logo
episode-header-image
Aug 2023
1h 1m

Episode 32: The Great Write-up Low-down ...

Justin Gardner (Rhynorater) & Joseph Thacker (Rez0)
About this episode

Episode 32: In this episode of Critical Thinking - Bug Bounty Podcast, Joel caught a nasty bug (no, not that kind) so Justin is flying solo, and catches us up to speed on what's been happening in hacking news.

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

Smashing the State article

https://portswigger.net/research/smashing-the-state-machine?ps_source=portswiggerres&ps_medium=social&ps_campaign=race-conditions

Nagles Algorithm

https://en.wikipedia.org/wiki/Nagle%27s_algorithm

HTTP/2 RFC

https://httpwg.org/specs/rfc7540.html

Tweet by Alex Chapman

https://twitter.com/ajxchapman/status/1691103677920968704?s=20

Cookieless Duodrop IIS Auth Bypass

https://soroush.me/blog/2023/08/cookieless-duodrop-iis-auth-bypass-app-pool-privesc-in-asp-net-framework-cve-2023-36899/

Xss and .Net

https://blog.isec.pl/all-is-xss-that-comes-to-the-net/

Shopify Account Takeover

https://ophionsecurity.com/blog/shopify-acount-takeover

Short Name Guesser

https://github.com/projectmonke/shortnameguesser

Hacking Points.com

https://samcurry.net/Points-com/

Hacking Starbucks

https://samcurry.net/hacking-starbucks/

Bug Bounty Tag Request

https://twitter.com/ajxchapman/status/1688892093597470720

Sandwich Attack

https://www.landh.tech/blog/20230811-sandwich-attack

Timestamps:

(00:00:00) Introduction

(00:01:25) Smashing the State

(00:11:30) HTTP/2 RFC

(00:17:30) Cookieless Duodrop IIS Auth Bypass

(00:24:45) Takeovers and Tools

(00:32:30) Sam Curry writeup

(00:53:10) Community requests

(00:55:10) Sandwich Attacks

Up next
Nov 20
Episode 149: DEFCON Debrief: AI Vulns, Unicode Weirdness, and Wild Vulnerability Chains
<p>Episode 149: In this episode of Critical Thinking - Bug Bounty Podcast The DEFCON videos are up, and Justin and Joseph talk through some of their favorites.</p><p>Follow us on <a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/ctbbpodcast">X</a></p><p>Go ... Show More
1h 2m
Nov 13
Episode 148: MCP Hacking Guide
Episode 148: In this episode of Critical Thinking - Bug Bounty Podcast Justin gives us a crash course on Model Context Protocol.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io ... Show More
32m 26s
Nov 6
Episode 147: Stupid Simple Hacking Workflow Tips
Episode 147: In this episode of Critical Thinking - Bug Bounty Podcast we're talking tips and tricks that help us in hacking that we really should’ve learned sooner.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback ... Show More
58m 48s
Recommended Episodes
Feb 2024
E167: Nvidia smashes earnings (again), Google's Woke AI disaster, Groq's LPU breakthrough & more
(0:00) Bestie intros: Banana boat! (2:34) Nvidia smashes expectations again: understanding its terminal value and bull/bear cases in the context of the history of the internet (27:26) Groq's big week, training vs. inference, LPUs vs. GPUs, how to succeed in deep tech (49:37) Goog ... Show More
1h 20m
Feb 2024
ROLLUP: $ETH 3k! | TradFi Stonks ATHs | $STRK Now Live | Yuga Acquires PROOF
<p>Last Week of February 2024</p> <p>------<br /> 🏹 USE PODCAST24 FOR 10% OFF<br /> <a href= "https://bankless.cc/Citizen2024">https://bankless.cc/Citizen2024</a>  </p> <p>------<br /> 📣SUI | Register for Sui Basecamp<br /> <a href= "https://bankless.cc/sui-basecamp">https://ba ... Show More
1h 10m
Feb 2024
WORST EXCUSES FOR CHEATING?! | EP 369 | ShxtsNGigs Podcast
<p>#Ad GRAB YOUR WHOOP NOW https://join.whoop.com/en-uk/SNG</p><br><p>SNG LIVE AT THE O2!!:</p><p>https://www.axs.com/uk/events/518134/shxtsngigs-tickets?skin=theo2</p><br><p><br></p><p>CHECK OUT JAMES' STREAMS:</p><p>https://www.twitch.tv/sng_james</p><br><p><br></p><br><p>This ... Show More
55m 52s
Jun 2023
Digital Identity w/ ENS Domains
Always mixing business and education, Khori has major experience managing for-profits and non-profits, with a big love for tech and always being an early adopter. Developing an interest in distributed ledger tech, and being passionate about decentralized inclusion and identity, h ... Show More
1h 17m
Mar 2021
22: THE TALKING STAGE AND BREAKING UP CATFIGHTS
In this episode, we address the talking stage that people go through before they decide if they want to be in a serious relationship with someone and if this should even be considered a stage before a relationship. We also talk about what we would do if our girl is in a fight wit ... Show More
1h 19m
Feb 2024
Reddit’s IPO, Consumer vs. Enterprise AI, and Sam Altman’s New Fund and more! | E1903
<p>This Week in Startups is brought to you by…</p> <p>Northwest Registered Agent. When starting your business, it&#39;s important to use a service that will actually help you. Northwest Registered Agent is that service. They&#39;ll form your company fast, give you the documents y ... Show More
1h 12m
Feb 2024
Refried Beans | Putin’s War of Choice (feat. Rachel Vindman) | Originally Posted 2/25/2022
<p>Friday, February 25th, 2022</p><p>Biden and NATO impose additional sanctions on Russia as Putin initiates a full-scale invasion of Ukraine; we have additional insights into Manhattan DA Alvin Bragg’s reluctance to prosecute Donald; the “Don't Say Gay” bill has passed the Flori ... Show More
43m 42s
Feb 2024
Out Of Koch Money
<p>Tuesday, February 27th, 2024</p><p>Today, Ken Chesebro concealed secret Twitter account communications from Michigan prosecutors; Manhattan DA Alvin Bragg has asked for a gag order in the upcoming election interference hush money trial of Donald Trump; Russia tied hackers issu ... Show More
38m 13s
Feb 2024
Episode 119 - Dart Squad (Ft. 1Dime)
<p>You are listening to this episode 1 week after it was released. To get episodes on time check out our Patreon!  <a href='https://www.patreon.com/posts/episode-103-ft-91756638'>Episode 1</a>20 is already available there: https://www.patreon.com/TheDeprogram<br/><br/>Check out h ... Show More
1h 16m
Oct 10
Navigating Meme Culture: From Brain Rot to Digital Monoculture | Dr. Idil Galip
<p>"Brain rot" as "trashy media for the algorithmic age", the political implications of memes, the differences in global meme cultures, and the impact of AI on the content we receive and share. Dr. Idil Galip is a lecturer in New Media and Digital Culture at the University of Ams ... Show More
56m 27s
Listen to millions of songs and podcasts on Anghami