In this episode of Critical Thinking - Bug Bounty Podcast, Joel caught a nasty bug (no, not that kind) so Justin is flying solo, and catches us up to speed on what's been happening in hacking news.
Follow us on twitter at: https://twitter.com/ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater & Teknogeek on Twitter:
- https://twitter.com/0xteknogeek
- https://twitter.com/rhynorater
Smashing the State article: https://portswigger.net/research/smashing-the-state-machine
Nagles Algorithm: https://en.wikipedia.org/wiki/Nagle%27s_algorithm
HTTP/2 RFC: https://httpwg.org/specs/rfc7540.html
Tweet by Alex Chapman: https://twitter.com/ajxchapman/status/1691103677920968704?s=20
Cookieless Duodrop IIS Auth Bypass: https://soroush.me/blog/2023/08/cookieless-duodrop-iis-auth-bypass-app-pool-privesc-in-asp-net-framework-cve-2023-36899/
XSS and .Net: https://blog.isec.pl/all-is-xss-that-comes-to-the-net/
Shopify Account Takeover: https://ophionsecurity.com/blog/shopify-acount-takeover
Short Name Guesser: https://github.com/projectmonke/shortnameguesser
Hacking Points.com: https://samcurry.net/Points-com/
Hacking Starbucks: https://samcurry.net/hacking-starbucks/
Bug Bounty Tag Request: https://twitter.com/ajxchapman/status/1688892093597470720
Sandwich Attack: https://www.landh.tech/blog/20230811-sandwich-attack
====== Timestamps ======
(00:00:00) Introduction
(00:01:25) Smashing the State
(00:11:30) HTTP/2 RFC
(00:17:30) Cookieless Duodrop IIS Auth Bypass
(00:24:45) Takeovers and Tools
(00:32:30) Sam Curry writeup
(00:53:10) Community requests
(00:55:10) Sandwich Attacks
