logo
episode-header-image
Dec 2023
2h 24m

Episode 50: ­Mathias "Fall in a well" Ka...

Justin Gardner (Rhynorater) & Joseph Thacker (Rez0)
About this episode

Episode 50: In this episode of Critical Thinking - Bug Bounty Podcast, Justin catches up with hacking master Mathias Karlsson, and talks about burnout, collaboration, and the importance of specialization. Then we dive into the technical details of MXSS and XSLT, character encoding, and give some predictions of what Bug Bounty might look like in the future…

Follow us on twitter at: @ctbbpodcast

Send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

------ Ways to Support CTBBPodcast ------

Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.

Hop on the CTBB Discord!

We also do Discord subs at $25, $10, $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Today’s Guest

Episode Resources

How to Differentiate Yourself as a Hunter

MutateMethods

hackaplaneten

Article About Unicode and Character Sets

Byte Order Mark:

Character Encodings

ShapeCatcher

WAF Bypass

BountyDash

EXPLOITING HTTP'S HIDDEN ATTACK-SURFACE

Timestamps:

(00:00:00) Introduction

(00:10:06) Automation Setup and Assetnote Origins

(00:16:49) Sharing Tips, and Content Creation

(00:22:27) Collaboration and Optimization

(00:36:44) Working at Detectify

(00:51:45) Bug Bounty Burnout

(00:56:15) Early Days of Bug Bounty and Future Predictions

(01:19:00) Nerdsnipeability

(01:29:38) MXSS and XSLT

(01:54:20) Learning through being wrong

(02:00:15) Go-to Vulns

Up next
Today
Episode 130: Minecraft Hacks to Google Hacking Star - Valentino
Episode 130: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by Valentino, who shares his journey from hacking Minecraft to becoming a Google hunter. He talks us through several bugs, including an HTML Sanitizer bypass and .NET deserialization, and high ... Show More
1h 8m
Jul 3
Episode 129: Is this how Bug Bounty Ends?
Episode 129: In this episode of Critical Thinking - Bug Bounty Podcast we chat about the future of hack bots and human-AI collaboration, the challenges posed by tokenization, and the need for cybersecurity professionals to adapt to the evolving landscape of hacking in the age of ... Show More
36m 14s
Jun 26
Episode 128: New Research in Blind SSRF and Self-XSS, and How to Architect Source-code Review AI Bots
Episode 128: In this episode of Critical Thinking - Bug Bounty Podcast we talking Blind SSRF and Self-XSS, as well as Reversing massive minified JS with AI and a wild Google Logo Ligature BugFollow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel fre ... Show More
58m 6s
Recommended Episodes
Jun 2024
How to Scale your Startup with Growth Levers: Matt Lerner
Sponsored by Brilliant - visit https://brilliant.org/DeepDive/ and the first 200 of you will get 20% off Brilliant's annual premium subscription. I’ve built a brand new community for like-minded people called Productivity Lab. We’ll have online classes, workshops, and coaching to ... Show More
2h 32m
Mar 2024
AI vs software devs
Daniel and Chris are out this week, so we’re bringing you conversations all about AI’s complicated relationship to software developers from other Changelog pods: JS Party, Go Time & The Changelog.Join the discussionChangelog++ members save 2 minutes on this episode because they m ... Show More
57 m
Jun 2024
Lessons In Cinematography w/Jason Oldak - Just Shoot It 426
ASC-nominated Cinematographer, Jason Oldak, hops on the pod this week to chat with Matt & Oren about his career leading up to working on the hit AppleTV show, Lessons in Chemistry, starring Brie Larson! Matt's Endorsement: You Made It WeirdOren's Endorsement: Chat GPT Music & Tar ... Show More
1h 13m
May 2024
763: Web Scraping + Reverse Engineering APIs
Web scraping 101! Dive into the world of web scraping with Scott and Wes as they explore everything from tooling setup and navigating protected routes to effective data management. In this Tasty Treat episode, you’ll gain invaluable insights and techniques to scrape (almost) any ... Show More
52m 33s
May 2024
AI vs Human: The Future of Job Interviews with Taylor Desseyn
Join hosts RobbieTheWagner and Charles William Carpenter VIII on Whiskey Web and Whatnot as they welcome back Taylor Desseyn for another round of whiskey and engaging conversation. Dive into discussions on the relevance of AI in hiring, the shift between remote and in-office work ... Show More
59m 54s
May 2024
How to overcome limiting beliefs (unlock your next level)
This podcast episode is for you if you are experiencing self sabotage, limiting beliefs or feel like you are blocking yourself - maybe you have big goals / dreams, but everytime you get close to executing or make some moves, you feel some old thought patterns, behaviours and ways ... Show More
48m 42s
Mar 2024
Linux Kernel Scheduler Developer | David Vernet
The linux kernel is something we all use but have you ever thought about what goes into it, well today we've got David Vernet on the show who has spent quite a bit of time focusing on one aspect, that being the scheduler. =========Guest Links========== Twitch: https://www.twi ... Show More
1h 55m
Feb 2024
TIP609: Fooled by Randomness by Nassim Taleb
On today’s episode, Clay reviews Nassim Taleb’s book – Fooled by Randomness.Nassim Taleb is a Lebanon-born American mathematician and statistician whose work concerns problems of randomness, probability, and uncertainty. He’s very well known for his popular books, including The B ... Show More
1 h
Jun 2024
#294 - MakeMyMask : 3,5M€ du jour au lendemain... mais après 4 années de galères
Laurent Kretz rencontre Julie Pernet, la fondatrice de MakeMyMask, un laboratoire dermopilaire qui développe des masques pour les cheveux. Julie nous partage son parcours de solopreneure et les défis qu’elle a dû relever pour faire décoller sa marque. 4 ans après sa création, des ... Show More
1h 9m
Feb 2024
736: CJ Reynolds is Joining Syntax
Scott and Wes introduce Syntax’s new Senior Content Producer, CJ Reynolds, who will be creating video deep-dives and companion content for topics covered on the podcast. CJ, also known as the host of Coding Garden, shares his passions for web development, teaching and experimenti ... Show More
56m 49s
Listen to millions of songs and podcasts on Anghami