June 19, 2025

Episode 127: Drama, PDF as JS Chaos, Bounty Profile Apps, And More

The player is loading ...
Episode 127: Drama, PDF as JS Chaos, Bounty Profile Apps, And More
Episode 127: Drama, PDF as JS Chaos, Bounty Profile Apps, And More
Apple Podcasts podcast player badge
Spotify podcast player badge
Castro podcast player badge
RSS Feed podcast player badge
YouTube podcast player badge
Apple Podcasts podcast player icon Spotify podcast player icon Castro podcast player icon RSS Feed podcast player icon YouTube podcast player icon
Season 1

Title: Transcript - Thu, 19 Jun 2025 14:10:20 GMT
Date: Thu, 19 Jun 2025 14:10:20 GMT, Duration: [01:07:27.46]
[00:00:00.72] - Justin Gardner
He just basically only finds megacrits, right? So it's like it's safe for Chapman, right? Like Chapman has 20 bucks a year and makes more than all the everyone else.

[00:00:08.96] - Justin Gardner
This guy's average payout is like, you know, 15 grand or something ridiculous.

[00:00:37.10] - Justin Gardner
Okay, look, guys, you know I'm a little bit picky about sponsors for this podcast, right? And this next sponsor I personally went and sought out myself. So hang tight, listen for a second and let me tell you about them. Okay? This is the Adobe Bug Bounty program and they are one of the best bug bounty programs out there. A ton of hackers love their program and really respect it and, and they're a brand we all know and love, right? Who hasn't used an Adobe product over the years? They're a public program so you can hack on it with your friends super easily. The bounties are great. And guys, the scope is unmatched. They've got wildcard domains, they've got massive primary apps like Adobe Photoshop and Lightroom. They've got open source software like Magento, aka Adobe Commerce. They've got executables like ColdFusion, if you're looking to do some of that, like Shubs Esque zero day research on architectural related stuff. They've got mobile apps like Adobe Reader and Photoshop Mobile. It is a freaking treasure trove of scope, you guys. And like we always say in the pod, you should hack on targets that have live hacking events if you want to get invited to live hacking events. Right? And Adobe has been in the Ambassador World cup for the past two years. They are on the live hacking event scene, so it's definitely a good target to look at from that front as well. Also for critical thinking listeners, they are looking to get some new traffic on their Android and iOS apps. So they're offering you guys an exclusive 50% bonus on your first valid report on mobile apps on Insco mobile apps. So just use the code CTBP619, that's CTBVP Critical Thinking Bug Bounty Podcast 619 in your report and you'll get a 50% bonus. They're going to run this promotion through the end of July and and you can find the program on hackerone.com Adobe all right, I'm going to go hack on him a little bit. I hope you guys do too. Tear them up for us. It is a great way to support the pod. All right, let's go back to the show. Sup Hackers, we've got a pretty sick this Week in bug bounty segment this week, so let's jump right into it. First up is yes, We Kaido by yes We Hack. That is a plugin that integrates directly into Kaito that shows you your scope and what kind of programs you can attack within the yes We Hack ecosystem. So for example, I'm in here, I'm just going to search for Louis Vuitton and I can see right here all their scope. I can add the scope, I can add the user agent. So this reduces friction for you switching targets or getting details about your target if you're working within the Kaito ecosystem. So pretty sick. I think we'll see a couple of these plugins kind of come on the ecosystem where you'll be integrating with bug bounty platforms directly within your HTTP proxy. Pretty sick. Pretty sick. All right, next up is more stuff from yes We Hack. They've been kind of pumping stuff out lately. The the next one I wanted to talk about was their Recon Series 5 A Guide to Google Dorking. Okay. And I don't know if you guys use Google Dorking as much as I do, but I Google Dork a lot. So this is a pretty sick guide to kind of get you back up to speed on what kind of operators you can use and how to do Google Dorking to increase your recon. And one of the things I love about Google Dorking is Google knows what's important about a target, right? They index it. That's how people find things about these companies. So I think it's a really good, like generic way to to hack on a specific target. Next up is the Dojo with Yes We Hack as well. I don't know if you guys knew this, but yes We Hack Dojos get you private program invites on yes We Hack. This one right here is Hex color palette and I'll give you a little hint, it's an xxe. So go check that out. If you're looking to get some private program invites and pop into the yes We Hack ecosystem there. All right, next UP is from HackerOne. We've got an article on smart contracts and common vulnerabilities in real world cases. I know a lot of hackers have been out there killing it in Web3 vulnerabilities and making a ton. So if you're looking to sort of refresh your knowledge on this, also shout out to my boy Andrew Pratt that wrote this article. Love it. Then you can kind of refresh your knowledge on price Oracle manipulation, logic errors, reentrancy attacks, Flash loan attacks, all sorts of things. This is the kind of stuff I deep dived a while back and then have sort of let that knowledge fade. So I think I'm going to go refresh on this myself. All right, last but not least is bugcrowd. And actually, this is a pretty exciting announcement, you guys. Bug Crowd has actually launched a Red Team as a service offering. And obviously this is cool for organizations, so if your organization needs red team services, definitely check this out. But this is cool for us as the hackers, too, because we can potentially get in on this, especially if you're in the bug crowd ecosystem already. And I know a lot of you guys Participate in the Bugcrowd or HackerOne pen test offering, and this is bugcrowd sort of pushing that industry forward and adding Red Team as a service into that flow. So definitely, if you're a little bit more on the Red Team side, then definitely want to check this out. They are recruiting for this from the crowd. They've said, I think, down in, like, the FAQs here. So definitely go ahead and check that out if you're interested in getting in on some contract work to supplement that. That bug bounty income. All right, that's a wrap for this week. Let's go back to the show. All right, dude, let's. Let's just jump right into the mouth of the beast this time because there has been some shit going on in the bugbuni community while I was away on this. On this vacation.

[00:05:53.19] - Joseph Thacker
Yeah, I did have to bring down the smackdown with the. With everyone tag. Yeah.

[00:05:58.87] - Justin Gardner
Yeah, dude. Yeah. So, all right, you know, we kind of discussed it off air. We're starting this recording a little bit late because we had to, like, figure out exactly what we wanted to say and without bringing too much drama into the pod. Like, I think it's. I think we had one major thing that we wanted to reassure you guys of about this whole drama thing.

[00:06:20.30] - Joseph Thacker
That's right.

[00:06:20.50] - Justin Gardner
Drama's gonna come up from time to time. We really want to give a shout out to three people. Okay. To Kingo, to Yobert, and to Inti. Okay. These. These are the guys.

[00:06:32.33] - Joseph Thacker
That's right.

[00:06:32.86] - Justin Gardner
That are real hackers. That. That hack. I've seen and been impressed by their hacks many times. They are working for these platforms and they are advocating for you guys, the hackers. So, you know, whatever happens, they're human. They. They make mistakes, but know that their heart is in the right place for the bug bounty community. Right. Am I. Am I conveying that. Right, Joseph? Is that what we wanted to say?

[00:06:52.57] - Joseph Thacker
Yeah, exactly. I mean, those guys not only helped build bug bounty into the industry that is today, but they've consistently fought for hackers and for just the embedderment of humanity for years to come. And like you just said, they might not make the perfect call every time, but I think that anyone who's out there that is skeptical of their hearts or what they're trying to promote or build is in the wrong place and they need to reevaluate their opinions.

[00:07:20.45] - Justin Gardner
These guys, especially advocating for hackers, are not, are not out to get you in the.

[00:07:23.98] - Joseph Thacker
And we did want to say there's not lots of, we're not excluding lots of other people who are, who are working at bug bounty programs or platforms, but those guys for sure are often leading or at least commenting on things that are public or making decisions behind the scenes. And, and yeah, you can trust their hearts.

[00:07:41.62] - Justin Gardner
Yeah, absolutely. All right, man. Well, I know that that's what we wanted to say. So let's, let's get to the meat. Let's get to the meat and we won't address the drama any further. Okay, well, first thing of the meat actually is a new newsletter that came out called Disclosed by Harley from H1. And this, he does a pretty freaking good. Have you seen it? Have you seen the dude? It's not sponsored.

[00:08:07.24] - Joseph Thacker
We're not sponsored by Harley here.

[00:08:08.39] - Justin Gardner
We are not sponsored. We have no affiliation.

[00:08:11.56] - Joseph Thacker
Love grassroots products.

[00:08:13.56] - Justin Gardner
It's good dude. I mean like Harley has a, you know, his thumb on the pulse of the bug bounty community. And this is a thorough ass newsletter.

