logo
episode-header-image
Feb 2023
35m 57s

Episode 8: PostMessage Bugs, CSS Injecti...

Justin Gardner (Rhynorater) & Joseph Thacker (Rez0)
About this episode

Episode 8: In this episode of Critical Thinking - Bug Bounty Podcast we drop some critical bugs which leak raw credit card info. We also discuss some CSS Injection & PostMessage related techniques. It's a short one but a good one! Don't miss it!

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

CSS Escape Blog Post:

https://mathiasbynens.be/notes/css-escapes

Rez0’s blog on ChatGPT:

https://rez0.blog/hacking/2023/02/21/hacking-with-chatgpt.html

All the ways to get a reference to a frame (shoutout to @wcbowling for the article):

https://bluepnume.medium.com/every-known-way-to-get-references-to-windows-in-javascript-223778bede2d

CSS Painting API:

https://developer.mozilla.org/en-US/docs/Web/API/CSS_Painting_API

Import Chaining:

https://d0nut.medium.com/better-exfiltration-via-html-injection-31c72a2dae8b

Up next
Yesterday
Episode 130: Minecraft Hacks to Google Hacking Star - Valentino
Episode 130: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by Valentino, who shares his journey from hacking Minecraft to becoming a Google hunter. He talks us through several bugs, including an HTML Sanitizer bypass and .NET deserialization, and high ... Show More
1h 8m
Jul 3
Episode 129: Is this how Bug Bounty Ends?
Episode 129: In this episode of Critical Thinking - Bug Bounty Podcast we chat about the future of hack bots and human-AI collaboration, the challenges posed by tokenization, and the need for cybersecurity professionals to adapt to the evolving landscape of hacking in the age of ... Show More
36m 14s
Jun 26
Episode 128: New Research in Blind SSRF and Self-XSS, and How to Architect Source-code Review AI Bots
Episode 128: In this episode of Critical Thinking - Bug Bounty Podcast we talking Blind SSRF and Self-XSS, as well as Reversing massive minified JS with AI and a wild Google Logo Ligature BugFollow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel fre ... Show More
58m 6s
Recommended Episodes
Mar 2024
Linux Kernel Scheduler Developer | David Vernet
The linux kernel is something we all use but have you ever thought about what goes into it, well today we've got David Vernet on the show who has spent quite a bit of time focusing on one aspect, that being the scheduler. =========Guest Links========== Twitch: https://www.twi ... Show More
1h 55m
Jun 2024
20 Years, 1000 Episodes: The Man Behind PodQuiz
We have another bonus episode! In this one, Andrew sits down and talks with James Carter from PodQuiz who began his popular trivia podcast back in 2005. He just published his 1000th episode so Andrew took the opportunity to pick his brain on how he comes up with his questions and ... Show More
59m 30s
Nov 2023
What's new in CSS land
Una Kravets, developer advocate at Google & web platform ambassador, joins Amal & Nick to take them CSS to school as they start this podcast in CSS kindergarten and end it with a Level-Up CSS Diploma. (LUCD?) We explore all the amazing features which have recently landed in CSS — ... Show More
1h 14m
Jun 2024
The Linux Distro No One Talks About | René Rebe
Today we have the one and only René Rebe on the show, the developer of T2 SDE one of the very few standalone distros that is severely under represented in the media alongside running 2 youtube channels, Code Therapy and Bits inside ==========Support The Channel========== ► Patreo ... Show More
2h 1m
Jun 2024
Yet another open source rug pull (News)
A popular open source iOS authenticator app goes rogue under new ownership, Andreas Kling steps back from SerenityOS & forks Ladybird, Vhyrro takes a thought-provoking try at a “static effect system”, Matt Bessey is over GraphQL & Marc-Andre Giroux still likes GraphQL sometimes ( ... Show More
9m 47s
Apr 2024
750: New CSS and JavaScript You Should Be Using
Get stoked, jQuery 1.2 is here! Join Scott and Wes as they discuss jQuery Mobile, slicing PSD files, CSS rounded corners, CoffeeScript features, WordPress 2.3, and the rise of Skeuomorphism, shaping the landscape of web development this year. Show Notes 00:00 Welcome to Syntax! 0 ... Show More
24m 24s
Jun 2024
Is YouTube Adding Community Notes to Videos?
This week, Marques is out working on a big video project so he left Andrew and David in charge of going over the news of the week. First they give their quick impressions on the new Surface devices that showed up right before we sat down to record. Then they discuss the new Threa ... Show More
1h 11m
Mar 2024
AI vs software devs
Daniel and Chris are out this week, so we’re bringing you conversations all about AI’s complicated relationship to software developers from other Changelog pods: JS Party, Go Time & The Changelog.Join the discussionChangelog++ members save 2 minutes on this episode because they m ... Show More
57 m
Jun 2024
How Much AI Will We WWDC?
There was a lot to get into this week! First, Marques, Andrew, and David discuss Instagram testing unskippable ads before getting into some Microsoft Recall news. Then they go deep on what they expect to see from Apple's WWDC 2024 next week. Then we finish it up with a call to ac ... Show More
1h 32m
Aug 2023
#545 | ダンボールの折り方?
編集担当 | Yo ダンボール、おりまくってたなー。 引用元記事:https://it.impress.co.jp/articles/-/24991 ITわくわくさんのTwitter:https://twitter.com/ITwakuwakusan Shogoのインスタ:https://www.instagram.com/shogoitwakuwaku/ ShogoのTwitter:https://twitter.com/ShogoITwakuwaku Yoのインスタ:https://www.instagram.com/yo__lo__yo/ YoのT ... Show More
11m 15s