Episode 116: Auth Bypasses and Google VRP Writeups Episode 116: In this episode of Critical Thinking - Bug Bounty Podcast Justin gives a quick rundown of Portswigger’s SAML Roulette writeup, as well as some Google VRP reports, and a Next.js middleware exploit. Follow us on twitter at: https://x.com/ctbbpodcast Got any…
Episode 115: In this episode of Critical Thinking - Bug Bounty Podcast Justin and So Sakaguchi sit down to walk through some recent bugs, before having a live mentorship session. They also talk about Reflector, and finish up by doing a bonus podcast segment in Japanese! Follow us on twitter…
#hacking #bugbounty #bugbountytips #websecurity #infosec #xss #xsstricks #aihacking
#hacking #bugbounty #bugbountytips #websecurity #infosec #aihacking #socialengineering
#hacking #bugbounty #bugbountytips #websecurity #infosec #webhacking #sopbypass
Episode 114: In this episode of Critical Thinking - Bug Bounty Podcast we’re diving into SPA and how to attack them.We also cover a host of news items, including some bug write-ups, AI updates, and a new tool called Hackadvisor. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and…
#hacking #bugbounty #bugbountytips #websecurity #infosec #aihacking #llmhacking #openai #gemini #chatgpt
#hacking #bugbounty #bugbountytips #websecurity #infosec #dompurify
Episode 113: In this episode of Critical Thinking - Bug Bounty Podcast we’re breaking down the Portswigger Top 10 from 2024. There’s some bangers in here! Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to https://twitter.com/realytcracker for…
#hacking #bugbounty #bugbountytips #websecurity #infosec #dompurify
#hacking #bugbounty #bugbountytips #websecurity #infosec #dompurify
Episode 112: In this episode of Critical Thinking - Bug Bounty Podcast Joseph Thacker is joined by Ciarán Cotter (Monke) to share his bug hunting journey and give us the rundown on some recent client-side and server-side bugs. Then they discuss WebSockets, SaaS security, and cover some AI news including…
#hacking #bugbounty #bugbountytips #websecurity #infosec #google #googlehacking #websecurity #gemini
#hacking #bugbounty #bugbountytips #websecurity #infosec #websecurity
#hacking #bugbounty #bugbountytips #websecurity #infosec #discord #xss
#hacking #bugbounty #bugbountytips #websecurity #infosec #oauth
Episode 111: How to Bypass DOMPurify in Bug Bounty with Kevin Mizu Episode 111: In this episode of Critical Thinking - Bug Bounty Podcast Justin interviews Kevin Mizu to showcase his knowledge regarding DOMPurify and its misconfigurations. We walk through some of Kevin’s research, highlighting things like Dangerous allow-lists and…
![[Bug Drop] XSSDoctor's Sick XSS Chain](https://images-cf.getpodpage.com/cdn-cgi/image/quality=70,fit=contain,format=auto,width=480/https://i.ytimg.com/vi/oA1kooSC5pU/maxresdefault.jpg "[Bug Drop] XSSDoctor's Sick XSS Chain")
We're going a bit outside the normal posts for CTBB Podcast today, and we're gonna give you a taste of what our premium content on Discord feels like. This time, we've got an AMAZING bug from XSSDoctor. If you'd like to get your hands on the lab for this one,…
Episode 110: In this episode of Critical Thinking - Bug Bounty Podcast we hit some quick news items including a DOMPurify 3.2.3 Bypass, O3 mini updates, and a cool postLogger Chrome Extension. Then, we hone in on OAuth vulnerabilities, API keys, and innovative techniques hackers use to exploit these systems.…
#hacking #bugbounty #bugbountytips #websecurity #infosec #cookies #cookiebombing #SAASsecurity
Episode 109: In this episode of Critical Thinking - Bug Bounty Podcast we start off with a quick recap of some of the DeepSeek Drama that’s been going down, and discuss AI in CAPTCHA and 2FA as well. Then we switch to cover some other news before settling in to…
#hacking #bugbounty #bugbountytips #websecurity #infosec #saas
Episode 108: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph bring on Aaron Costello to discuss SaaS security and misconfigurations as a bug class. He also gives some in-depth examples from Salesforce, ServiceNow, and Power Pages. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas…
