Feb 2023
56m 39s
Episode 7: In this episode of Critical Thinking - Bug Bounty Podcast we talk about PortSwigger's Top 10 Web Hacking Techniques of 2022 (link below), some drama surrounding TruffleSecurity's XSS Hunter, and, as always, some great bug bounty tips.
Sorry if the audio is a little rough around the edges this time, should be better than ever next time.
Follow us on twitter at: @ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
PortSwigger's Top 10 Web Hacking Techniques of 2022:
https://portswigger.net/research/top-10-web-hacking-techniques-of-2022
Ian Carroll Cookie Monster:
https://github.com/iangcarroll/cookiemonster
Frans Rosen's postMessage Tracker Chrome Extension:
https://github.com/fransr/postMessage-tracker
Notes from Justin on postMessages:
https://rhynorater.github.io/postMessage-Braindump
Frans Rosen's research on nginx misconfiguration that are similar to #6:
https://blog.detectify.com/2020/11/10/common-nginx-misconfigurations/
"Mount" Wycheproof 😂:
https://github.com/google/wycheproof
https://en.wikipedia.org/wiki/Mount_Wycheproof
Nathan Davison - Abusing Hop-by-Hop headers:
https://nathandavison.com/blog/abusing-http-hop-by-hop-request-headers
Awesome example of client-side path traversal:
https://erasec.be/blog/client-side-path-manipulation/
Joohoi Ffuf 2.0:
https://infosec.exchange/@joohoi/109806822104162973
FeroxBuster: