Sept. 7, 2024
Why didn't I know about THIS!?
#bugbountytips #bugbounty #bugbounties
Sign up to get updates from us
Episode 87: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with none other than his wife Mariah to talk about Bug Bounty from the perspective of a Significant Other. They share how they’ve traversed travel and Live Hacking Events, household chores, hobbies, goals, rewards, as…
Episode 86: In this episode of Critical Thinking - Bug Bounty Podcast Frans blows Justin’s mind with a sneak peak of his new presentation. Note: This is a little different from our normal episode, and video is recommended. So head over to ctbb.show/yt if you feel like you’re missing something.…
Episode 85: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel talk through some of the research coming out of DEFCON, mainly from the PortSwigger team. Web timing attacks, cache exploitation, and exploits related to email protocols are all featured. Plus we also talk some fun…
Episode 84: In this episode of Critical Thinking - Bug Bounty Podcast, Justin is joined by Roni Carta (@0xLupin) to discuss their MVH win at the recent Google LHE, and share some technical observations they had with the target and the event. Follow us on twitter at: @ctbbpodcast We're new…
Wanna dive into IoT device research? Grab a device, hook it up with UART or JTAG, and start poking around. Try some tricks like glitching or looking for sneaky firmware backdoors to get in. Here's a quick rundown. #bugbountytips #bugbounty #bugbounties
Pwn2Own competitions can be a cruel mistress but there are ways to prepare for the worst.
Episode 83: In this episode of Critical Thinking - Bug Bounty Podcast Joel and Justin are brainstorming new features and improvements for Caido, such as the implementation of a 403 bypassing workflow, a text expander, Tracing Cookies, and more. Follow us on twitter at: https://twitter.com/ctbbpodcast We're new to this podcasting…
Instead of manually modifying debug functions, Matan sets log points to capture function arguments, providing more visibility and simplifying the process. Here's how to add log points with a right-click in DevTools.
Learn how Matan uses JavaScript imports to fetch and execute files, transforming traditional XSS exploits into a single-line process. #bugbountytips #bugbounty #bugbounties
Matan Berson ingeniously uses self-XSS to manipulate cookies and hijack browser sessions. Learn how he cleared cookies, set redirect cookies with payloads, and achieved successful login redirections by exploiting path variables for session fixation.
Genius debugging technique: writing scripts inside conditional breakpoints! Learn how to inject code directly into breakpoints for quick checks, making debugging super efficient. This eye-opening trick will revolutionize how you use conditional breakpoints.
If you wanna do cool shit, you gotta put in the reps. Also... check out the biceps on Justin! 😂
Episode 82: In this episode of Critical Thinking - Bug Bounty Podcast Joel Margolis discusses strategies and tips for part-time bug bounty hunting. He covers things like finding (and enforcing) balance, picking programs and goals, and streamlining your process to optimize productivity. Follow us on twitter at: https://twitter.com/ctbbpodcast We're new…
If CSS injection keeps you up at night, you're not alone. Get in touch with Justin and you can start a club or get help or something.
Next level chaining technique from Spaceraccoon to gain RCE through browser extensions!
Episode 81: Crushing Client-Side on Any Scope with MatanBer Episode 81: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by MatanBer to go over some recent bug reports, as well as share some tips and tricks on client-side hacking and using DevTools effectively. Follow us…
Here's a slick trick for y'all. Next time you're brute forcing tokens, try brute forcing from both ends to leak tokens faster!
Here's a CSS tidbit for y'all! You can apply "display: block" to a script tag and the will just be displayed on the screen like it was like a p tag!
A great takeaway from Justin on the benefits of using AI... Followed by Joel being rebooted by his cat.
Hot tips from Justin on why you should grep for headers.
