Player FM 앱으로 오프라인으로 전환하세요!
Episode 47: CSP Research, Iframe Hopping, and Client-side Shenanigans
Manage episode 386721900 series 3435922
Episode 47: In this episode of Critical Thinking - Bug Bounty Podcast, the holidays are fast approaching, and Justin and Joel discuss some of the struggles of getting back into the hacking groove during and after breaks. We also celebrate the newly launched Critical Thinking Discord Community before diving into Iframe Sandwhiches, JS Hoisting, CSP Bypasses, and a host of new tools, techniques, and tangents.
Follow us on twitter at: @ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
------ Ways to Support CTBBPodcast ------
Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.
Hop on the CTBB Discord at https://ctbb.show/discord!
Burp Extension from Google VRP
Justin's Tweet about JS Hoisting
How to trick CSP in letting you run whatever you want
Timestamps:
(00:00:00) Introduction
(00:01:58) Overcoming Bug Bounty struggles and getting back into the hacking groove
(00:07:46) Taking notes and sticking to one program
(00:14:50) Critical Thinking Discord, Community highlights, and Competition vs Collaboration
(00:22:25) Secondary context bugs and Automationism
(00:28:42) ThankUNext and Client-side Paths
(00:33:45) Tool Tangents: Jswzl, Caido, Postman, and Rapid API
(00:46:49) New SSRF Utility tool by Bebiks and the continuing evolution of hacking tools
(00:51:45) Iframe Sandwiches
(00:58:54) News Items
(01:06:12) JS Hoisting
(01:15:05) CSP Bypasses
94 에피소드
Manage episode 386721900 series 3435922
Episode 47: In this episode of Critical Thinking - Bug Bounty Podcast, the holidays are fast approaching, and Justin and Joel discuss some of the struggles of getting back into the hacking groove during and after breaks. We also celebrate the newly launched Critical Thinking Discord Community before diving into Iframe Sandwhiches, JS Hoisting, CSP Bypasses, and a host of new tools, techniques, and tangents.
Follow us on twitter at: @ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
------ Ways to Support CTBBPodcast ------
Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.
Hop on the CTBB Discord at https://ctbb.show/discord!
Burp Extension from Google VRP
Justin's Tweet about JS Hoisting
How to trick CSP in letting you run whatever you want
Timestamps:
(00:00:00) Introduction
(00:01:58) Overcoming Bug Bounty struggles and getting back into the hacking groove
(00:07:46) Taking notes and sticking to one program
(00:14:50) Critical Thinking Discord, Community highlights, and Competition vs Collaboration
(00:22:25) Secondary context bugs and Automationism
(00:28:42) ThankUNext and Client-side Paths
(00:33:45) Tool Tangents: Jswzl, Caido, Postman, and Rapid API
(00:46:49) New SSRF Utility tool by Bebiks and the continuing evolution of hacking tools
(00:51:45) Iframe Sandwiches
(00:58:54) News Items
(01:06:12) JS Hoisting
(01:15:05) CSP Bypasses
94 에피소드
Tất cả các tập
×플레이어 FM에 오신것을 환영합니다!
플레이어 FM은 웹에서 고품질 팟캐스트를 검색하여 지금 바로 즐길 수 있도록 합니다. 최고의 팟캐스트 앱이며 Android, iPhone 및 웹에서도 작동합니다. 장치 간 구독 동기화를 위해 가입하세요.