logo
episode-header-image
Aug 2023
1h 1m

Episode 32: The Great Write-up Low-down

Justin Gardner (Rhynorater) & Joseph Thacker (Rez0)
About this episode

Episode 32: In this episode of Critical Thinking - Bug Bounty Podcast, Joel caught a nasty bug (no, not that kind) so Justin is flying solo, and catches us up to speed on what's been happening in hacking news.

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

Smashing the State article

https://portswigger.net/research/smashing-the-state-machine?ps_source=portswiggerres&ps_medium=social&ps_campaign=race-conditions

Nagles Algorithm

https://en.wikipedia.org/wiki/Nagle%27s_algorithm

HTTP/2 RFC

https://httpwg.org/specs/rfc7540.html

Tweet by Alex Chapman

https://twitter.com/ajxchapman/status/1691103677920968704?s=20

Cookieless Duodrop IIS Auth Bypass

https://soroush.me/blog/2023/08/cookieless-duodrop-iis-auth-bypass-app-pool-privesc-in-asp-net-framework-cve-2023-36899/

Xss and .Net

https://blog.isec.pl/all-is-xss-that-comes-to-the-net/

Shopify Account Takeover

https://ophionsecurity.com/blog/shopify-acount-takeover

Short Name Guesser

https://github.com/projectmonke/shortnameguesser

Hacking Points.com

https://samcurry.net/Points-com/

Hacking Starbucks

https://samcurry.net/hacking-starbucks/

Bug Bounty Tag Request

https://twitter.com/ajxchapman/status/1688892093597470720

Sandwich Attack

https://www.landh.tech/blog/20230811-sandwich-attack

Timestamps:

(00:00:00) Introduction

(00:01:25) Smashing the State

(00:11:30) HTTP/2 RFC

(00:17:30) Cookieless Duodrop IIS Auth Bypass

(00:24:45) Takeovers and Tools

(00:32:30) Sam Curry writeup

(00:53:10) Community requests

(00:55:10) Sandwich Attacks

Up next
Aug 21
Episode 136: Hacking Cluely, AI Prod Sec, and How To Not Get Sued with Jack Cable
Episode 136: In this episode of Critical Thinking - Bug Bounty Podcast, Joseph Thacker sits down with Jack Cable to get the scoop on a significant bug in Cluely’s desktop application, as well as the resulting drama. They also talk about Jack’s background in government cybersecuri ... Show More
50m 53s
Aug 14
Episode 135: Akamai's Ryan Barnett on WAFs, Unicode Confusables, and Triage Stories
Episode 135: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Ryan Barnett for a deep dive on WAFs. We also recap his Exploiting Unicode Normalization talk from DEFCON, and get his perspective on bug hunting from his time at Akamai. Follow us on twi ... Show More
1h 26m
Aug 4
Episode 134: XBOW - AI Hacking Agent and Human in the Loop with Diego Djurado
Episode 134: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Diego Djurado to give us the scoop on XBOW. We cover a little about its architecture and approach to hunting, the challenges with hallucinations, and the future of AI in the BB landscape. Diego ... Show More
1h 53m
Recommended Episodes
Mar 2024
Linux Kernel Scheduler Developer | David Vernet
The linux kernel is something we all use but have you ever thought about what goes into it, well today we've got David Vernet on the show who has spent quite a bit of time focusing on one aspect, that being the scheduler. =========Guest Links========== Twitch: https://www.twi ... Show More
1h 55m
Feb 2024
E167: Nvidia smashes earnings (again), Google's Woke AI disaster, Groq's LPU breakthrough & more
(0:00) Bestie intros: Banana boat! (2:34) Nvidia smashes expectations again: understanding its terminal value and bull/bear cases in the context of the history of the internet (27:26) Groq's big week, training vs. inference, LPUs vs. GPUs, how to succeed in deep tech (49:37) Goog ... Show More
1h 20m
Jun 2024
20 Years, 1000 Episodes: The Man Behind PodQuiz
We have another bonus episode! In this one, Andrew sits down and talks with James Carter from PodQuiz who began his popular trivia podcast back in 2005. He just published his 1000th episode so Andrew took the opportunity to pick his brain on how he comes up with his questions and ... Show More
59m 30s
Mar 2024
AI vs software devs
Daniel and Chris are out this week, so we’re bringing you conversations all about AI’s complicated relationship to software developers from other Changelog pods: JS Party, Go Time & The Changelog.Join the discussionChangelog++ members save 2 minutes on this episode because they m ... Show More
57 m
Jun 2024
The Linux Distro No One Talks About | René Rebe
Today we have the one and only René Rebe on the show, the developer of T2 SDE one of the very few standalone distros that is severely under represented in the media alongside running 2 youtube channels, Code Therapy and Bits inside ==========Support The Channel========== ► Patreo ... Show More
2h 1m
May 2024
763: Web Scraping + Reverse Engineering APIs
Web scraping 101! Dive into the world of web scraping with Scott and Wes as they explore everything from tooling setup and navigating protected routes to effective data management. In this Tasty Treat episode, you’ll gain invaluable insights and techniques to scrape (almost) any ... Show More
52m 33s
Feb 2024
Justin Drake & Ben Fisch: The United Rollups of Ethereum
In today’s episode, we do a shared sequencing deep dive with repeat guest, Mr. Moonmath himself, the Blockchain Brainiac, and the Ethereum Evangelist– Justin "The Juggernaut" Drake. Justin is joined by The Sultan of Sequencing, the Espresso Emperor, the Cross-Rollup Connoisseur h ... Show More
1h 40m
Jun 2024
Oh My Zsh with Robby Russell
Explore the evolution of web development, Rails, and TypeScript, all while sipping Mortlach Single Malt Whisky. The discussion also covers vintage music formats like vinyl records and cassettes, the Tennessee whiskey scene, and modern bourbon regulations. Robby shares stories abo ... Show More
1h 17m
Nov 2023
198 - SUAVE Explained with Phil Daian & Andrew Miller
Phil Daian is a crypto-economic researcher! Phil is the lead author behind the landmark paper, “Flash Boys 2.0,” which introduced and defined the MEV problem in the Ethereum landscape, over 4 years ago. He is the cofounder of FlashBots, which is a research and dev organization wi ... Show More
1h 32m
Aug 2023
#545 | ダンボールの折り方?
編集担当 | Yo ダンボール、おりまくってたなー。 引用元記事:https://it.impress.co.jp/articles/-/24991 ITわくわくさんのTwitter:https://twitter.com/ITwakuwakusan Shogoのインスタ:https://www.instagram.com/shogoitwakuwaku/ ShogoのTwitter:https://twitter.com/ShogoITwakuwaku Yoのインスタ:https://www.instagram.com/yo__lo__yo/ YoのT ... Show More
11m 15s
Listen to millions of songs and podcasts on Anghami