[00:08:23.48] - Joseph Thacker
It is. He's putting a lot of work into it. That was my first thought.

[00:08:26.43] - Justin Gardner
Yeah. And I don't understand how he's launching like six things at once too. Like he launched the. We're covering it later, but you know, he launched his, his vibe code.

[00:08:34.66] - Joseph Thacker
All Vibe coding.

[00:08:35.11] - Justin Gardner
The domain. Yeah, it's. It's vibe coding, but the domain is kind of crap. But what, what is it? Disclosed online. You know, I think he maybe bought two domains, like one for the disclosed newsletter and then he used it to like put the hacker profiles kind of cohesive. Sorry.

[00:08:48.99] - Joseph Thacker
If you think about it.

[00:08:49.62] - Justin Gardner
Yeah, yeah. But yeah, I think that the disclosed newsletter is definitely worth a sub. Especially if you, if you want to just have a good list of. I mean, what is. This is a. There's a bunch of things on here. There's learn, there's videos, there's tweets, there's articles, write ups, like he's got a bunch of different sections inside this newsletter, which I really like. So even if you don't want to hear about the tweets or you don't really care about the tools, you can just jump straight to write ups and research, you know.

[00:09:17.45] - Joseph Thacker
That's right.

[00:09:17.88] - Justin Gardner
And get a really good update on, you know, what's happening in that specific section of the Bug Bounty community this week.

[00:09:25.04] - Joseph Thacker
So, yeah, in general, shout out to Harley. I just love anything that's Bug Bounty focused because, I mean, that's the reason why you started the podcast initially. It's like we, like Bug Bounty itself deserves an ecosystem of like, products and media and content. It does. And if you want to excel at anything, you want to basically submerge yourself in that, I think. And people do that in lots of other industries and niches. And it was hard for Bug Bounty for a while because the only way you could get that content was really like just following people on social media or being in private slacks or discords. And I think in large part critical thinking, you know, quote unquote, solved that problem in a big way. But this is just another great way that you can immerse yourself in Bug Bounty content.

[00:10:02.10] - Justin Gardner
Yeah. Yeah, dude. I mean, I think it should be clear from the fact that we run a competitor newsletter to this, and yet we are still shouting it out on the podcast that you should definitely check it out because it is very high quality. So also check. On a completely different note, subscribe to the Critical Thinking newsletter at CTV Show Blog. Also. Really well done, but a little bit more oriented towards the pod. Right. Like what we do on that newsletter, just for those of you that aren't familiar, is we take the news we covered on the pod, we take the technical details of what we said on the pod, and we try to give you a way to access that data in text just in case you don't have the opportunity to listen to the whole episode. Or maybe you need, you remember, like a one liner that we said or like some, some topic that you need to go back and get a refresher on. Well, you can find it, you know, in text on the, on the.

[00:10:51.44] - Joseph Thacker
Yeah. Or you need a payload or you need. It's basically like. It's like. It's basically like Show Notes plus plus, like it's like a much more expanded version of Show Notes.

[00:10:58.82] - Justin Gardner
Exactly.

[00:10:59.25] - Joseph Thacker
Yeah.

[00:10:59.62] - Justin Gardner
All right.

[00:10:59.94] - Joseph Thacker
I think you have more than me, so I'm going to jump to one of mine.

[00:11:02.58] - Justin Gardner
Do it.

[00:11:03.94] - Joseph Thacker
So XSS doctor, as we all know, puts out great stuff. Let Me hide my messages before I share my screen because our editors always have to edit that out. I'll share my screen. Yeah. Dude, this is really cool. I'm surprised this wasn't on your list. Did you see this?

[00:11:21.70] - Justin Gardner
I did see it. Yeah. I missed it. And I even had it bookmarked. Uh, but I, I did miss it.

[00:11:26.54] - Joseph Thacker
Yeah. So basically XSDOR found a really cool CSP bypass where he uploaded a valid PDF. But because the magic bites in PDFs are not at the beginning of the file, it can. It can also be a completely valid JavaScript file. So it's a valid. So it's just a polyglot file that's both a PDF and a JavaScript file. And it's funny like this is the entire file, but it's based on a really good blog from doyensec which we've talked a lot about on the podcast. So you can go check that out. You can go also check out this tweet, but extremely cool payload. And do you think this has been done before and just like not shared?

[00:12:03.64] - Justin Gardner
Yeah, I've seen it before and actually I've talked to XSS doctor about this. You know, we've kind of compared notes on this sort of like polyglot type of payloads before because it's very relevant to client side path traversal, which we are both very passionate about. Right. Is kind of figuring out a way. Okay, you know, is there any way that I can upload, you know, valid JSON in another file format, type that sort of thing? Definitely a cool trick. PDFs in particular, I think are pretty malleable. So definitely, definitely one to check out. And actually man, we've got pretty relevant. I've got two relevant pieces to this actually, so I'm going to. Did you have any other comments on that? No, that was it tied into. Definitely. Very cool to have that PDF as a valid JavaScript executable type there. Tying it into a different thing. There's also write up by Jorian Wolter. I'm sorry, I can't get. I don't know the name, but on obs websocketrc.

[00:13:02.62] - Joseph Thacker
Is this a different Jorian than the other Jorian?

[00:13:04.87] - Justin Gardner
No, this is Jorian. Okay. Yeah, this is Jorian. That's around all the time.

[00:13:08.35] - Joseph Thacker
Yeah, that's what I thought.

[00:13:09.42] - Justin Gardner
Yeah. And this was a great write up and like Jorian is a phenomenal hacker. So I'm in no way saying this, that this is not as impactful or that it wasn't great work. Yeah, there was a caveat within the first like two paragraphs of like, if you turn off authentication, then you can do this exploit. I'm like, okay, that is a big if. But the, the techniques that he used to actually fully do the exploit with the websocket interactions and the polyglot file of the BMP here, let me go ahead and share my screen so you guys can see what I'm talking about. Yeah, was, was really cool. So I did want to tie that out because while we were, while we were talking about sort of polyglot files, this is an area where he was able to craft a polylog file. The TLDR of this write up is that in obs you can turn on this websocket based functionality and then if you turn off the authentication for it, then any website can just connect to your local host for four or five times and send commands into obs. Some of those commands are like, for example, saving a screenshot and you can write to arbitrary files on the file system. So he's like, okay, well how do I convert this into rce Using the very limited type of. It's not very limited. There's a lot of supported images here. But one of the supported image types was bmp. And BMP has the ability for you to specify essentially just arbitrary bytes within that file as a representation of the image data. Right? So I'll read this little snippet from the write up. The bitmap file format is a very simple one, especially its pixel array variant which OBS uses when you save an image as bmp as it uses no compression, as you can see above, it stores BGR values, which I'm more familiar with rgb, but I think it's like flipped. The endiness of it is flipped values by 1 as separate bytes. If the first pixel is colored, as you know, hex 72 644A and the second one is 6E 6169. Its BGR values will turn into the byte string just repeating those back. Or the ASCII equivalent of it is the word jorian, which is his name.

[00:15:27.01] - Joseph Thacker
Right?

[00:15:27.62] - Justin Gardner
So essentially what you can do is you can use BMPs to smuggle arbitrary like bytes into this, this, this file without having to deal with like image compression and some of the other nuances that you'll run into with other image types. So it makes it very easy to use BMP as a polyglot file that you can achieve different types of exploits with. So what he ended up actually doing here was using it to craft. And this is another really cool tip, dude, a HTA application, which is an executable format in Windows that will allow you to just run arbitrary VB script. Um, and the other cool thing about that HDA file is that it is fuzzy. So you know, it's just HTML in there, right? And then you have access to writing VBScript inside of a script tag. So and HTML is very like other bytes compatible, right? It's just going to be perceived as like just text right inside of the. Inside of the file. So you can put all the BMP related stuff in there and then just, you know, use that arbitrary amount, the ability to just write arbitrary bytes that we talked about before to build out a script that will actually run in a Windows environment and pop calc. So he was able to do that and built the whole POC out. So I think that is really, really phenomenal work.

[00:16:50.41] - Joseph Thacker
I'm not sure how intently you read it because I haven't read it yet. But did it like what made it pop when you restarted obs? Like why did it. How did it execute the bitmaps? Hda.

[00:17:02.30] - Justin Gardner
So that's a trick. He actually wrote it to the startup folder in Windows. So he had like.

[00:17:08.23] - Joseph Thacker
Because you have arbitrary write. Yeah, yeah, yeah, yeah. Cool.

