In this episode of Critical Thinking - Bug Bounty Podcast, Justin takes a break from his busy travel schedule to walk us through a few of his Attack Vector formulation strategies. We’re keeping this one short and sweet, so it can be better used as a reference when looking for new vectors.
Follow us on twitter at: @ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater & Teknogeek on twitter:
- https://twitter.com/0xteknogeek
- https://twitter.com/rhynorater
====== Ways to Support CTBBPodcast ======
Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.
Nahamcon talk by Douglas Day: https://youtu.be/G1RHa7l1Ys4?t=295
Timestamps:
(00:00:00) Introduction
(00:02:53) Use the application like a human, not like a hacker
(00:05:02) Reading documentation looking for "Cannot" statements
(00:08:16) Look at the grayed out areas
(00:10:08) Look for information in the API response
(00:12:38) Differences in the UI between different accounts
(00:13:42) Pay the paywall.
