Episode 78: In this episode of Critical Thinking - Bug Bounty Podcast we’re talking about writing reports. We share some tips that we’ve learned, and discuss ways that AI can (and can’t) help with that process. We also talk about the benefit of incorporating tools like Fabric, Loom, and ShareX.
Follow us on twitter at: https://twitter.com/ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to https://twitter.com/realytcracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Resources:
XSS WAF Bypass by multi-char HTML entities
https://x.com/therceman/status/1803666353892585642
Shazzer
https://shazzer.co.uk/
Next.js and cache poisoning
https://zhero-web-sec.github.io/research-and-things/nextjs-and-cache-poisoning-a-quest-for-the-black-hole
Nagli's Nuclei Template
https://x.com/galnagli/status/1806095911405371739
hey why can't you fix this one bug
https://mewy.pw/posts/2024-06-29-why-cant-you-fix-this-one-bug
Justin's reporting templating software
https://github.com/Rhynorater/reports
Fabric
https://github.com/danielmiessler/fabric/tree/main/patterns/write_hackerone_report
BB Report Formatter
https://github.com/rhynorater/bbReportFormatter
2to3 Automated Python Converter
https://docs.python.org/3/library/2to3.html
ShareX
https://getsharex.com/downloads
Skitch
https://www.techspot.com/downloads/5705-skitch.html
Timestamps:
(00:00:00) Introduction
(00:04:00) XSS WAF Bypass by Multi-char HTML Entities
(00:11:59) Next.js and Cache Poisoning
(00:18:03) Nagli's Nuclei Template and Sean Yeoh's Blog
(00:27:34) Report Writing and AI
(00:50:02) Reporting tips