[00:17:10.67] - Justin Gardner
He could write the file anywhere. So he wrote it to the startup inside of Windows and then it would automatically run the HTA file and pop.

[00:17:18.78] - Joseph Thacker
Perfect. That's awesome.

[00:17:21.43] - Justin Gardner
The interesting thing is obviously in order to do that you need a gadget that leaks the user's username. Right? But actually one of the functionalities that OBS exposed via that websocket was something that leaked the path and you could use it to grab the username.

[00:17:37.83] - Joseph Thacker
Nice.

[00:17:38.24] - Justin Gardner
So very good work by Jorian, as always. Two takeaways there is BMP files are super helpful for sort of dirty file rights. Right. And then hta, you know, combined with that is compatible with dirty files and will still allow you to get execution on a Windows system.

[00:17:55.98] - Joseph Thacker
Yep. Sweet. The one thing I was going to mention next was right up by Kazushi. I didn't even know this, but his name is apparently Andrew. I think I mentioned it before whenever we. Whenever we were talking about one of his blog posts. It was the precursor to this one or like the. The one that came before this. And I mentioned it because he's big into judo. Like he's like a second degree black belt in judo, which is super cool.

[00:18:19.46] - Justin Gardner
Oh dang.

[00:18:19.90] - Joseph Thacker
And a hacker. And a hacker. So yeah, being into martial arts plus hacking is Very cool. Anyways, so he wrote a blog called Time in a Bottle or Knapsack. And he's talking about. It's kind of a continuation on the fact, if you remember the last one talked about how he was trying to come up with some sort of formula by which you could determine like the odds of finding a vulnerability. And it evolved as a big part of that formula, like the amount of times you tried. And I think I mentioned or if I didn't, you know, one big thought of this is like, this is why like fuzzing or scanning or vulnerability, you know, scanning or um, this sort of like try a lot of things often like, or like using active scanner and burb or using whatever other types of scanners is like so valuable is because you're getting a lot of shots even if they're not on goal. It's just by taking a lot of shots, you are often going to increase your odds of success. Um, so he talks a little bit more about that. But the, the part about this. And you all can go and read the blog. You should, it'll be in the show notes. But the one thing in here that I thought was really neat was he was talking about, you know, potentially going full time as a bug hunter and what that would mean and how it would require him to, you know, make a decent amount of money. And so in here he specifically says, you know, like, let's say an average, you know, a secure or yeah, security consultant makes something like $150,000 a year or whatever. Then you know, he says random sources show the average payouts between $500,000 per issue. And I can confirm that, you know, it's really cool. HackerOne shows you what your average payout is. And so me and you and other hackers have talked about this before. It is often around, you know, that I think people who are more on the or high end of things often have it more between 1000 and 1500 or whatever. But yeah, so then he uses that math to say, okay, if I make $750 per vulnerability, how many vulnerabilities do I need to make $150,000 a year or whatever. And it comes out between 250 and 300 vulnerabilities. But then if you assume that, you know, 20% of your vulnerabilities are going to be dupes or informational or false positives, then now you can multiply that again by, you know, increase another 20% to figure out exactly how many bugs you would need per year on average to make a make A good salary.

[00:20:22.41] - Justin Gardner
And stressful for me. Dude, I'm not going to lie, like looking at these numbers.

[00:20:26.36] - Joseph Thacker
Yeah, I know. It's basically one a day is what it comes out to. It's which, you know, obviously there are lots of hackers like Inspector, if any of you. Inspector, Ambitious, I think is his name. He got MVH at the Google event that I went to in Malaga last year. He just basically only finds megacrits. Right. So it's like, it's safer. Chapman, right. Like Chapman has 20 bucks a year and makes more than all everyone else.

[00:20:50.98] - Justin Gardner
This guy's average payout is like, you know, 15 grand or something ridiculous like that.

[00:20:55.38] - Joseph Thacker
Exactly. So there's lots of different outliers and there are some people with great automation that find, you know, a thousand bugs a year. But anyways, yeah, this is, this is really cool. But basically for a western world salary, if you want to, if you're in the US and you want to be a full time bug hunter, you need to average like one bug a day. And I will say don't overly stress about it if you're a listener because that never works out for me. It's basically like I'll get an invite to a new program or a hackerone challenge, or I'll get into a new area of scope and I'll find six bugs in a day or something. And then, you know, then you won't find any for a while. But I just thought that was really cool the way he broke that down.

[00:21:26.40] - Justin Gardner
Yeah. So a couple comments on this one is I think you should plug in your own numbers as a hacker into this because I know that my average payout is substantially higher than those numbers. And, and I, and I think that it depends on what kind of hacker you are and the frequency. Right. Because I know that there are some hackers out there, even manual hackers, that just churn out mediums all freaking day.

[00:21:51.11] - Joseph Thacker
Right.

[00:21:51.44] - Justin Gardner
You know, and, and they make great money, phenomenal money. And don't get me wrong, I am not below reporting, you know, a lower medium or anything that, that the company finds value. But I think, look at your own stats when, when factoring all this in because I think you can make substantially more than what he's calculating here by submitting substantially less vulnerabilities. Right. Depending on, you know, what kind of programs you're targeting as well and the average payouts for those. The second thought here was that I love these, I love these formulas for bug bounty and I've actually tried. I'm not sure I can get it up while I'm talking here. I'll try to pull it up, but the. There. I have a formula that I kind of put into my talk on, you know, hacking efficiently. And I believe I know this was Epoch Bunny village last year, so I don't think that I've talked about it publicly before. I know that I do have a recording in the critical thinking discord. But I love these formulas of like, okay, here we calculate our attack vector value. We've got the probability of success, the impact of success, the friction. To actually test it, you're pulling all of these variables together and I do have mine out there. Maybe I'll send it out in a tweet or something. But all of that really came from a talk for me from way back by Matthias Carlson actually, where he did a talk at like some obscure like, conference. I forget what it was, but he gave a talk on how to optimize your bug bounty. Yeah, and I think I asked him about it last time he came in the pod and we're going to have him on the pod again soon, so I'll ask him about it again. But I think not enough. There hasn't been enough research done by researchers into the metagaming of bug bounty like this.

[00:23:36.29] - Joseph Thacker
Right.

[00:23:37.01] - Justin Gardner
How can we optimize our efficiency as, as hackers and produce the most output?

[00:23:42.70] - Joseph Thacker
Yeah, I think that that was. I think that when you look at people like you or like Douglas or other top hackers, I think that they subconsciously have found that product market fit. Product market fits a weird word. But I feel like they found that like personal time spent fit really well because, like, you're incentivized to optimize for it based on the fact that you get paid in bug bounty. So I do think you're right that not enough people kind of think about it or research or focus on it. Do think one, it's a little bit personalized and then two, I do think people kind of find it for themselves because they're trying to optimize for it because they want to make the most money, but they often could make even more changes. I just looked mine up. My, my average was actually 1200, so it is a bit higher as well. So yeah, I agree. I think that it's really neat. I think that the formulas do kind of help people. And I think that one big factor that I think you do well and that other kind of top hackers do well is kind of being a little bit ruthless in time spent and like how you spend your time. It's like you almost can't be ruthless enough in how you're spending your time. But that doesn't mean like always switching. It might mean just like blocking off all communication paths so that you can solo, focus and go deep. Right. But then sometimes it does mean switching and just kind of. I think that what you kept doing during that Google event that I think about a lot is that you were like at least maybe twice a day, but at least once a day basically saying like, hey, what are the most promising leads? And this is like kind of similar. Alex Hormozi actually talked about this on his, on one of his most recent YouTube videos talking about business priorities. And he was saying like, as a CEO, you often have this laundry list of ideas you want to implement in the business, but when you implement one, there's like a, there's like a loss. You like take a quick performance loss. And so if, and so you basically need to rank those based on the probability of success and how much, how likelihood it, not just probability, but then what kind of impact it will have if it does work. And so I think as a, as a hacker, you can do that exact same thing. It's like if you have six leads, and this is what I was saying that you did well at that Google event, basically we would have like six leads or six ideas to pursue. You would prioritize those based on your, your rough mental math on like odds of success of those and then how critical the payout is or how critical the impact is based on that. And I think doing that mental, you probably do that often when you're actually looking through, through a program and in life hacking events, you probably do the same thing. And so maybe that's a really solid tip for the listeners, is like if you have a lot of things to look at or a lot of ideas or a lot of leads or a lot of errors, you should, you should actually take a second to step back. Don't just go down that rabbit hole that you're, we're all prone to go down and, but list them out and think which of these is the highest likelihood of success and which of these will pay the best if it does succeed.

