43 subscribers
Player FM 앱으로 오프라인으로 전환하세요!
Episode 88: News, Tools, and Writeups
Manage episode 439513696 series 3435922
Episode 88: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel tackle a whole slate of new research including a new cheat sheet for URL validation bypass from Portswigger, the introduction of Sanic DNS as a high-speed DNS resolver, xsstools, and the Dockerization of Orange Confusion Attacks.
Follow us on twitter at: @ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Find the Hackernotes: https://blog.criticalthinkingpodcast.io/
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
------ Ways to Support CTBBPodcast ------
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Shop our new swag store at ctbb.show/swag
Resources
URL Validation Bypass cheat sheet
Bypassing browser tracking protection
DOM Clobbering
And
https://domclob.xyz/domc_payload_generator/
Timestamps:
(00:00:00) Introduction
(00:02:00) URL validation bypass
(00:07:41) SanicDNS and Orange confusion attacks
(00:20:06) WordPress GiveWP POP to RCE
(00:31:29) Xsstools
(00:43:56) Bypassing browser tracking protection
(00:52:06) DOM Clobbering and mixing up your approach
107 에피소드
Manage episode 439513696 series 3435922
Episode 88: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel tackle a whole slate of new research including a new cheat sheet for URL validation bypass from Portswigger, the introduction of Sanic DNS as a high-speed DNS resolver, xsstools, and the Dockerization of Orange Confusion Attacks.
Follow us on twitter at: @ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Find the Hackernotes: https://blog.criticalthinkingpodcast.io/
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
------ Ways to Support CTBBPodcast ------
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Shop our new swag store at ctbb.show/swag
Resources
URL Validation Bypass cheat sheet
Bypassing browser tracking protection
DOM Clobbering
And
https://domclob.xyz/domc_payload_generator/
Timestamps:
(00:00:00) Introduction
(00:02:00) URL validation bypass
(00:07:41) SanicDNS and Orange confusion attacks
(00:20:06) WordPress GiveWP POP to RCE
(00:31:29) Xsstools
(00:43:56) Bypassing browser tracking protection
(00:52:06) DOM Clobbering and mixing up your approach
107 에피소드
모든 에피소드
×1 Episode 107: Bypassing Cross-Origin Browser Headers 1:06:17
1 Episode 105: Best Critical Thinking Moments from 2024 2:17:47
1 Episode 103: Getting ANSI about Unicode Normalization 1:00:30
1 Episode 102: Building Web Hacking Micro Agents with Jason Haddix 1:02:49
1 Episode 101: CTBB Hijacked: Rez0__ on AI Attack Vectors with Johann Rehberger 51:24
1 Ep 100 - 8 Fav Bugs of 2024, Farewell Joel, Hello Shift - Cursor of Hacking 1:41:40
1 Episode 99: Back to the Basics - Web Fundamental to 100k a Year in Bug Bounty 1:42:54
1 Episode 98: Team 82 Sharon Brizinov - The Live Hacking Polymath 1:43:57
1 Episode 97: Bcrypt Hash Input Truncation & Mobile Device Threat Modeling 53:05
1 Episode 95: Attacking Chrome Extensions with MatanBer - Big Impact on the Client-Side 1:56:23
1 Episode 93: A Chat with Dr. Bouman - Life as a Hacker and a Doctor 1:41:29
플레이어 FM에 오신것을 환영합니다!
플레이어 FM은 웹에서 고품질 팟캐스트를 검색하여 지금 바로 즐길 수 있도록 합니다. 최고의 팟캐스트 앱이며 Android, iPhone 및 웹에서도 작동합니다. 장치 간 구독 동기화를 위해 가입하세요.