Name: Bypassing Cross-Origin Browser Headers (Ep. 107)
Uploaded: 2025-01-23T11:00:58+00:00
Description: Episode 107: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph are tackling the subject of cross-origin security headers. They also cover …

Episode 107: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph are tackling the subject of cross-origin security headers. They also cover some news items including Google’s OAuth login flaw, RAINK, and gift card hacking.

Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to https://x.com/realytcracker for the awesome intro music!

====== Links ======
Follow your hosts on X:
https://x.com/Rhynorater
https://x.com/rez0__

====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today’s Sponsor - ThreatLocker. Check out their Managed Detection and Response! https://www.criticalthinkingpodcast.io/tl-mdr

====== Resources ======

A Proud Dad's Tale of Two Bug Hunting Daughters and Their Responsible Disclosures
https://www.linkedin.com/pulse/proud-dads-tale-two-bug-hunting-daughters-responsible-dustin-kirkland-hxwec/

Google’s OAuth login flaw
https://x.com/trufflesec/status/1878932090366153159

Rez0's Ai tweet
https://x.com/rez0__/status/1879249379393253382

Rez0's Follow-up
https://x.com/rez0__/status/1879557690101260681

Raink from BishopFox
https://github.com/BishopFox/raink?tab=readme-ov-file

Gift cards security research
https://securityrise.com/posts/gift-card-security-research/

Top 10 web hacking techniques of 2024
https://x.com/albinowax/status/1879550220876599493

Cross-Origin-Opener-Policy: preventing attacks from popups
https://andrewlock.net/understanding-security-headers-part-1-cross-origin-opener-policy-preventing-attacks-from-popups/

====== Timestamps ======
(00:00:00) Introduction
(00:05:13) Hacking with your kids
(00:09:46) H1/bc pentests
(00:12:23) Google’s OAuth login flaw
(00:18:01) Raink & Rez0's AI tweets
(00:28:46) Giftcard hacking & Portswigger top 10 voting
(00:34:23) Cross Origin Web Headers

Bypassing Cross-Origin Browser Headers (Ep. 107)

Listen On

Recent Episodes