[00:26:19.60] - Justin Gardner
Yeah, yeah. And I think a lot of that is informed by intuition as well, because we can't quantify these things. Right, right. Or, you know, we can. It is probably quantifiable, but you know, we, I haven't seen an effective way to do that yet. So, you know, my, my way that I quantify these is by intuition. And for that you have to be a pretty experienced hacker. So this isn't really oriented towards beginners. This is oriented towards intermediate, advanced people that are looking to optimize their output.

[00:26:46.19] - Joseph Thacker
Yeah.

[00:26:47.02] - Justin Gardner
All right, dude, we have to move along. But the talk that I mentioned before is called how to differentiate yourself as a Bug Hunter by Matthias Carlson at OAS.com home so we'll drop that in the description. Definitely a recommended watch. Very impactful talk in, in my opinion. All right, we are, we are not doing.

[00:27:09.84] - Joseph Thacker
No, listen, you're being negative. Shake off the shack. Shake off the negative. Nancy. We're doing great. The audience is loving it. We're doing great.

[00:27:17.84] - Justin Gardner
All right. All right, let's do it, dude. All right, next up on the list, I had Hacked in versus Disclosed Online, this is the thing we mentioned before, you know, with Harley spinning up a essentially bug bounty profile aggregator. And this is actually something that critical thinking has been thinking about doing for a long time and we just haven't been able to allocate resources to it. But I'm kind of relieved that some of these other people are taking it on. And so obviously there's two of these out here. They've kind of spun up at the exact same time. Hacked in.net and disclose online.com I love Harley. I love both of these, these products. My thought is that Hacked in. Net is. Is currently in the lead and I.

[00:27:58.38] - Joseph Thacker
Think this is bringing in the hot tape. I like it.

[00:28:00.33] - Justin Gardner
Yeah, you know, I got, I got to do it. You know there's, there's some self sign up features they're working on actually like verifying your, your profile with emails. You know they send an email to like your rename reader at we are Hackero email or whatever.

[00:28:15.05] - Joseph Thacker
This is very visual. So I'm going to show the two.

[00:28:17.46] - Justin Gardner
Yeah, yeah, show them.

[00:28:18.29] - Joseph Thacker
This is what, this is what Disclosed Online looks like for my profile. So it's got like My X stats, HackerOne stats, bug crowd stats, GitHub, repos, and then it kind of pulls out companies to help secure and then testimonials from HackerOne as well. And then the other one, it's nice.

[00:28:35.55] - Justin Gardner
They pulled your testimonials. That's cool.

[00:28:37.07] - Joseph Thacker
Yeah. And then hacked in.

[00:28:38.68] - Justin Gardner
Yeah, show them hacked in. And so, you know, I think that the reason this is necessary for the industry is that you kind of want to at a glance understand if this person that's talking actually hacks. Right. And I've been, you know, I don't really give a lily about this quite as much anymore because I think I'VE sort of established myself already as a hacker. But it does make me a little sad to look at my HackerOne profile and show like, you know, three bugs submitted in the past, like couple months right now. Because I've been focusing on Google exclusively.

[00:29:09.56] - Joseph Thacker
Well, not just that, I just, I hate that it defaults to last 90 days. Like I really wish it defaulted to all time on HackerOne. Just. And maybe that's because I'm the same way. Right. I feel like, you know, historically like I've got 12,000 rep on HackerOne, but then you pull up hackerone.com reso and it's like, like you said like 10 bugs or 500 rep or whatever. Yeah. So this is what hacked in looks like. Once you've got everything set up. One thing that the skills don't have enough options. Like there's no AI related skills that you can add. I do like the fact that it lets you choose these two things. They could also pull these from LinkedIn or X. Kind of nice. But it is neat to see. I think I like this a little bit better where it shows the rep and vulnerabilities across this even though they don't line up the same. It's cool to see both of those. And I thought this was a really nice touch that it shows the stars on your most popular repo.

[00:30:05.08] - Justin Gardner
Yeah, I like that as well. There's a couple things I just wanted to brainstorm with you live on this sort of thing. Couple features that I think should be implemented. Um, I think that they should. I mean platform verification is necessary so you, you shouldn't let people link any hackers profile to their account. So they're, they're working on that. I know. I would also like to see integration with top programs that are outside of the platforms like Google and Meta to name at least two. And then I would like to see some formula to aggregate and cross correlate the reputation and the bugs submitted and pull it into an overall hacker score.

[00:30:44.90] - Joseph Thacker
Oh, interesting.

[00:30:45.53] - Justin Gardner
So that at a glance, at one glance I can say, okay, Joseph's talking some, some shit, you know, like what, what has he popped lately? You know, so sort of situation. Right. And I think that's the biggest value add.

[00:30:58.98] - Joseph Thacker
So what do you think is the real utility of this? This still feels like a gimmick to me. Like no, no offense to either of them, but it's like, besides, it is kind of nice, like you said, to have a single place to go to, to say like, should I respect this person' Is this person legit? From like, a technical perspective. And it is hard to know sometimes, like you said, because there are people like Yusuf that are like, all meta. Right. He submitted everything. It's meta. And so if some. If someone didn't respect him, it'd be, like, kind of weird or interesting because he's so technically skilled.

[00:31:28.68] - Justin Gardner
And there's some sleepers out there, man, in the community that are like all Google killers or whatever, but they don't tweet and they don't write blogs, and if they don't tweet and they don't write blogs, they don't have a HackerOne profile, you know, or whatever, then you don't know if they're popping bugs, you know, And I think at the end of the day, one of the things we love about the bug bounty community is its POC or gtfo.

[00:31:50.14] - Joseph Thacker
Right.

[00:31:50.42] - Justin Gardner
So if you are not actually popping bugs, then we know, you know, and like, and you know, it's just a very POC or GTFO community, and I really value that.

[00:32:01.22] - Joseph Thacker
Right, yeah.

[00:32:02.29] - Justin Gardner
And that's why it's important to me as somebody who runs this podcast, to be actively hacking and, and, and, you know, trying to, to actually make sure that you guys know that I'm not just coming here and talking the talk. I am popping bugs in the weeds with.

[00:32:15.76] - Joseph Thacker
Yeah, you're on the battlefield with them.

[00:32:17.41] - Justin Gardner
Yeah, yeah, exactly. So anyway, I think this is very necessary. The. The hacker score thing, I think would be huge. The other thing that I just want to say is I would like to be able to go to a HackerOne profile, a bug cred profile, you know, whatever, and change one letter in the domain and end up on this site.

[00:32:37.50] - Joseph Thacker
Oh, gosh.

[00:32:38.18] - Justin Gardner
Right. You know what I'm saying? Like, so it needs to be for hacker ones, you know, or like hug crowds or something like that.

[00:32:46.05] - Joseph Thacker
I couldn't believe you said that. The domain was bad. Hacked in I thought was really clever and I wish I thought of it.

[00:32:50.74] - Justin Gardner
Hacked in is good. Hacked in is good.

[00:32:51.98] - Joseph Thacker
You just want to be.com instead of net.

[00:32:53.94] - Justin Gardner
No, no, no, hacked in is great. I was saying you said that their domains suck. Harleys.

[00:32:58.09] - Joseph Thacker
You said the domains.

[00:32:59.75] - Justin Gardner
Did I say domain Z?

[00:33:00.79] - Joseph Thacker
Yeah, you said both need a better domain. No, I'm going to quote you in this. Pull up the doc. No, no, it says, richard, both need a better domain.

[00:33:06.59] - Justin Gardner
Run it back right now.

[00:33:08.16] - Joseph Thacker
It says I can screenshot it if you want me to. It says both need a better domain.

[00:33:12.88] - Justin Gardner
Oh, shit. I did.

[00:33:13.51] - Joseph Thacker
It's got to be because of the Net or something. You had to be thinking something.

[00:33:16.48] - Justin Gardner
You're right, I did put that in the. Okay, don't run it back. Richard, Richard, do not run it back. You're right, I did say that and I see what you're saying. Like LinkedIn hacked in. Oh, yeah.

[00:33:27.24] - Joseph Thacker
I think it's super clever.

[00:33:27.96] - Justin Gardner
Yeah. The DOT Hacked in, I think is a good domain. Would love it to not be net, but it is what it is disclosed online. Doesn't say to me, this is where I go to find out about other hackers.

