Signing up to developer programs, creating bank accounts and joining reseller programs, are awesome ways to gain additional app functionality that most people can't be bothered to go through!
Jason Haddix explains why webhooks and integrations are a great starting place to look for bugs.
Recently smuggled some sensitive data via CSS injection and sequential import chaining!
Episode 63: In this episode of Critical Thinking - Bug Bounty Podcast we welcome back Jason Haddix (From Episode 12) to talk about some updates to his The Bug Hunter's Methodology, as well as his own personal life and hacking journey. We talk about the start of his new company,…
This exploit is da bomb: Exploiting cookie bombing for session hijacking!
Discovered an iFrame hijack using window.open and two iframes that allowed me to do some fun postMessage stuff.
JR0ch17 accidentally discovered a bug in an OAuth flow where sending constant requests to the token refresh endpoint without a refresh token or authentication, could grant an access token during another user's login process!
lollll JR0ch17 ruins a guy's day when a year old blind XSS payload finally pops... via a complaint sent to an internal email system about JR0ch17's behaviour.
This one deserves a golf clap for sure.
Episode 62: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel are back with some additional research resources that didn’t make the Portswigger Top-Ten, but that are worth looking at. Follow us on twitter at: https://twitter.com/ctbbpodcast Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout…
Where do you get the most bang for your buck: Courses, certs or self taught? JR0ch17 has done all three so we wanted to get his opinion! Get his full answer here: ctbb.show/61 What do you think?
Using an error based oracle (and some PHP quirks) to arbitrarily exfiltrate a file via PHP filter chains. This technique came 4th in the Portswigger's Top 10 and also made our own HackerNotes Top 5! Get the full details: ctbb.show/61
Coming in at number 8 is "From Akamai to F5 to NTLM... with love." by d3d! Abusing Akamai with request smuggling, to abuse F5 with cache poisoning, to abuse traffic routes, to steal NTLM credentials. This is what 3 months of research looks like! Get the low down here: ctbb.show/61
Episode 61: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by Jasmin Landry to share some stories about startup security, bug bounty, and the challenges of balancing both. He also shares his methodology for discovering OAuth-related bugs, highlights some differences between structured learning and self-teaching,…
James Kettle combined Nagle's algorithm with HTTP/2 methods to create a single packet attack, resolving historical race condition issues caused by network jitter. Here's a quick rundown: - Use HTTP2 to bundle multiple HTTP requests into one TCP packet. - Delay the final byte and end stream frame for simultaneous…
Everything seems escaped. How about backslashes? If not then you might have found a "Context Break" gadget. Say you've got the following scenario: X = "your input"; Y = "your input"; Try adding a backslash to the end of your input to un-terminate the string. If the backslash isn't escaped…
I exploited a stored image injection vuln recently where I could repeatedly log a user into a different account and then they could never get access to their own account! Here's how I did it.
Episode 60: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel review the Portswigger Research list of top 10 web hacking techniques of 2023. Follow us on twitter at: https://twitter.com/ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io…
Why? Because who's expecting malicious input to come back from a fetch request that they sent to their own API!? Watch the full episode here: ctbb.show/59
I know how hard it is to stay motivated when you've been hacking for days and haven't found anything. Here's my tip:
How to turn math.random into math(NOT)random by calculating the seed! Watch the full episode with Youssef Sammouda here: ctbb.show/58
Episode 59: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel discuss the concept of gadgets and how they can be used to escalate the impact of vulnerabilities. We talk through things like HTML injection, image injection, CRLF injection, web cache deception, leaking window location, self-stored…
Stored XSS? "Easy". SQL Injection? "Piece of cake". Manipulating page encoding for Scroll to Text Fragment exploitation? "Uhhhh... Can you hold?". Youssef throws more triage curveballs at us in this episode: https://loom.ly/ovfwWUc
