Episode 52: Best Technical Content from Year 1 of CTBB Podcast

Critical Thinking - Bug Bounty Podcast - En podcast af Justin Gardner (Rhynorater) & Joel Margolis (teknogeek) - Torsdage

Kategorier:

Episode 52: In this episode of Critical Thinking - Bug Bounty Podcast we're going back and highlighting some of the best technical moments from the past year! Hope you enjoy this best of 2023 Supercut!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Timestamps:(00:00:00) Introduction(00:02:55) Episode 26: Meta tags and base tags in HTML(00:15:20) Episode 27: Client-side path traversal(00:23:18) Episode 27: Cookie bombing + cookie jar overflow(00:35:47) Episode 44: Cross environment authentication bugs(00:43:17) Episode 47: The open-faced Iframe Sandwich(00:50:19) Episode 47: js hoisting and classic Joel nerdsnipe(00:58:28) Episode 29: Sean Yeoh on Subdomains vs IP in recon(01:04:05) Episode 30: Shubs on reversing enterprise software(01:24:58) Episode 30: Shubs on building out a recon flow(01:29:36) Episode 30: Shubs on Hacking IIS Servers(01:36:45) Episode 37: 0xLupin on smart JavaScript analysis tools(01:45:42) Episode 45: Frans Rosen On App cache, Service workers cookie stuffing, and postMessage(02:15:02) Episode 50: Mathias Karlsson on XSLT and MXSS(02:39:26) Episode 27: Assetnote's sharefile RCE(02:48:18) Episode 31: Perforce RCE(02:53:48) Episode 48: Sam Erb's XSLT bug story(02:58:47) Final thoughts and Special Thanks

Visit the podcast's native language site