[00:33:40.34] - Joseph Thacker
Right, right. I think Hackton does. It's like, hey, this is the social media profile of that.

[00:33:45.43] - Justin Gardner
Yeah. And actually I'm a little bit ashamed to say, I think the reason why I wrote this a couple days ago was I didn't get it.

[00:33:52.15] - Joseph Thacker
I didn't get. Maybe you didn't get it. Yeah. Okay. Well, I mean, but if you didn't get it, then will other people get it? It's kind of funny something to think about.

[00:33:59.14] - Justin Gardner
It is, you know, and maybe it's because it's a dot net thing, I don't know. But either way, I'm glad to see these popping up and I would like to, you know, I think once the product is really refined, very valuable. And yeah, if I, if I don't. Yeah, I would. I will definitely be supporting financially whoever comes out on. On top of this whole thing between the two of them, you know, via donations or whatever. Because I think this product needs to continue to exist.

[00:34:26.11] - Joseph Thacker
Yeah. And I do think it would be amazing if there was some way to make sure everyone uses it. Like, that's the frustrating part to me is like, if this, if one of them gets really good, I'm sure they will. But then 20% of people use it, it's still useless. Like, it really has to be something that gets up. Adoption maybe.

[00:34:42.07] - Justin Gardner
Maybe if there isn't somebody who's claimed.

[00:34:43.67] - Joseph Thacker
A shadow profile, just like in Facebook.

[00:34:46.03] - Justin Gardner
That there isn't someone who's claimed a specific profile, then you just cross correlate all of the. Like assume they have the same user.

[00:34:53.86] - Joseph Thacker
Right.

[00:34:54.51] - Justin Gardner
You know, and then say, okay, everyone with the username Reiterator, even though he hasn't been on here, looks like this.

[00:34:59.55] - Joseph Thacker
That's. I said shadow profile. I don't know if you know what I mean. On Facebook, if you don't have a Facebook account, it still takes every face from every photo ever found online. And there's a shadow profile for you that when you sign up, you can be like, oh, and here's all the photos I'm Tagged in. It's already associated with a single face, like a holy. So that's what this would be. Right? It'd be like a shadow hacked in account.

[00:35:21.44] - Justin Gardner
So that's crazy, man. All right, what you got?

[00:35:24.84] - Joseph Thacker
Cool. Yeah. So this is like two kind of AI security. I've got like three security things, but one.

[00:35:30.51] - Justin Gardner
What else is new? Joseph.

[00:35:32.67] - Joseph Thacker
I know, listen, I don't know if you all know this, but I get lots of DMs that are like thank you so much for pushing me into doing AI stuff or thank you so much for teaching me I stuff. I also get. I'm sure that there's other. Actually I don't get that much of it, but I'm sure because people are probably kind. But I'm sure there are some people who are annoyed by it. But I will say there are a lot of people who are very thankful of it. So.

[00:35:51.30] - Justin Gardner
Yeah, and I, to be honest, man, you know, one of the big differentiating factors, obviously, yeah, I'm very grateful to have you on the show, but one of the big differentiating factors on inviting you onto the show is I firmly believe that if we are not utilizing AI correctly as bug bounty hunters in the next five years, then you're done, right? You're cooked, you know, and so I think, you know, as far as the podcast goes, we. I'm very pleased to have a AI specialist hacker on here as well to talk about these things because whether the community likes it or not, I'm going to give them what they need, which is an AI specialist in bug bounty.

[00:36:26.07] - Joseph Thacker
I love that that's so much of your heart. Just in outside of bug bounty too, you very have much like a. I love you and I'm going to make sure you're doing well in life. I'm going to make sure I take good care of you. So.

[00:36:36.94] - Justin Gardner
All right. Sweet man, that, that, that warms the heart.

[00:36:39.90] - Joseph Thacker
I'm going to share my screen on this one. Yes.

[00:36:42.11] - Justin Gardner
What you got?

[00:36:42.80] - Joseph Thacker
Yeah, so I have been thinking a lot about ASF as I always do. I just recently am doing a short term AI safety engagement for OpenAI which I was just excited to share because it's pretty cool. They do need to up their payouts and I've sent them a long diatribe about why. But anyways, so this is a really cool AI write up. It's very similar honestly to the stuff that we found in Google Bard over a year ago, which is a little frustrating because in this write up they literally say the first one ever. Anyways, I'M going to click this link. Share this tab instead. Basically, they call it Echo Leak. It doesn't deserve a special name. Guys, sorry, AIM security. But what it is is it's a markdown image xfil, which for listeners who maybe are not or have their head in the sand, basically, in AI applications, if it will render a markdown image, you can convince the model to respond with a markdown image link that then has a path or a query parameter or a subdomain that includes sensitive details about the conversation or the user's history or their memory or some other data. And then when their browser makes a fetch request for that specific image, it actually leaks it to your server in your server logs. Right. So that's basically what they did here on Microsoft Copilot. For some reason. They claim it's the first zero click attack or something. Let me see.

[00:38:03.05] - Justin Gardner
All right, all right, Rezo, let it go, man. Anyways, I know we did it first. We're cool. All right, let's go.

[00:38:09.90] - Joseph Thacker
Well, actually, so anyways, doesn't matter. It wasn't. It wasn't just us. Like lots of other people found it too. But anyway, so what it does is there's some really cool stuff in here. One, it was, it was email based. So you would send an email to somebody who uses GitHub or sorry, Microsoft Copilot. And the thing that I tweeted about that I thought was really cool was the fact that this typical method of markdown links didn't work. They use what's called a reference based markdown link. So let me zoom in.

[00:38:39.57] - Justin Gardner
Dude, I see that. Okay. I saw you tweet this. This was super cool.

[00:38:43.05] - Joseph Thacker
Yeah, yeah. So this is a reference style markdown link. And you know what's even cooler? I don't know if you saw this yet. If you didn't, you're going to be so happy that this happened. Jun Kokatsu shared this technique last November, eight months ago, and no one really paid attention to it. So oh my gosh, I'm going to share this tab instead.

[00:39:03.01] - Justin Gardner
Piloting Edge Copilot is what I dropped my phone.

[00:39:06.05] - Joseph Thacker
Yeah, he called it Piloting Edge Copilot right here. I'm going to click on it and share this tab. So basically he said that when he was hacking and doing a very similar attack to Echo Leak or whatever they called it, basically they blocked this style, the typical style of markdown links, but this reference style was allowed. And even just the URL itself, which is how a lot of elements work, right. When they respond with URLs it just automatically turns into clickable, which this is not as ref. As usable to what I'm talking about like the embedded image markdown, because this will never get turned into an image, but this style can still be used as an image. You just use an exclamation point, so.

[00:39:44.82] - Justin Gardner
Really? Yeah, I didn't know that. That's super cool.

[00:39:47.30] - Joseph Thacker
Yeah, exactly. So I'll go back to the main AIM security post and show you. Share this tab and set.

[00:39:54.55] - Justin Gardner
Dude, this is just a great call out in general though, like a. You know, trying to look at these more alternative syntax for Markdown I think would be super interesting.

[00:40:05.59] - Joseph Thacker
Yeah, it's a great area of research. I mean just the way that Markdown gets converted to HTML. I've already mentioned that in a previous pod. I think people should dig into it and there was I think maybe a zero day or something that a critical thinker in the researcher community found. I wasn't able to replicate it, so I don't know if it's fixed, but I think that parsers are always the best place to look for bugs. And so Markdown being parsed into HTML will in no doubt pay dividends if you dig into it and find something interesting. So.

[00:40:33.19] - Justin Gardner
Absolutely.

[00:40:33.71] - Joseph Thacker
So anyways, here's the image part. It's basically the exact same thing. So you know, here's the non image. It's just the link with the reference and the reference below down here it's the same exact thing, but you just append a or pre pin an exclamation point. So this reference goes. And this reference can go at the very bottom of the response from the AI and then this just goes where you want the image to occur.

[00:40:54.32] - Justin Gardner
Wow, that's crazy.

