logo
episode-header-image
Dec 2023
2h 24m

Episode 50: ­Mathias "Fall in a well" Ka...

Justin Gardner (Rhynorater) & Joseph Thacker (Rez0)
About this episode

Episode 50: In this episode of Critical Thinking - Bug Bounty Podcast, Justin catches up with hacking master Mathias Karlsson, and talks about burnout, collaboration, and the importance of specialization. Then we dive into the technical details of MXSS and XSLT, character encoding, and give some predictions of what Bug Bounty might look like in the future…

Follow us on twitter at: @ctbbpodcast

Send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

------ Ways to Support CTBBPodcast ------

Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.

Hop on the CTBB Discord!

We also do Discord subs at $25, $10, $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Today’s Guest

Episode Resources

How to Differentiate Yourself as a Hunter

MutateMethods

hackaplaneten

Article About Unicode and Character Sets

Byte Order Mark:

Character Encodings

ShapeCatcher

WAF Bypass

BountyDash

EXPLOITING HTTP'S HIDDEN ATTACK-SURFACE

Timestamps:

(00:00:00) Introduction

(00:10:06) Automation Setup and Assetnote Origins

(00:16:49) Sharing Tips, and Content Creation

(00:22:27) Collaboration and Optimization

(00:36:44) Working at Detectify

(00:51:45) Bug Bounty Burnout

(00:56:15) Early Days of Bug Bounty and Future Predictions

(01:19:00) Nerdsnipeability

(01:29:38) MXSS and XSLT

(01:54:20) Learning through being wrong

(02:00:15) Go-to Vulns

Up next
Aug 21
Episode 136: Hacking Cluely, AI Prod Sec, and How To Not Get Sued with Jack Cable
Episode 136: In this episode of Critical Thinking - Bug Bounty Podcast, Joseph Thacker sits down with Jack Cable to get the scoop on a significant bug in Cluely’s desktop application, as well as the resulting drama. They also talk about Jack’s background in government cybersecuri ... Show More
50m 53s
Aug 14
Episode 135: Akamai's Ryan Barnett on WAFs, Unicode Confusables, and Triage Stories
Episode 135: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Ryan Barnett for a deep dive on WAFs. We also recap his Exploiting Unicode Normalization talk from DEFCON, and get his perspective on bug hunting from his time at Akamai. Follow us on twi ... Show More
1h 26m
Aug 4
Episode 134: XBOW - AI Hacking Agent and Human in the Loop with Diego Djurado
Episode 134: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Diego Djurado to give us the scoop on XBOW. We cover a little about its architecture and approach to hunting, the challenges with hallucinations, and the future of AI in the BB landscape. Diego ... Show More
1h 53m
Recommended Episodes
Jun 2024
How to Scale your Startup with Growth Levers: Matt Lerner
Sponsored by Brilliant - visit https://brilliant.org/DeepDive/ and the first 200 of you will get 20% off Brilliant's annual premium subscription. I’ve built a brand new community for like-minded people called Productivity Lab. We’ll have online classes, workshops, and coaching to ... Show More
2h 32m
Mar 2024
AI vs software devs
Daniel and Chris are out this week, so we’re bringing you conversations all about AI’s complicated relationship to software developers from other Changelog pods: JS Party, Go Time & The Changelog.Join the discussionChangelog++ members save 2 minutes on this episode because they m ... Show More
57 m
Jun 2024
Lessons In Cinematography w/Jason Oldak - Just Shoot It 426
ASC-nominated Cinematographer, Jason Oldak, hops on the pod this week to chat with Matt & Oren about his career leading up to working on the hit AppleTV show, Lessons in Chemistry, starring Brie Larson! Matt's Endorsement: You Made It WeirdOren's Endorsement: Chat GPT Music & Tar ... Show More
1h 13m
May 2024
763: Web Scraping + Reverse Engineering APIs
Web scraping 101! Dive into the world of web scraping with Scott and Wes as they explore everything from tooling setup and navigating protected routes to effective data management. In this Tasty Treat episode, you’ll gain invaluable insights and techniques to scrape (almost) any ... Show More
52m 33s
May 2024
AI vs Human: The Future of Job Interviews with Taylor Desseyn
Join hosts RobbieTheWagner and Charles William Carpenter VIII on Whiskey Web and Whatnot as they welcome back Taylor Desseyn for another round of whiskey and engaging conversation. Dive into discussions on the relevance of AI in hiring, the shift between remote and in-office work ... Show More
59m 54s
May 2024
How to overcome limiting beliefs (unlock your next level)
This podcast episode is for you if you are experiencing self sabotage, limiting beliefs or feel like you are blocking yourself - maybe you have big goals / dreams, but everytime you get close to executing or make some moves, you feel some old thought patterns, behaviours and ways ... Show More
48m 42s
Mar 2024
Linux Kernel Scheduler Developer | David Vernet
The linux kernel is something we all use but have you ever thought about what goes into it, well today we've got David Vernet on the show who has spent quite a bit of time focusing on one aspect, that being the scheduler. =========Guest Links========== Twitch: https://www.twi ... Show More
1h 55m
Feb 2024
TIP609: Fooled by Randomness by Nassim Taleb
On today’s episode, Clay reviews Nassim Taleb’s book – Fooled by Randomness.Nassim Taleb is a Lebanon-born American mathematician and statistician whose work concerns problems of randomness, probability, and uncertainty. He’s very well known for his popular books, including The B ... Show More
1 h
Jun 2024
#294 - MakeMyMask : 3,5M€ du jour au lendemain... mais après 4 années de galères
Laurent Kretz rencontre Julie Pernet, la fondatrice de MakeMyMask, un laboratoire dermopilaire qui développe des masques pour les cheveux. Julie nous partage son parcours de solopreneure et les défis qu’elle a dû relever pour faire décoller sa marque. 4 ans après sa création, des ... Show More
1h 9m
Feb 2024
736: CJ Reynolds is Joining Syntax
Scott and Wes introduce Syntax’s new Senior Content Producer, CJ Reynolds, who will be creating video deep-dives and companion content for topics covered on the podcast. CJ, also known as the host of Coding Garden, shares his passions for web development, teaching and experimenti ... Show More
56m 49s
Listen to millions of songs and podcasts on Anghami