logo
episode-header-image
Feb 2023
56m 39s

Episode 7: PortSwigger Top 10, TruffleSe...

Justin Gardner (Rhynorater) & Joseph Thacker (Rez0)
About this episode

Episode 7: In this episode of Critical Thinking - Bug Bounty Podcast we talk about PortSwigger's Top 10 Web Hacking Techniques of 2022 (link below), some drama surrounding TruffleSecurity's XSS Hunter, and, as always, some great bug bounty tips.

Sorry if the audio is a little rough around the edges this time, should be better than ever next time.

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

PortSwigger's Top 10 Web Hacking Techniques of 2022:

https://portswigger.net/research/top-10-web-hacking-techniques-of-2022

Ian Carroll Cookie Monster:

https://github.com/iangcarroll/cookiemonster

Frans Rosen's postMessage Tracker Chrome Extension:

https://github.com/fransr/postMessage-tracker

Notes from Justin on postMessages:

https://rhynorater.github.io/postMessage-Braindump

Frans Rosen's research on nginx misconfiguration that are similar to #6:

https://blog.detectify.com/2020/11/10/common-nginx-misconfigurations/

"Mount" Wycheproof 😂:

https://github.com/google/wycheproof

https://en.wikipedia.org/wiki/Mount_Wycheproof

Nathan Davison - Abusing Hop-by-Hop headers:

https://nathandavison.com/blog/abusing-http-hop-by-hop-request-headers

Awesome example of client-side path traversal:

https://erasec.be/blog/client-side-path-manipulation/

Joohoi Ffuf 2.0:

https://infosec.exchange/@joohoi/109806822104162973

FeroxBuster:

https://github.com/epi052/feroxbuster

Up next
Yesterday
Episode 143: New Cohost + Client-Side Gadgets, LHE Meta — Instant Global Admin in Entra!
Episode 143: In this episode of Critical Thinking - Bug Bounty Podcast Justin brings Brandyn back to announce him as our newest co-host. We chat about recent LHE experiences, and then break down some news. Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and sugges ... Show More
1h 4m
Oct 2
Episode 142: Gr3pme's Full-Time Hunting Journey Update, Insane AI research, And Some Light News
Episode 142: In this episode of Critical Thinking - Bug Bounty Podcast Rez0 and Gr3pme join forces to discuss Websocket research, Meta’s $111750 Bug, PROMISQROUTE, and the opportunities afforded by going full time in Bug Bounty.Follow us on twitter at: https://x.com/ctbbpodcastGo ... Show More
54m 50s
Sep 25
Episode 141: Hacking the Pod - Google Docs 0-day & React CreateElement Exploits with Nick Copi (7urb0)
Episode 141: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Nick Copi to talk about CSPT, React, CSS Injections and how Nick hacked the pod.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any f ... Show More
1h 23m
Recommended Episodes
Feb 2024
ROLLUP: $ETH 3k! | TradFi Stonks ATHs | $STRK Now Live | Yuga Acquires PROOF
Last Week of February 2024 ------ 🏹 USE PODCAST24 FOR 10% OFF https://bankless.cc/Citizen2024   ------ 📣SUI | Register for Sui Basecamp https://bankless.cc/sui-basecamp    ------ 🎧Listen On Your Favorite Podcast Player:  https://bankless.cc/podcast  ------ BANKLESS SPONSOR TOO ... Show More
1h 10m
Feb 2024
E167: Nvidia smashes earnings (again), Google's Woke AI disaster, Groq's LPU breakthrough & more
(0:00) Bestie intros: Banana boat! (2:34) Nvidia smashes expectations again: understanding its terminal value and bull/bear cases in the context of the history of the internet (27:26) Groq's big week, training vs. inference, LPUs vs. GPUs, how to succeed in deep tech (49:37) Goog ... Show More
1h 20m
Feb 2024
WORST EXCUSES FOR CHEATING?! | EP 369 | ShxtsNGigs Podcast
#Ad GRAB YOUR WHOOP NOW https://join.whoop.com/en-uk/SNG SNG LIVE AT THE O2!!:https://www.axs.com/uk/events/518134/shxtsngigs-tickets?skin=theo2 CHECK OUT JAMES' STREAMS:https://www.twitch.tv/sng_james This Week The Guys Discuss: SUBSCRIBE TO OUR REACTION CHANNEL: https://www.you ... Show More
55m 52s
Feb 2024
BTS | EP.148 - Valentine's Day Horror Stories ft ShxtsnGigs
Welcome to the Behind the Scenes podcast!Today we are joined by our first guests of the year...ShxtsnGigs!!Make sure you follow our page and like, comment, and share this episode with your friends and family if you enjoyed it! 0:00 - Intro02:13 - Who is Your Zaddy?10:55 - Dilemma ... Show More
1h 8m
Feb 2024
Refried Beans | Putin’s War of Choice (feat. Rachel Vindman) | Originally Posted 2/25/2022
Friday, February 25th, 2022Biden and NATO impose additional sanctions on Russia as Putin initiates a full-scale invasion of Ukraine; we have additional insights into Manhattan DA Alvin Bragg’s reluctance to prosecute Donald; the “Don't Say Gay” bill has passed the Florida House 6 ... Show More
43m 42s
Mar 2021
22: THE TALKING STAGE AND BREAKING UP CATFIGHTS
In this episode, we address the talking stage that people go through before they decide if they want to be in a serious relationship with someone and if this should even be considered a stage before a relationship. We also talk about what we would do if our girl is in a fight wit ... Show More
1h 19m
Feb 2024
Out Of Koch Money
Tuesday, February 27th, 2024Today, Ken Chesebro concealed secret Twitter account communications from Michigan prosecutors; Manhattan DA Alvin Bragg has asked for a gag order in the upcoming election interference hush money trial of Donald Trump; Russia tied hackers issue a ransom ... Show More
38m 13s
Nov 2021
S1E4 - Whale of a Tale: Fizzy Snood Mysteries
Atlas and Zavia go in search of the first missing part for the Kraken, discovering some big surprises along the way! 
13m 44s
Listen to millions of songs and podcasts on Anghami