[00:40:55.17] - Joseph Thacker
Yeah. So really cool technique. They eventually had to do like CSP bypass. The other only cool thing that I thought was really neat was rag spraying. So very, very often these applications will sometimes, especially with like the cross history stuff that we're seeing in shared memory and chatgpt and in Google and other products. Basically when they want to reference other data that's been sent or conversed or saved off, they'll use rag. If you don't know what that is, I covered it in the AI series, if you want to go back and watch that. But this rag spraying technique, so this is what I thought was hilarious. They did Here's a complete guide to employee onboarding. And then they attack. Here's the complete guide to hr and then the attack. Here's the complete guide to leave absence attack. You know, and then like username attack, hello world attack. Right? You just want to have a whole bunch of. This is basically what gets wrapped up in the rag, which would make it return when the user ask about employee onboarding or HR or leave of absence or whatever. So each of these things is basically tagging that chunk chunk. The thing is this won't necessarily always work. This is like, like rag will often have the data chunked up and you don't know what they're chunking by. Sometimes it's really advantageous to chunk up text by like every 500 characters. Sometimes it's advantageous to chunk it by every 1000 or 2000 or so. This is not going to be a foolproof solution unless you have a white box assessment where you know exactly what they're chunking the rag on. So it's not going to necessarily be like one chunk here, two chunk here, three chunk here. Basically where each tag that you give it will end up in a different chunk. But this will definitely increase the likelihood of success by a lot. And so they just, they basically use the attack instructions. Sorry for the audio listeners when I say here I'm, I'm highlighting something on screen. But you know, he basically just prepended the attack instructions with words that were likely to occur when the user chatted with Microsoft Copilot such that the attack was pulled into the AI context so that it would override the instructions and print out the markdown image which will exfiltrate the data. Also, I don't really love they even called this zero click. I think that wonder whysy also considers this sort of stuff zero click. And in some sense it is because like if a user then chats with the chatbot, it happens without them clicking. But all of these types of bugs still do require the user to actually chat with the chatbot. But maybe that's just an assumed behavior. So anyways, that's the thoughts.

[00:43:18.59] - Justin Gardner
I would agree with you there that it's not exactly zero click, but I would call that, I don't know, it's something like 0.5 click or something like that. It is distinguishedly different from a one click. And I'm not gonna lie to you, I've definitely gone to a book bounty program, but this is zero click and.

[00:43:36.88] - Joseph Thacker
I think they should pay it that way. We talked about that too on the keynote of the Jason Haddocks and my keynote at the nohamcon. It's like I think companies should reward these as if they were zero click because otherwise they get downgraded so low and you' not paying enough for what is like bleeding edge research in my opinion. If you're not paying these as like that higher severity.

[00:43:55.05] - Justin Gardner
And I also think that that is just one of the solid best practices for programs that are trying to be on the forefront of bug bounty is like, you know, if you are able to trigger an exploit with normal functionality of the application, right? Like if the user logs in, well, you know, if they didn't log in, then they're not using your app, so it doesn't really matter. Um, then, then pay that as a zero click. I've talked about it before but like I had a bug where I had a CSS injection on the dashboard homepage of a specific site that it was zero click. I could just plop a CSS injection onto somebody's dashboard and I just like used it to hit a logout URL and it would just, you know, they would come to their login and then instantly get logged out. And so it was like an application level dos, right? And I think that's, I mean that's as close to zero click as you get, you know, so very interesting. I did want to say rag spraying. You know, I do love when different techniques from other parts of the, of the hacking world get cross correlated and I think this is a great example of like you know, just cross applying principles. And I think that definitely this makes so much sense with how rag works in general and is specifically useful for these like point 5 click right exploitation scenarios. So very cool. Thanks for that shout out. Dude. I did miss the meat of this. This is good.

[00:45:25.11] - Joseph Thacker
I'm glad you liked it and it's cool that you got a little June reference there too.

[00:45:29.19] - Justin Gardner
Yeah, yeah, June. June does. June does great stuff. What did he say in this comment? Because I clicked, no one sees my.

[00:45:35.80] - Joseph Thacker
Stuff or no one.

[00:45:36.80] - Justin Gardner
No one pays attention to my talk. Yeah, we love you, June. Sorry we missed it, bro. Yeah, but yeah, guys, let's just go give Jun a shout out. I. I'm a little bit salty at him because he got the slur image thing fixed immediately, which is not great, but also partially my fault, but definitely check out Jun Kokatsu on on X. His handle is SH N J K and he puts out great stuff all the time.

[00:46:04.67] - Joseph Thacker
Yep.

[00:46:06.03] - Justin Gardner
All right, back to you. Next up. Yeah, next up is from the Asset Note team and Shubs, a new tool came out called Newtowner and I think that this is a really interesting concept and I'm relieved that somebody.

[00:46:18.82] - Joseph Thacker
Whoa, whoa, whoa, whoa, whoa. You're going to mention Shubs without mentioning that he got MVH first. When I saw this link on shoves, I was like, oh, he's just going to mention the shoves, he's going to congratulate Shubs and instead he jumped straight to something else. Congratulations with the new mvh.

[00:46:33.38] - Justin Gardner
I tweeted about it.

[00:46:34.50] - Joseph Thacker
Yeah, you did, you did, you did.

[00:46:35.78] - Justin Gardner
Shoves. Congrats, dude. Also, dang it, he's getting to the point where he's going to pass you. He's like, he's. It's going to be me and him and Franz with, with the whole like when closest to top NBH's number of MBHs. I think Matthias is also up there actually. But yeah, dude, shout out, shout out to our boy Shubs.

[00:46:56.34] - Joseph Thacker
Great work.

[00:46:56.73] - Justin Gardner
Always, always deserves it, man. He always does.

[00:46:59.96] - Joseph Thacker
And on his own soil, if anybody doesn't know, the life hacking event was in Australia, which is where Shubs is from and lives and so.

[00:47:07.09] - Justin Gardner
And that. That feels good, dude. Next time they do it, they did one life hacking event in D.C. and that was my first life hacking event ever. And I was like, you needed to do one in D.C. again. I'm gonna like freaking destroy that.

[00:47:19.25] - Joseph Thacker
Yeah.

[00:47:19.57] - Justin Gardner
But it did feel good to win the the Tokyo lhe for. For Google because it's not necessarily my home soil, but you know, kind of is. Maybe like you live there for a while.

[00:47:29.71] - Joseph Thacker
I mean if you lived in a place, it became a. It becomes a part of you. Yeah, tell me about Newtowner.

[00:47:35.40] - Justin Gardner
Yeah, so Newtowner is a new tool released by the Asset Note team and essentially it's like exploiting a nuance that we see in a lot of cloud environments, which is that a lot of times as a security mechanism, various assets will, will allow list a specific region or data center or block of IP addresses and you can get access to those IP addresses and proxy your traffic through. So Newtowner exploits that scenario, which was traditionally a very hard scenario to exploit. And they have support for GitHub Actions, GitLab, CI, BitBucket, pipelines, AWS, API, Gateway, EC2 and Azure. I'm sorry, Azure is not yet supported, it says on the status. But essentially what this allows you to do is check for differences in URLs, HTTP or HTTPs across when your traffic is coming from these Potentially allow listed IPs versus from your normal like VPs or whatever.

[00:48:40.78] - Joseph Thacker
This blew my mind. It makes so much sense. I mean anyone who has done large scale recon and just finds thousands of domains that just like error or don't respond or don't do anything. Well, whenever I saw this tweet that says mutual TLS, not when you're coming from ABS 404 not found. Not when you're coming from AWS, it's like, oh man. Yes. So this is really cool.

[00:49:02.51] - Justin Gardner
Genius.

[00:49:03.00] - Joseph Thacker
Yeah, it's a really great way to get access to new scope or like green filled, unhacked things from a lot of like these really large wildcard programs. I think this would unlock a ton of like low hanging fruit because these things that are whitelisted are probably old and probably not looked at.

[00:49:18.28] - Justin Gardner
Yeah, absolutely. Yeah. I mean, essentially, I imagine if you find a differential between these two, then it's almost always going to end up in a bug.

[00:49:25.23] - Joseph Thacker
Yeah.

[00:49:26.59] - Justin Gardner
So for any of you big recon people, this could be a really good thing to integrate because one of the things that the recon folks sort of struggle with is the volume of all the assets. And especially if you're looking to do manual hacking. How do I select one of these assets out of these 5 million assets? I've got to spend my time on manually hacking. And there have been all sorts of attempts to do this with like, let me pull the JavaScript files, screenshot or whatever single page application, the screenshot, you know, all that sort of thing. And I think this is another indicator of like, okay, well if it's responding differently when the IP address is coming from AWS versus if it's coming from my VPs, then that's another indicator that says maybe this target.

[00:50:08.23] - Joseph Thacker
Dude, I bet this is already found. Like caused so many vulnerabilities to be found.

[00:50:11.94] - Justin Gardner
I'm sure it has.

[00:50:12.71] - Joseph Thacker
I didn't, I didn't know what this was until literally just now. This is insane.

