SL Cyber Writeups, Metastrategy & Orphaned Github Commits (Ep. 131)

Episode 131: Christmas in July HACKING STYLE -SL Cyber Writeups, Bug Bounty Metastrategy, and Orphaned Github Commits

Episode 131: In this episode of Critical Thinking - Bug Bounty Podcast we're covering Christmas in July with several banger articles from Searchlight Cyber, as well as covering things like Raycast for Windows, Third-Person prompting, and touch on the recent McDonalds Leak

Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to https://twitter.com/realytcracker for the awesome intro music!

====== Links ======
Follow your hosts Rhynorater and Rez0 on Twitter:
https://x.com/Rhynorater
https://x.com/rez0__

====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today’s Sponsor is Adobe. Use code CTBBP0907 in your first report on Adobe Behance, Portfolio, Fonts or Acrobat Web, and earn a one-time 10% bonus reward!

====== Resources ======
v1 Instance Metadata Service protections bypass
https://amlw.dev/vrp/135276622/

Would you like an IDOR with that? Leaking 64 million McDonald’s job applications
https://ian.sh/mcdonalds

How we got persistent XSS on every AEM cloud site, thrice
https://slcyber.io/assetnote-security-research-center/how-we-got-persistent-xss-on-every-aem-cloud-site-thrice/

Google docs now supports export as markdown
https://x.com/albinowax/status/1943306445149049178

Abusing Windows, .NET quirks, and Unicode Normalization to exploit DNN (DotNetNuke)
https://slcyber.io/assetnote-security-research-center/abusing-windows-net-quirks-and-unicode-normalization-to-exploit-dnn-dotnetnuke/

How I Scanned all of GitHub’s “Oops Commits” for Leaked Secrets
https://trufflesecurity.com/blog/guest-post-how-i-scanned-all-of-github-s-oops-commits-for-leaked-secrets

Bug bounty, feedback, strategy and alchemy
https://zhero-web-sec.github.io/thoughts/bugbounty-feedback-strategy-and-alchemy

====== Timestamps ======
(00:00:00) Introduction
(00:05:39) Metadata Service protections bypass & Mcdonalds Leak
(00:12:30) Christmas in July with Searchlight Cyber Pt 1
(00:19:43) Export as Markdown, Raycast for Windows, & Third-Person prompting
(00:23:56) Christmas in July with Searchlight Cyber Pt 2
(00:27:39) GitHub’s “Oops Commits” for Leaked Secrets
(00:36:53) Bug bounty, feedback, strategy and alchemy