Critical Thinking - Bug Bounty Podcast

By: Justin Gardner (Rhynorater) & Joel Margolis (teknogeek)
Listen for free

  • Summary

  • A "by Hackers for Hackers" podcast focused on technical content ranging from bug bounty tips, to write-up explanations, to the latest hacking techniques.
    Critical Thinking Podcast
    Show more Show less
Show more Show less
activate_Holiday_promo_in_buybox_DT_T2
Episodes
  • Episode 97: Bcrypt Hash Input Truncation & Mobile Device Threat Modeling

    Episode 97: Bcrypt Hash Input Truncation & Mobile Device Threat Modeling
    Nov 14 2024

    Episode 97: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel jump into some cool news items, including a recent Okta Bcrypt vulnerability, insights into crypto bugs, and some intricacies of Android and Chrome security. They also explore the latest research from Portswigger on payload concealment techniques, and the introduction of the Lightyear tool for PHP exploits.

    Follow us on twitter at: @ctbbpodcast

    We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

    Shoutout to YTCracker for the awesome intro music!

    ------ Links ------

    Follow your hosts Rhynorater & Teknogeek on twitter:

    https://twitter.com/0xteknogeek

    https://twitter.com/rhynorater

    ------ Ways to Support CTBBPodcast ------

    Hop on the CTBB Discord at https://ctbb.show/discord!

    We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

    Today’s Sponsor - ThreatLocker: Check out Network Control!

    https://www.criticalthinkingpodcast.io/tl-nc

    Resources

    Okta bcrypt

    Android Web Attack Surface Writeups

    Concealing payloads in URL credentials

    Dumping PHP files with Lightyear

    Limit maximum number of filter chains

    Dom-Explorer tool launched

    MultiHTMLParse

    JSON Crack

    Caido/Burp notes plugin

    Timestamps

    (00:00:00) Introduction

    (00:02:43) Okta Release and bcrypt

    (00:10:26) Android Web Attack Surface Writeups

    (00:20:21) More Portswigger Research

    (00:28:29) Lightyear and PHP filter chains

    (00:35:09) Dom-Explorer

    (00:45:24) The JSON Debate

    (00:49:59) Notes plugin for Burp and Caido
    Show more Show less
    53 mins
  • Episode 96: Cookies & Caching with MatanBer

    Episode 96: Cookies & Caching with MatanBer
    Nov 7 2024

    Episode 96: In this episode of Critical Thinking - Bug Bounty Podcast we’re back with Matanber to hit some stuff we ran out of time on last episode. We talk about advanced cookie parsing techniques and exploitation methods, Safari's unique behaviors regarding cookie handling and debugging methods, and some of the writeups from the HeroCTF v6.

    Follow us on twitter at: @ctbbpodcast

    We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

    Shoutout to YTCracker for the awesome intro music!

    ------ Links ------

    Follow your hosts Rhynorater & Teknogeek on twitter:

    https://twitter.com/0xteknogeek

    https://twitter.com/rhynorater

    ------ Ways to Support CTBBPodcast ------

    Hop on the CTBB Discord at https://ctbb.show/discord!

    We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

    Today’s Guest: https://x.com/MtnBer

    Resources:

    Cookie Bugs - Smuggling & Injection

    https://blog.ankursundara.com/cookie-bugs/#:~:text=Cookie%20Smuggling

    iOS Webkit Debug Proxy

    https://github.com/google/ios-webkit-debug-proxy

    HeroCTF v6 Writeups

    https://mizu.re/post/heroctf-v6-writeups

    Timestamps

    (00:00:00) Introduction

    (00:01:29) Cookie exploits

    (00:21:32) Matan's Safari Adventure

    (00:29:49) HeroCTF 6 writeups
    Show more Show less
    49 mins
  • Episode 94: Zendesk Fiasco & the CTBB Naughty List

    Episode 94: Zendesk Fiasco & the CTBB Naughty List
    Oct 24 2024

    Episode 94: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel give their perspectives on the recent Zendesk fiasco and the ethical considerations surrounding it. They also highlight the launch of AuthzAI and some research from Ophion Security

    Follow us on twitter at: @ctbbpodcast

    We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

    Shoutout to YTCracker for the awesome intro music!

    ------ Links ------

    Follow your hosts Rhynorater & Teknogeek on twitter:

    https://twitter.com/0xteknogeek

    https://twitter.com/rhynorater

    ------ Ways to Support CTBBPodcast ------

    Hop on the CTBB Discord at https://ctbb.show/discord!

    We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

    Today’s Sponsor - AssetNote. Listen to their podcast https://www.criticalthinkingpodcast.io/sspod

    Resources:

    New music drop from our Boi YT

    https://x.com/realytcracker/status/1847599657569956099

    AuthzAI

    https://authzai.com/

    Ron Chan

    https://x.com/ngalongc

    Misconfigured User Auth Leads to Customer Messages

    https://www.ophionsecurity.com/post/live-chat-blog-1-misconfigured-user-auth-leads-to-customer-messages

    Zendesk Write-up

    https://gist.github.com/hackermondev/68ec8ed145fcee49d2f5e2b9d2cf2e52

    Response from Zendesk

    https://gist.github.com/hackermondev/68ec8ed145fcee49d2f5e2b9d2cf2e52?permalink_comment_id=5232589#gistcomment-5232589

    Timestamps

    (00:00:00) Introduction

    (00:05:29) AuthzAI and the return of Ron Chan

    (00:13:50) Ophion Security Research

    (00:18:12) Zendesk Drama
    Show more Show less
    49 mins

What listeners say about Critical Thinking - Bug Bounty Podcast

Average customer ratings
Overall
  • 5 out of 5 stars
  • 5 Stars
    2
  • 4 Stars
    0
  • 3 Stars
    0
  • 2 Stars
    0
  • 1 Stars
    0
Performance
  • 5 out of 5 stars
  • 5 Stars
    2
  • 4 Stars
    0
  • 3 Stars
    0
  • 2 Stars
    0
  • 1 Stars
    0
Story
  • 5 out of 5 stars
  • 5 Stars
    2
  • 4 Stars
    0
  • 3 Stars
    0
  • 2 Stars
    0
  • 1 Stars
    0

Reviews - Please select the tabs below to change the source of reviews.

Audible.com reviews

Amazon reviews
Sort by:
Filter by:
  • Overall
    5 out of 5 stars
  • Performance
    5 out of 5 stars
  • Story
    5 out of 5 stars
Profile Image for Kris Roberts

great information

as someone who is still very new to the industry, I like listening to this podcast as I find the information very useful

Report this

Something went wrong. Please try again in a few minutes.

You voted on this review!

You reported this review!