logo
episode-header-image
Jun 2021
9m 8s

Microsoft Paid them $20k for finding one...

Hussein Nasser
About this episode

@MrRajputHacker @Th3Pr0xyB0y found critical universal XSS (an XSS that affects the entire browser, not just one page) on Microsoft Edge. They responsibly reported the bug and detailed it in their article. Let us discuss

Resources

https://cyberxplore.medium.com/how-we-are-able-to-hack-any-company-by-sending-message-including-facebook-google-microsoft-b7773626e447

https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34506

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34475

Support my work on PayPal

https://bit.ly/33ENps4

Become a Member on YouTube

https://www.youtube.com/channel/UC_ML5xP23TOWKUcc-oAE_Eg/join

🧑‍🏫 Courses I Teach

https://husseinnasser.com/courses

Up next
Apr 15
My new book - Root cause, Stories from two decades of backend bugs
I wrote a new book that has been in the works for years. It is called Root Cause, and it is for those who enjoy the art of backend engineering.Early in my career, 20 years ago, I built backend and database applications without fully grasping their inner mechanics. Performance iss ... Show More
9m 48s
Jan 19
5 Backend Design Patterns for Managing Threads and Sockets
In this video I introduce 5 different design patterns for building backend applications. Each mode explains how a socket listener is established, a connections are established and how threads and connections are managed to read, write and process requests. 
46m 9s
Dec 2025
Page Tables
Page tables provide the mapping between virtual memory and physical memory for each process. This means it needs to be as efficient and as fast as possible. I explore the inner workings of page tables in this episode.0:00 Intro2:00 Virtual Memory ⁃ ⁃ 8:00 MMU10:00 Page Tables ⁃ ⁃ ... Show More
46m 39s
Recommended Episodes
Mar 2023
Computer Talk 3-18-23 HR 1
<p>Outlook has serious security issue, Tech support issues costing companies $5k per Employee with remote users being the most costly, Microsoft solved an activation issue for a user by supplying a cracked key, Wifi dongle worked, Chrome not working, new pc, Chromebook issue, My ... Show More
36m 27s
Mar 2024
Episode 64: .NET Remoting, CDN Attack Surface, and Recon vs Main App
Episode 64: In this episode of Critical Thinking - Bug Bounty Podcast we talk about Justin and Joel delve into .NET remoting and how it can be exploited, a recent bypass in the Dom Purify library and some interesting functionality in the Cloudflare CDN-CGI endpoint. They also tou ... Show More
1h 8m
Mar 2022
Enabling performance-centric engineering orgs (JS Party #216)
This week Amal and Nick are joined by Dan Shappir, a Performance Tech Lead at Next Insurance, to learn about enabling a performance-first mindset within your engineering org. Dan recently left his 7+ year tenure leading performance at Wix where he and his team improved, and m ... Show More
1h 13m
Apr 2020
JavaScript Vulnerabilities with Tim Kadlec - The State of the Web
<p><span style="font-weight: 400;">(Originally aired on YouTube on May 30, 2018)</span></p> <p><span style="font-weight: 400;">Rick and Tim talk about how insecure much of the web really is, the various vulnerabilities in web security that can leave you open to attack, the challe ... Show More
12m 32s
Oct 2023
Episode 39: The Art of Architectures
Episode 39: In this episode of Critical Thinking - Bug Bounty Podcast, We're catching up on news, including new override updates from Chrome, GPT-4, SAML presentations, and even a shoutout from Live Overflow! Then we get busy laying the groundwork on a discussion of web architect ... Show More
1h 21m
Jul 2021
Des produits Microsoft plus facilement réparable grâce… aux actionnaires ?
Si l'on ne parle pas souvent de Microsoft dans Tech Verte, c'est tout simplement que l'entreprise n'a pas d'actualité importante. Ceci-dit, l’arrivée de Windows 11 a complètement modifié l’équation. Microsoft est aujourd’hui l’une des marques les plus discutées sur internet, en p ... Show More
2m 8s
Mar 2023
A glimpse into Mr. Putin’s cyber war room. 3CXDesktopAppsupply chain risk. XSS flaw in Azure SFX can lead to remote code execution. AlienFox targets misconfigured servers.
The Vulkan papers offer a glimpse into Mr. Putin’s cyber war room. The 3CXDesktopApp vulnerability and supply chain risk. A cross site scripting flaw in Azure Service Fabric Explorer can lead to remote code execution. Rob Boyce from Accenture Security on threats toEV charging sta ... Show More
28m 21s
Listen to millions of songs and podcasts on Anghami