[00:50:16.46] - Justin Gardner
And the thing is man, you know, like you can't implement everything, you know. But I would say that I think this is one of the things that really, if you're looking to differentiate yourself, not a lot of people I've heard of are doing this. I know that the Acido team has been doing this for a while. I know that I won't shut them out in particular, but there, there's one other researcher that I know made a ton of money off of this. But as to note once again has your back leading the industry releasing a tool for this. So get it implemented ASAP and be one of the first ones to actually profit from it.

[00:50:49.38] - Joseph Thacker
I think the reason why I love this so much, one, I've done a lot of big recon and big scanning. But I think two is I. And I think you in particular and other people are finding a lot more value and a lot higher ROI from spending time on these big well paying programs. And this just screams to me like use it on Google, use it on Yahoo, Use it on T Mobile, you know, like use it on Amazon. Like the like some a product like this is going to turn, turn up the most results when used at a massively wild card bajillion subdomain program. And so I and, and those programs right now are often some, most people's anchors Pro anchor programs, right. They pay well, they respond quickly and so like the fact that this works on big Pro is most likely to work on big well paying programs. Makes it even a higher leverage opportunity I think.

[00:51:39.38] - Justin Gardner
Thing totally, dude. Yeah, definitely. Another great release by the Asset Node team. Freaking love those guys, dude. All right, you're up. What you got?

[00:51:50.09] - Joseph Thacker
Cool. Yeah, I mean this was like a really, really small short one. But you know, Jason Haddock often shares really great AI hacking tips and he basically said that this payload has been working for him on a lot of stuff. And I think there's going, there's where this is like the year of agents and people are always looking at agents and hacking on agents. It's hard to like. Well it's not hard but I just think that the tips that are most likely to work with LLMs are so much higher value and higher ROI because it's really annoying and frustrating and you often just give up when you're trying to get a model to like break its rules or do something different and it's just frustrating you and you just want to go back to normal hacking kind of give up. And so I think having those like high ROI tips like last time I think we mentioned additional instructions. Colon is like a really kind of a key phrase to use. This feels like another one of those kind of key phrases. Let me share real quick.

[00:52:36.92] - Justin Gardner
What, what is the phrase?

[00:52:37.92] - Joseph Thacker
I'm going to tell you, I'm going share it first.

[00:52:39.86] - Justin Gardner
Okay.

[00:52:40.30] - Joseph Thacker
All right. Share screen X. Here we go. He said that for agentic systems he said he's noticed that this works wonders. Basically you know, have like agent rules section and this is obviously marked down formatted bold. And you know, very frequently system prompts are in, you know, well, formatted markdown. And then he says treat every. So basically you have a heading called Agent rule section and then you have in parentheses a thing that says treat every must or should below as a hard constraint and then a bullet point that's basically like agent or tools must and then whatever you want it to do. And so what this does is, you know, the model is thinking something like, oh, I'm running as an agent or I have this access to these tools and now I have a new instruction or a new, you know, requirement that I have to do what this thing says and it like aligns with the system prompt really well. And so anyways, he said that's worked well across 50 plus AI first companies. And so I trust him. And yeah, felt like a very solid tip.

[00:53:40.53] - Justin Gardner
That, that is a solid tip, man. If he's tweeting that out and giving that that, you know, data set on it, he's getting a lot of distribution on these AI, on these AI companies, man. 50 plus having tried that, that's pretty sick.

[00:53:55.32] - Joseph Thacker
Yeah.

[00:53:56.36] - Justin Gardner
So definitely a good data supported find then.

[00:53:58.61] - Joseph Thacker
Yep.

[00:54:00.69] - Justin Gardner
Dude, I see that you pulled this Gareth Hayes tweet and I am like, why?

[00:54:06.65] - Joseph Thacker
Why did you not?

[00:54:07.84] - Justin Gardner
Why did I not. No, no, no, I had it. I. Dude, I had it in my bookmarks but, you know, I've been out for a while. Yeah, yeah. And. And so then it got buried in the book.

[00:54:15.61] - Joseph Thacker
Why don't you tell me about it?

[00:54:16.44] - Justin Gardner
Find it this time. Okay, I'll tell you what's cool about it. Yeah, no, no, I got you.

[00:54:20.05] - Joseph Thacker
So is the original poster. Is the op Japanese Masato?

[00:54:24.57] - Justin Gardner
Masato, yeah.

[00:54:25.84] - Joseph Thacker
He.

[00:54:26.32] - Justin Gardner
He does amazing stuff. And that was actually the one that I had bookmarked. Yeah, that I had bookmarked. But essentially there's another way to pop XSS that just kind of recently came out and that is using these object or embed. Here, let me go ahead. I'll go ahead and share my screen as well.

[00:54:47.50] - Joseph Thacker
Sure.

[00:54:47.73] - Justin Gardner
But it's using object and embed and it's using an attribute which I haven't seen before called code base. And like I said, I haven't actually had the chance to deep dive this since I'm recording this episode right after coming back from vacation. But they provide just simply a hashtag in the source or data attribute of these two things. And this is triggering JavaScript execution on Firefox. So I mean, this is one of those things that's really going to break a lot of like WAF related stuff because typically they're looking for on event handlers and stuff like that, but this one actually allows you to provide a JavaScript URI and it triggers. So definitely a good. I don't know how long this is going to last, but definitely one to keep in mind. Now if you're dealing with a WAF and you Want to get a pop in a Firefox environment.

[00:55:38.67] - Joseph Thacker
So why does Gareth Hayes second thing work? Like, did you see his tweet?

[00:55:44.67] - Justin Gardner
Yeah, you're talking about with the data equals hashtag and then the new line.

[00:55:49.30] - Joseph Thacker
Yeah, it's. It's both a new line here I'm sharing it. It's both a new line, but it's also like the hashtag like up here, up here it makes sense, right? It's JavaScript colon alert. Here it's JavaScript colon slash, slash and then somehow fires this alert. Super weird.

[00:56:04.17] - Justin Gardner
So I'm gonna, I'll see if I can pull up the docs for it right now as we're talking.

[00:56:08.50] - Joseph Thacker
Well, while you're doing that, I had a question. Is there a way to look for other words like code base here? Like I don't know, I guess that's like a key and a key value pair. Are there other object related keys that have been under explored that we could look for?

[00:56:21.19] - Justin Gardner
I mean absolutely is answer that question. But essentially I'm pulling up the Firefox docs for this specific thing because like I said, I haven't had the chance to deep dive it super much. So we're just going to do this live here. And it looks like code base is actually deprecated, but it says the base path used to resolve relative URIs specified by class, id, data or archive. If not specified, the default is the base URI of the current document. So essentially this is affecting the base URI that is getting integrated into resolving these data and object tags. And so that's why Gareth's thing here is interesting with the hashtag in the new line because he provides a JavaScript URI in the beginning. So JavaScript colon, slash, slash. So when you do JavaScript colon slash, slash that starts a comment inside of the JavaScript context, right? So JavaScript colon now you're in JavaScript slash, slash is a comment. And then he specifies a hashtag as a part of this URL that would be a part of the fragment and then a new line which is going to break out of that comment in JavaScript. Right? And then run alert one.

[00:57:38.21] - Joseph Thacker
Interesting.

[00:57:39.86] - Justin Gardner
So this is quirky as heck.

[00:57:41.82] - Joseph Thacker
It's really quirky.

[00:57:42.67] - Justin Gardner
It's cool, really quirky. And I think that this is another really great example of base related functionality being super interesting for hackers because if you are able to affect the domain, or more importantly really the protocol that a given tag is using by modifying whatever its base configuration is, then you can do a lot of really unintended Stuff that's crazy.

[00:58:06.59] - Joseph Thacker
It's deprecated. This has been around, probably used by some random threat actor for years.

[00:58:10.67] - Justin Gardner
Totally. Yeah. And great find. By. I want to say it's Masatsu Kinogawa that found it first, but I know that other people have sort of built on that research.

[00:58:20.59] - Joseph Thacker
Yeah.

[00:58:21.71] - Justin Gardner
Cool.

[00:58:22.59] - Joseph Thacker
I think you had something for Jorian.

[00:58:25.63] - Justin Gardner
Oh yeah.

[00:58:26.36] - Joseph Thacker
I can quickly say something though.

[00:58:28.11] - Justin Gardner
Yeah, go for it.

