logo
episode-header-image
Jan 2023
45m 57s

Episode 3: H1-407 Event Madness & Takeaw...

Justin Gardner (Rhynorater) & Joseph Thacker (Rez0)
About this episode

Episode 3: In this episode of Critical Thinking - Bug Bounty Podcast we talk about some of the interesting things we’ve learned from participating in HackerOne's H1-407 Live Hacking event. We cover decompiling binaries in various different languages, Windows URI Handlers, Caido, and SameSite Lax + POST.

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

Frans Rosen S3 Bucket Authorization Blog Post: https://labs.detectify.com/2018/08/02/bypassing-exploiting-bucket-upload-policies-signed-urls/

Getting code from executables:

ILSpy

DotPeek

Jadx-GUI

Pyinstxtractor

Uncompyle6

Jub0b’s SameSite Article:

https://jub0bs.com/posts/2021-01-29-great-samesite-confusion/

Mgeeky’s Powershell Script to Enumerate Windows App URI Handlers

https://gist.github.com/mgeeky/5a30a0619a7486b2fb0bd5233490fa64

Up next
Jul 10
Episode 130: Minecraft Hacks to Google Hacking Star - Valentino
Episode 130: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by Valentino, who shares his journey from hacking Minecraft to becoming a Google hunter. He talks us through several bugs, including an HTML Sanitizer bypass and .NET deserialization, and high ... Show More
1h 8m
Jul 3
Episode 129: Is this how Bug Bounty Ends?
Episode 129: In this episode of Critical Thinking - Bug Bounty Podcast we chat about the future of hack bots and human-AI collaboration, the challenges posed by tokenization, and the need for cybersecurity professionals to adapt to the evolving landscape of hacking in the age of ... Show More
36m 14s
Jun 26
Episode 128: New Research in Blind SSRF and Self-XSS, and How to Architect Source-code Review AI Bots
Episode 128: In this episode of Critical Thinking - Bug Bounty Podcast we talking Blind SSRF and Self-XSS, as well as Reversing massive minified JS with AI and a wild Google Logo Ligature BugFollow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel fre ... Show More
58m 6s
Recommended Episodes
Mar 2024
Linux Kernel Scheduler Developer | David Vernet
The linux kernel is something we all use but have you ever thought about what goes into it, well today we've got David Vernet on the show who has spent quite a bit of time focusing on one aspect, that being the scheduler. =========Guest Links========== Twitch: https://www.twi ... Show More
1h 55m
May 2024
763: Web Scraping + Reverse Engineering APIs
Web scraping 101! Dive into the world of web scraping with Scott and Wes as they explore everything from tooling setup and navigating protected routes to effective data management. In this Tasty Treat episode, you’ll gain invaluable insights and techniques to scrape (almost) any ... Show More
52m 33s
Jun 2024
20 Years, 1000 Episodes: The Man Behind PodQuiz
We have another bonus episode! In this one, Andrew sits down and talks with James Carter from PodQuiz who began his popular trivia podcast back in 2005. He just published his 1000th episode so Andrew took the opportunity to pick his brain on how he comes up with his questions and ... Show More
59m 30s
Mar 2024
AI vs software devs
Daniel and Chris are out this week, so we’re bringing you conversations all about AI’s complicated relationship to software developers from other Changelog pods: JS Party, Go Time & The Changelog.Join the discussionChangelog++ members save 2 minutes on this episode because they m ... Show More
57 m
Feb 2024
Episode 15: Patrick Rus
OSINT Cocktail is a podcast about the tools of the trade for online investigations. Whether you are a new investigator, a seasoned professional, or even in an adjacent field such as investigative journalism, sourcing, or marketing, we will be interviewing professionals to find ou ... Show More
32m 44s
Jun 2024
The Linux Distro No One Talks About | René Rebe
Today we have the one and only René Rebe on the show, the developer of T2 SDE one of the very few standalone distros that is severely under represented in the media alongside running 2 youtube channels, Code Therapy and Bits inside ==========Support The Channel========== ► Patreo ... Show More
2h 1m
Dec 2022
Internet Booby Traps
Today’s podcast features 3 separate, unique stories about the dangers of the internet. The audio from all three stories has been pulled from our main YouTube channel, which is just called "MrBallen," and has been remastered for today's podcast.Story names, previews & links to ori ... Show More
32m 55s
Jun 2024
Oh My Zsh with Robby Russell
Explore the evolution of web development, Rails, and TypeScript, all while sipping Mortlach Single Malt Whisky. The discussion also covers vintage music formats like vinyl records and cassettes, the Tennessee whiskey scene, and modern bourbon regulations. Robby shares stories abo ... Show More
1h 17m
Jun 2024
Episode 136 - Send New(d)s #14: Flavor Blasted War Crimes
The most original content in the world - reading out the news - RETURNS.MERCH: https://deprogramshop.com/ You are listening to this episode 1 week after it was released. To get episodes on time, up to 2 exclusive episodes a month, discord access, merch discounts and plenty more - ... Show More
1h 14m
May 2024
SN 976: The 50 Gigabyte Privacy Bomb - Google AI Workarounds, Microsoft Recall
The bigger problem with AI Overview https://udm14.com/ -and- https://tenbluelinks.org/ The horses have left the barn VPNs and Firewalls Email @ GRC Extension to fix Google search Passwords and SPAM Fixing motherboard components Vertical tabs in Firefox FritzBox routers Too many P ... Show More
2h 13m
Listen to millions of songs and podcasts on Anghami