Sign up to get updates from us
Using an error based oracle (and some PHP quirks) to arbitrarily exfiltrate a file via PHP filter chains. This technique came 4th in the Portswigger's Top 10 and also made our own HackerNotes Top 5! Get the full details: ctbb.show/61
Coming in at number 8 is "From Akamai to F5 to NTLM... with love." by d3d! Abusing Akamai with request smuggling, to abuse F5 with cache poisoning, to abuse traffic routes, to steal NTLM credentials. This is what 3 months of research looks like! Get the low down here: ctbb.show/61
Episode 61: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by Jasmin Landry to share some stories about startup security, bug bounty, and the challenges of balancing both. He also shares his methodology for discovering OAuth-related bugs, highlights some differences between structured learning and self-teaching,…
James Kettle combined Nagle's algorithm with HTTP/2 methods to create a single packet attack, resolving historical race condition issues caused by network jitter. Here's a quick rundown: - Use HTTP2 to bundle multiple HTTP requests into one TCP packet. - Delay the final byte and end stream frame for simultaneous…
Everything seems escaped. How about backslashes? If not then you might have found a "Context Break" gadget. Say you've got the following scenario: X = "your input"; Y = "your input"; Try adding a backslash to the end of your input to un-terminate the string. If the backslash isn't escaped…
I exploited a stored image injection vuln recently where I could repeatedly log a user into a different account and then they could never get access to their own account! Here's how I did it.
Episode 60: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel review the Portswigger Research list of top 10 web hacking techniques of 2023. Follow us on twitter at: https://twitter.com/ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io…
Why? Because who's expecting malicious input to come back from a fetch request that they sent to their own API!? Watch the full episode here: ctbb.show/59
I know how hard it is to stay motivated when you've been hacking for days and haven't found anything. Here's my tip:
How to turn math.random into math(NOT)random by calculating the seed! Watch the full episode with Youssef Sammouda here: ctbb.show/58
Episode 59: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel discuss the concept of gadgets and how they can be used to escalate the impact of vulnerabilities. We talk through things like HTML injection, image injection, CRLF injection, web cache deception, leaking window location, self-stored…
Stored XSS? "Easy". SQL Injection? "Piece of cake". Manipulating page encoding for Scroll to Text Fragment exploitation? "Uhhhh... Can you hold?". Youssef throws more triage curveballs at us in this episode: https://loom.ly/ovfwWUc
Client-side race condition via postMessage: 1. Initiate asynchronous request. 2. Before response, use postMessage to change origin. 3. Manipulated origin gains trust. ...you know where this is going. Youssef explains all in Ep. 58: https://loom.ly/ovfwWUc
His creativity is next level and he hasn't duped in like 6 years! @samm0uda shares some crazy stories about race conditions, exploiting hash change events, and leveraging scroll to text fragments. Watch this episode now: https://loom.ly/ovfwWUc
Episode 58: In this episode of Critical Thinking - Bug Bounty Podcast we finally sit down with Youssef Samouda and grill him on his various techniques for finding and exploiting client-side bugs and postMessage vulnerabilities. He shares some crazy stories about race conditions, exploiting hash change events, and leveraging scroll…
Episode 57: In this episode of Critical Thinking - Bug Bounty Podcast, Justin and Joel are live from Miami, and recap their experience and share takeaways from the live hacking event. They highlight the importance of paying attention to client-side routing and the growing bug class of client-side path traversal.…
Episode 56: In this episode of Critical Thinking - Bug Bounty Podcast, Justin sits down with Jon Colston to discuss how his background in digital marketing and data science has influenced his hunting methodology. We dive into subjects like data sources, automation, working backwards from vulnerabilities, applying conversion funnels to…
Episode 55: In this episode of Critical Thinking - Bug Bounty Podcast, Justin is joined by Wordpress Security Researcher Ram Gall to discuss both functionality and vulnerabilities within Wordpress Plugins. Follow us on twitter Send us any feedback here: Shoutout to https://twitter.com/realytcracker for the awesome intro music! ====== Links ======…
Episode 54: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel are back with news items and new projects. Joel shares about his personal scraping project to gather data on bug bounty programs and distribution Next, they announce the launch of HackerNotes, a podcast companion that…
Episode 53: In this episode of Critical Thinking - Bug Bounty Podcast,we’re joined by none other than NahamSec. We start by discusses the challenges he faced on his journey in bug bounty hunting and content creation, including personal struggles and the pressure of success.We also talk about finding balance and…
Episode 52: In this episode of Critical Thinking - Bug Bounty Podcast we're going back and highlighting some of the best technical moments from the past year! Hope you enjoy this best of 2023 Supercut! Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free…
Episode 51: In this episode of Critical Thinking - Bug Bounty Podcast, Justin and Joel are back for the last episode of 2023. We discuss some noteworthy news items including a Hacker One Crit, Caido updates, and some Blind CSS. Then we dive into our own personal ‘Hackers Wrapped’ recap…
Episode 50: In this episode of Critical Thinking - Bug Bounty Podcast, Justin catches up with hacking master Mathias Karlsson, and talks about burnout, collaboration, and the importance of specialization. Then we dive into the technical details of MXSS and XSLT, character encoding, and give some predictions of what Bug…
