Episode 9: In this episode of Critical Thinking - Bug Bounty Podcast we talk about Headless Browser SSRf and drop a tool called RebindMultiA. Joel also walks us through a web3 bug and we cover some bug bounty news from the past week. As always, we drop some bug bounty tips and give you some attack vectors to think about.
Follow us on twitter: https://twitter.com/ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
Truffle Security End-To-End Encryption Video: https://www.youtube.com/watch?v=BBcZcoIZ1Jc
HackerOne World Cup: https://www.hackerone.com/hackers/brand-ambassador-program
HackerOne World Cup Sign Up Form for USA: https://docs.google.com/forms/d/e/1FAIpQLSeRQpH2y0J-opxlsz8dPkvnIu8BqC_DA3CJe_eFhTFroPwdcg/viewform
ChatGPT API: https://openai.com/blog/introducing-chatgpt-and-whisper-apis
Megachad RobertMD GitHub Issue: https://github.com/nccgroup/singularity/issues/2
RobertMD Gist: https://gist.github.com/robertmd/9f82efbd63926169e02c98673dcc9297
Justin’s RebindMultiA Tool: https://github.com/Rhynorater/rebindMultiA
Brandon Dorsey’s WhoNow Tool: https://github.com/brannondorsey/whonow
NCC Group’s Singularity https://github.com/nccgroup/singularity
Chromium Disclosed Bugs: https://chromium-disclosed-bugs.appspot.com/
NahamSec Talk on Headless Browser SSRF: https://docs.google.com/presentation/d/1JdIjHHPsFSgLbaJcHmMkE904jmwPM4xdhEuwhy2ebvo
Jonathan Bowman - LFI via annotation: https://medium.com/@jonathanbouman/local-file-inclusion-at-ikea-com-e695ed64d82f
WASM Port Scanning: https://github.com/avilum/portsscan
Jack Halon - Chrome Browser Exploitation: https://twitter.com/jack_halon/status/1583957704930131968
DNSChef: https://github.com/iphelix/dnschef