[00:58:28.88] - Joseph Thacker
We already mentioned the drama, but one thing that came out around the same time, and this is actually back, I guess a nice transition from the other Haddocks thing. He said something along the lines of like, I don't know is the. Are the Hacker1 or Bug Bounty platforms training AI models on user data? So I obviously I don't work at any of those companies, so I don't know 1000% sure. But I've talked with a lot of those leaders that we mentioned earlier and to my knowledge there are no companies, no bug bounty companies that are training models or even fine tuning models on hacker submissions. So just want to clear that up. I don't, you know, obviously one day it may happen or something. I will say I've had conversations with them about whether hackers would be upset about that and I've said yes every time. I do think, I do think there is some reality where some hackers agree to give up their reports for some sort of money in exchange for letting those be trained upon. And I think that makes perfect sense because it's like our intellectual property. I know in some ways you kind of give it away depending on what, what you've signed for, what platform or program, whatever. A lot of major companies like Fortune 50 for Fortune 100 companies, a lot of times whenever you're signing up for their bug money program, you actually are giving them the rights to that intellectual property. But I do think that that may happen in the future. I actually don't think it's that valuable right now just because these models get so much smarter and when you do fine tune them for a specific thing, they actually get worse. You and I have tested a cybersecurity model. Specifically, Google has released multiple cybersecurity specific models and they're just worse than the bigger, better models. So I don't actually know that there's a lot of value in these companies even doing it yet. But I do think that as cybersecurity becomes a bigger AI safety threat, it's possible that they'll want them or as these hackbot companies grow and have the money to potentially purchase the data set and they want to use those as like rag, where they pull in really good examples of what I was going to say exploits.

[01:00:22.46] - Justin Gardner
Yeah, yeah, I think, I think using it for RAG has a lot more value than model fine tuning. Tuning. But yeah, I mean I want to echo. I have talked to at least HackerOne and Bugcrowd and I know that they are not doing it. I do not know if SYNACK is not doing it. Not to say that they are, I just don't know. So I don't want to be put on air of saying that all the top platforms are not doing it. But yeah, I know that at least HackerOne and Bug Crowd are not. So yeah, I think it's important to note. But yeah, I think you hit the nail on the head where I think RAG is a lot more important part of this. So I think converting all those into embeddings will at some point be necessary. And I think, I think it's really interesting that like what you said of maybe at some point these companies say, hey Justin, you have 2,000 submissions here, we'd like to rag this, here's 250 grand. And I'm like, yeah, okay, why wouldn't you?

[01:01:25.86] - Joseph Thacker
In my opinion, yeah, it's basically getting more value out of the value you've already added or it's like more value out of the work you've already put in.

[01:01:34.69] - Justin Gardner
Yeah, yeah. I mean it's going to cost them a shit ton of money to buy that data and who knows, maybe they'll steal it from us like you said, you know, But I think that right now that is not happening.

[01:01:45.03] - Joseph Thacker
So yeah, yeah, it would be interesting if there are any lawyers or smart people out there to know what kind of, what kind of rights or what kind of things we could do to protect ourselves in that regard if it were to ever happen. Like, I would love to know kind of what the recourse is if it were to occur because I think right now we're kind of as a society trying to figure out what that looks like in the form of intellectual property of writing and that goes into these models. And definitely the art community is trying to figure out what it looks like. I don't know if you saw it, Disney just sued Mid Journey for training on their stuff or something. And so it's going to be interesting to see how all this shakes out. And I think it'd be nice to know what our kind of recourse going.

[01:02:22.67] - Justin Gardner
To set precedent for hackers for sure. Yeah. All right. Last one that I had was once Again, Jorian popping out some crazy stuff I tell you, just tweets out and says, hey, I'm not sure you guys know about the debug function in Chrome's DevTools. And when I first read that, I was like, yeah, I know about the debug function. Like, of course I know about the debug function, but I did not know about the debug function. So listen up for a sec. If you do client side hacking, essentially what he is saying here is that this, this function debug in Chrome, which is different, not to be confused with the debugger directive in Chrome, actually allows you to kind of do almost dumb logger plus plus like hooking or like proxy, like hooking, where you can specify a specific prototype function. In this example, he specifies DOM parser prototype, parsefromstring, something that's used to obviously parse HTML and convert it into a DOM and then triggers a breakpoint on that specific function. And that was not something that I was familiar with and I think is really helpful for that. Quick and dirty.

[01:03:29.21] - Joseph Thacker
I hate setting breakpoints. I still don't understand it, to be totally honest. And so I think this is going to be something I could potentially use to get quick and dirty breakpoints without having to like right click set it. Oh my gosh. And doesn't it sometimes go away? Like you can lose breakpoints so easily in Chrome dev tools?

[01:03:45.61] - Justin Gardner
It depends on the way that the site is structuring their JS files. And it's a massive pain in the butt when like the name of JS files is like changing every time you refresh and you're like, oh, I can't set up.

[01:03:56.42] - Joseph Thacker
Well, no, I mean sometimes though, like, even if you set it and it's not doing that, if you accidentally click it to delete it, right? Like if you click it, it's gone, right? You can't recover it.

[01:04:05.19] - Justin Gardner
Yeah, sometimes. And there's also quirks of like, oh, I disabled this breakpoint, but it's still triggering. And just dev tools for being one of the very essential tools is a little bit buggy, I have to say. So anyway, this is another cool piece and then one of the people from the comments section says that there's a write up by Bentowski, which is amazing researcher at Google Zero day project. So he sort of covers this a little bit more specifically, talking about how the debug directive back in the day was shared by the process, not by the origin. So that you could set a debug directive on one on like you know, blah, blah, blah, google.com and it would allow you to get XSS on www.google.com, email.google.com, all these other things if it was, you know, input it directly into the dev console.

[01:05:00.28] - Joseph Thacker
Yeah.

[01:05:01.32] - Justin Gardner
Which, you know, is not the most impactful vulnerability, but is something that is not what I would have expected and would potentially have caused even an advanced user. Right. Of DevTools and of, you know, Chrome to have some unintended consequences.

[01:05:16.53] - Joseph Thacker
Yeah.

[01:05:17.32] - Justin Gardner
So definitely interesting reads both on this and just knowing how the debug function.

[01:05:21.17] - Joseph Thacker
Works before you stop sharing. What is the dollar value there on tweets? Is that. Are that. Are you in, like, a beta group, a beta test for showing how much money is from each impression?

[01:05:29.28] - Justin Gardner
I don't have this right here. Yeah. I think maybe this is a Chrome extension or something like that that, like, you know, calculates the number of views by the average, like, payout on Twitter or something like that.

[01:05:40.42] - Joseph Thacker
So I didn't know you had that.

[01:05:41.55] - Justin Gardner
It's interesting. You can just be like, okay, you know, this tweet got 2,767 views and it's worth 7 cents.

[01:05:48.03] - Joseph Thacker
Right.

[01:05:48.42] - Justin Gardner
You know, if you're. If you're a monetized person. So.

[01:05:53.71] - Joseph Thacker
Cool. Cool.

[01:05:54.26] - Justin Gardner
Anyway. Definitely cool. And then I kind of went a little bit deeper on this. Just, I was. Because I was mad that I didn't know about this, and I was like, where are the docs for this? And the docs are, like, super hard to find for this. And I did track down some of them, which is just like a. Essentially a blog post from developer.chrome.com sort of explaining how it works. And you can see, you know, that a function is being passed directly into the debug function here. But it's kind of hard to actually, like, pull up the docs on how exactly this works, but I have seen other places where it's used and there's like a condition being passed in as, like, the second parameter, but at least the first parameter is certain, and that is a reference to a specific function or prototype where you want to cause a breakpoint to occur. So definitely good to know about.

[01:06:42.38] - Joseph Thacker
Yeah, very cool. I don't have anything else. I. You know, I think we pulled out two pretty neat things to talk about on a future episode or. Yeah, maybe it's a bonus episode or something. So we can do that. But.

[01:06:53.57] - Justin Gardner
Yeah, yeah, let's do it. Let's call it a rap for today. Yeah, cool.

[01:06:56.30] - Joseph Thacker
Thank you guys for sticking with us. Peace. Bye.

[01:07:00.46] - Justin Gardner
And that's a wrap on this episode of Critical Thinking. Thanks so much for watching to the end y' all. If you want more Critical Thinking content or if you want to support the show, head over to CTBB Show Discord. You can hop in the community. There's lots of great high level hacking discussion happening there on top of the master classes, hack alongs, exclusive content and a full time Hunters guild. If you're a full time hunter, it's a great time. Trust me. I'll see you there.