Feb. 26, 2026

Episode 163: Best Technical Takeaways from Portswigger Top 10 2025

Episode 163: Best Technical Takeaways from Portswigger Top 10 2025
The player is loading ...
Episode 163: Best Technical Takeaways from Portswigger Top 10 2025
Episode 163: Best Technical Takeaways from Portswigger Top 10 2025
Apple Podcasts podcast player badge
Spotify podcast player badge
Castro podcast player badge
RSS Feed podcast player badge
YouTube podcast player badge
Apple Podcasts podcast player iconSpotify podcast player iconCastro podcast player iconRSS Feed podcast player iconYouTube podcast player icon
Season 1

Episode 163: In this episode of Critical Thinking - Bug Bounty Podcast It’s that time of year again! We’re looking at the Portswigger Research list of top 10 web hacking techniques of 2025.


Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!



====== Links ======

Follow your hosts Rhynorater, rez0 and gr3pme on X: 

https://x.com/Rhynorater

https://x.com/rez0__

https://x.com/gr3pme


Critical Research Lab:

https://lab.ctbb.show/ 


====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!


We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.


You can also find some hacker swag at https://ctbb.show/merch!



====== Resources ======


Parser Differentials: When Interpretation Becomes a Vulnerability

https://www.youtube.com/watch?v=Dq_KVLXzxH8


XSS-Leak: Leaking Cross-Origin Redirects

https://blog.babelo.xyz/posts/cross-site-subdomain-leak/


Playing with HTTP/2 CONNECT

https://blog.flomb.net/posts/http2connect/


Next.js, cache, and chains: the stale elixir

https://zhero-web-sec.github.io/research-and-things/nextjs-cache-and-chains-the-stale-elixir


SOAPwn: Pwning .NET Framework Apps Through HTTP Client Proxies And WSDL

https://watchtowr.com/wp-content/uploads/SOAPwnwatchtowr_soappwn-research-whitepaper_10-12-2025.pdf


Cross-Site ETag Length Leak

https://blog.arkark.dev/2025/12/26/etag-length-leak


Lost in Translation: Exploiting Unicode Normalization

https://www.youtube.com/watch?v=ETB2w-f3pM4


ORM Leaking More Than You Joined For

https://www.elttam.com/blog/leaking-more-than-you-joined-for/


Novel SSRF Technique Involving HTTP Redirect Loops

https://slcyber.io/research-center/novel-ssrf-technique-involving-http-redirect-loops/


Successful Errors: New Code Injection and SSTI Techniques

https://github.com/vladko312/Research_Successful_Errors




====== Timestamps ======

(00:00:00) Introduction

(00:02:33) Parser Differentials: When Interpretation Becomes a Vulnerability

(00:11:02) XSS-Leak: Leaking Cross-Origin Redirects

(00:18:25) Playing with HTTP/2 CONNECT

(00:22:10) Next.js, cache, and chains: the stale elixir

(00:29:15) SOAPwn: Pwning .NET Framework Apps Through HTTP Client Proxies And WSDL

(00:34:27) Cross-Site ETag Length Leak

(00:41:47) Lost in Translation: Exploiting Unicode Normalization

(00:47:27) ORM Leaking More Than You Joined For

(00:54:07) Novel SSRF Technique Involving HTTP Redirect Loops

(00:58:40) Successful Errors: New Code Injection and SSTI Techniques