Episode 140: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph give an update from The Crit Research Lab, as well as some writeups on postMessage vulnerabilities, Cookie Chaos, and more.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to https://twitter.com/realytcracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater and Rez0 on Twitter:
https://x.com/Rhynorater
https://x.com/rez0__
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
====== This Week in Bug Bounty ======
Cross-site request forgery: The ultimate Bug Bounty guide to exploiting CSRF vulnerabilities https://www.yeswehack.com/learn-bug-bounty/ultimate-guide-csrf-vulnerabilities
HackerOne New Milestone Rewards Program
https://www.hackerone.com/blog/hackerone-portswigger-hacker-milestone-rewards-program
BugCrowd is always looking for experienced hackers interested in doing media. (interviews, articles in magazines, panel discussions (T&E covered))
Email santerra.holler@bugcrowd.com
====== Resources ======
Exploiting Web Worker XSS with Blobs
https://criticalthinkingpodcast.github.io/research/Exploiting-web-worker-XSS-with-blobs
Critical Research Lab
https://www.criticalthinkingpodcast.io/p/critical-research-lab/
Rez0's Tweet
https://x.com/rez0__/status/1965848719863193827
CVE-2022-21703: cross-origin request forgery against Grafana
https://jub0bs.com/posts/2022-02-08-cve-2022-21703-writeup/
Conversation about Forcing Quirks Mode
https://x.com/terjanq/status/1965041537680822534
AI Busniess Logic & POC or GTFO
https://x.com/rez0__/status/1965582855322419383
Hunting postMessage Vulnerabilities – Part 1
https://blog.ryukudz.com/posts/postmessage-part-1/
Hunting postMessage Vulnerabilities – Part 2
https://blog.ryukudz.com/posts/postmessage-part-2/
Executive Offense
https://executiveoffense.beehiiv.com/p/ai-hackbots-part-1
Cookie Chaos: How to bypass __Host and __Secure cookie prefixes
https://portswigger.net/research/cookie-chaos-how-to-bypass-host-and-secure-cookie-prefixes
====== Timestamps ======
(00:00:00) Introduction
(00:05:48) Crit Research Update & Exploiting Web Worker XSS with Blobs
(00:13:00) Encouragement, Accountability, and Collaboration
(00:19:37) Cross-origin request forgery against Grafana & Anthropic's web fetch
(00:29:17) Forcing Quirks Mode
(00:35:15) AI Business Logic & POC or GTFO
(00:44:21) Hunting postMessage & Free Claude Code browserbase
(00:51:25) Community story, Executive Offense, & Cookie Chaos
