on technical content ranging from bug bounty tips, to write-up explanations, to the latest hacking techniques.
Episode 81: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by MatanBer to go over some recent bug reports, as well as share some tips and tricks on client-side hacking and using DevTools effectively. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s Guest: https://x.com/MtnBer Resources: Beyond XSS https://aszx87410.github.io/beyond-xss/en/ Web VSCode XSS https://gitlab.com/gitlab-org/gitlab/-/issues/461328 Timestamps (00:00:00) Introduction (00:05:24) Learning and Labs (00:17:29) DevTools tips and tricks (00:49:49) General Client-Side hacking tips (01:09:59) Self-XSS Storytime (01:32:16) But Reports (01:46:37) Brainstorming a Client-side HUD
Episode 80: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by Sina Kheirkhah to talk about the start of his hacking journey and explore the differences between the Pwn2Own and HackerOne Events Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s Guest: https://x.com/SinSinology Blog: https://sinsinology.medium.com/ Resources: WhatsUp Gold Pre-Auth RCE Advanced .NET Exploitation Training dnSpyEx QEMU Unicorn Engine Qiling libAFL Alex Plaskett interview TippingPoint Flashback Team Timestamps: (00:00:00) Introduction (00:12:45) Learning, Mentorship, and Failure (00:29:34) Pentesting and Pwn2Own (00:40:05) Hacking methodology (01:01:57) Debuggers and shells in IoT Devices (01:35:40) Differences between ZDI and HackerOne (02:02:27) Pwn2Own Steps and Stories (02:14:06) Master of Pwn Title (02:29:54) Bug reports
Episode 79: In this episode of Critical Thinking - Bug Bounty Podcast we deepdive CSS injection, and explore topics like sequential import chaining, font ligatures, and attribute exfiltration. Follow us on twitter at: @ctbbpodcast Send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Resources: SpaceRaccoon's Universal Code Execution Extensions Escalating Client Side Path Traversal Full-time Bug Bounty Blueprint Sequential Import Chaining CSS Exfiltation Link that Justin was talking about Font Ligatures Lava Dome bypass Stealing Data in Great Style Steal Script Contents Masato Kinugawa's tweet Attacking with Just CSS CSS Injection Primitives Timestamps: (00:00:00) Introduction (00:02:32) Universal Code Execution (00:11:32) Escalating Client Side Path Traversal (00:16:56) Justin's Defcon talk & Bug Bounty Blueprint (00:23:32) CSS Injection (00:39:23) Font Ligatures (00:54:30) Descent Override and display:block
Episode 78: In this episode of Critical Thinking - Bug Bounty Podcast we’re talking about writing reports. We share some tips that we’ve learned, and discuss ways that AI can (and can’t) help with that process. We also talk about the benefit of using tools like Fabric, Loom, and ShareX. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Resources: XSS WAF Bypass by multi-char HTML entities Shazzer Next.js and cache poisoning Nagli's Nuclei Template hey why can't you fix this one bug Justin's reporting templating software Fabric BB Report Formatter 2to3 Automated Python Converter ShareX Skitch Timestamps: (00:00:00) Introduction (00:04:00) XSS WAF Bypass by Multi-char HTML Entities (00:11:59) Next.js and Cache Poisoning (00:18:03) Nagli's Nuclei Template and Sean Yeoh's Blog (00:27:34) Report Writing and AI (00:50:02) Reporting tips
Episode 77: In this episode of Critical Thinking - Bug Bounty Podcast Joel and Justin discuss some fresh writeups including some MongoDB injections, ORMs, and exploits in Kakao and iOS before pivoting into a conversation about staying motivated and avoiding burnout while hunting. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Resources: MongoDB NoSQL Injection https://soroush.me/blog/2024/06/mongodb-nosql-injection-with-aggregation-pipelines/ Mongo DB Is Web Scale https://www.youtube.com/watch?v=b2F-DItXtZs 1-click Exploit in Kakao https://stulle123.github.io/posts/kakaotalk-account-takeover/ Unsecure time-based secret and Sandwich Attack https://www.aeth.cc/public/Article-Reset-Tolkien/secret-time-based-article-en.html Reset Tolkien https://github.com/AethliosIK/reset-tolkien iOS URL Scheme Hijacking Revamped https://evanconnelly.github.io/post/ios-oauth/ PLORMBING YOUR DJANGO ORM https://www.elttam.com/blog/plormbing-your-django-orm/#content Timestamps: (00:00:00) Introduction (00:02:07) MongoDB NoSQL Injection (00:12:42) 1-click Exploit in Kakao (00:33:21) Time-based secrets and Reset Tolkien (00:39:26) iOS URL Scheme Hijacking Revamped (00:51:42) ORMs (00:58:57) Community Bug Submission (01:07:45) Motivation, Mental Sharpness, and Burnout avoidance