logo
episode-header-image
Dec 2023
2h 24m

Episode 50: ­Mathias "Fall in a well" Ka...

Justin Gardner (Rhynorater) & Joseph Thacker (Rez0)
About this episode

Episode 50: In this episode of Critical Thinking - Bug Bounty Podcast, Justin catches up with hacking master Mathias Karlsson, and talks about burnout, collaboration, and the importance of specialization. Then we dive into the technical details of MXSS and XSLT, character encoding, and give some predictions of what Bug Bounty might look like in the future…

Follow us on twitter at: @ctbbpodcast

Send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

------ Ways to Support CTBBPodcast ------

Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.

Hop on the CTBB Discord!

We also do Discord subs at $25, $10, $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Today’s Guest

Episode Resources

How to Differentiate Yourself as a Hunter

MutateMethods

hackaplaneten

Article About Unicode and Character Sets

Byte Order Mark:

Character Encodings

ShapeCatcher

WAF Bypass

BountyDash

EXPLOITING HTTP'S HIDDEN ATTACK-SURFACE

Timestamps:

(00:00:00) Introduction

(00:10:06) Automation Setup and Assetnote Origins

(00:16:49) Sharing Tips, and Content Creation

(00:22:27) Collaboration and Optimization

(00:36:44) Working at Detectify

(00:51:45) Bug Bounty Burnout

(00:56:15) Early Days of Bug Bounty and Future Predictions

(01:19:00) Nerdsnipeability

(01:29:38) MXSS and XSLT

(01:54:20) Learning through being wrong

(02:00:15) Go-to Vulns

Up next
Nov 20
Episode 149: DEFCON Debrief: AI Vulns, Unicode Weirdness, and Wild Vulnerability Chains
<p>Episode 149: In this episode of Critical Thinking - Bug Bounty Podcast The DEFCON videos are up, and Justin and Joseph talk through some of their favorites.</p><p>Follow us on <a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/ctbbpodcast">X</a></p><p>Go ... Show More
1h 2m
Nov 13
Episode 148: MCP Hacking Guide
Episode 148: In this episode of Critical Thinking - Bug Bounty Podcast Justin gives us a crash course on Model Context Protocol.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io ... Show More
32m 26s
Nov 6
Episode 147: Stupid Simple Hacking Workflow Tips
Episode 147: In this episode of Critical Thinking - Bug Bounty Podcast we're talking tips and tricks that help us in hacking that we really should’ve learned sooner.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback ... Show More
58m 48s
Recommended Episodes
Feb 2024
TIP609: Fooled by Randomness by Nassim Taleb
On today’s episode, Clay reviews Nassim Taleb’s book – Fooled by Randomness. Nassim Taleb is a Lebanon-born American mathematician and statistician whose work concerns problems of randomness, probability, and uncertainty. He’s very well known for his popular books, including The ... Show More
1 h
Feb 2024
730: Own Your Own PaaS
Scott and Wes talk about the benefits of owning your own PaaS (platform as a service), the main alternatives in the space, and ways to make passion projects more financially viable. Show Notes 00:00 Welcome to Syntax! 01:12 Brought to you by Sentry.io. 01:56 What is a PaaS ... Show More
57m 57s
Nov 2023
Milli Vanilli Unsynced w/Luke & Patrick - Just Shoot It 399
<p>Director Luke Korem is back on the pod! Matt &amp; Oren chat with him and editor Patrick Berry about their new Paramount+ documentary, Milli Vanilli! </p><br><p>Matt's Endorsement: Cuisinart Digital Gooseneck Kettle</p><p>Oren's Endorsement: Polycam's Room Mode</p><p>Luke's En ... Show More
1h 5m
Feb 2024
#723: In Case You Missed It: January 2024 Recap of "The Tim Ferriss Show"
<p><strong><em>This episode is brought to you by&nbsp;</em></strong><a href="https://go.tim.blog/5-bullet-friday-1/?utm_source=timblog&amp;utm_medium=timblog&amp;utm_campaign=podcast-sponsorship" rel="noopener noreferrer" target="_blank"><strong><em>5-Bullet Friday</em></strong>< ... Show More
48m 19s
Feb 2024
The Suffolk Strangler / Steve Wright - Part 2
<p>PLEASE LISTEN TO <strong>‘SEASON 8 - EPISODE 44’ </strong>FOR PART ONE OF THIS TWO-PART CASE. The bodies of five vulnerable women who went missing from the streets of Ipswich were found over a ten-day period.&nbsp;Suffolk Police launched the most extensive investigation in the ... Show More
1 h
Feb 2024
TIP610: Mastermind Q1, 2024 w/ Tobias Carlisle and Hari Ramachandra
In today's episode, Stig Brodersen speaks to Tobias Carlisle and Hari Ramachandra. Stig only owns five individual stocks, and in this episode, he outlines why he is still bullish on Spotify. Hari’s pick, Disney, has recently been extremely volatile, and Tobias pitches Mueller Ind ... Show More
1h 26m
Feb 2024
S3 Ep 12: Friday Bonus & More Film Pitches
First up, some news about Rom’s unsolvable internet problems, the many varieties of fibre, Tom’s blood test, late night eating, boring sandwiches and using abacuses. Then it’s onto the main event as we read out more of our listener’s Wolf & Owl film pitches. Thank so much for you ... Show More
35m 4s
Sep 2023
Journeying With Throat Chakra Blockages + Powerful Practices
<p><a target="_blank" href="https://www.buzzsprout.com/twilio/text_messages/1723781/open_sms">Text me your thoughts/questions</a></p><p>Hello Magical Human &amp; welcome back 🪷🫧<br/><br/><br/>In this episode, I get vulnerable with you and share what I have been learning about m ... Show More
23m 53s
Feb 2024
Somatic Tools for Self-Regulation with Elizabeth Ferreira
One of the most important skills we can learn is how to regulate ourselves, riding the emotional waves without either ignoring or being overwhelmed by them. Associate therapist Elizabeth Ferreira joins Forrest to explore how we can feel our feelings while staying calm, collected, ... Show More
1h 5m
Listen to millions of songs and podcasts on Anghami