logo
episode-header-image
Mar 2024
58m 43s

Episode 62: Frontend Language Oddities

Justin Gardner (Rhynorater) & Joseph Thacker (Rez0)
About this episode

Episode 62: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel are back with some additional research resources that didn’t make the Portswigger Top-Ten, but that are worth looking at.

Follow us on twitter at: @ctbbpodcast

Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Sign up for Caido using the referral code CTBBPODCAST for a 10% discount. 

Resources:

Cool HTML Shit

https://twitter.com/jcubic/status/1764311080661082201

https://twitter.com/encodeart/status/1764218128374943764

Bug bounty Hunting Journeys

https://twitter.com/ajxchapman/status/1762101366057525521

https://monkehacks.beehiiv.com/p/monkehacks-02

Yelp Cookie Bridge Report

Deobfuscating/Unminifying Obfuscated Code

ChatGPT Source Watch

Web Security Research Reddit

Nahamsec Resources

Portswigger Nominations list

Abusing perspectives: https://hackerone.com/reports/2401115

PortSwigger CSS Exfiltration

https://github.com/PortSwigger/css-exfiltration

Timestamps:

(00:00:00) Introduction

(00:02:06) Cool HTML Shit

(00:15:31) Bug Bounty Journeys

(00:28:01) Yelp Cookie Bridge Bug

(00:37:56) Additional Research Resources

(00:46:34) CSS and abusing perspectives

Up next
Aug 21
Episode 136: Hacking Cluely, AI Prod Sec, and How To Not Get Sued with Jack Cable
Episode 136: In this episode of Critical Thinking - Bug Bounty Podcast, Joseph Thacker sits down with Jack Cable to get the scoop on a significant bug in Cluely’s desktop application, as well as the resulting drama. They also talk about Jack’s background in government cybersecuri ... Show More
50m 53s
Aug 14
Episode 135: Akamai's Ryan Barnett on WAFs, Unicode Confusables, and Triage Stories
Episode 135: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Ryan Barnett for a deep dive on WAFs. We also recap his Exploiting Unicode Normalization talk from DEFCON, and get his perspective on bug hunting from his time at Akamai. Follow us on twi ... Show More
1h 26m
Aug 4
Episode 134: XBOW - AI Hacking Agent and Human in the Loop with Diego Djurado
Episode 134: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Diego Djurado to give us the scoop on XBOW. We cover a little about its architecture and approach to hunting, the challenges with hallucinations, and the future of AI in the BB landscape. Diego ... Show More
1h 53m
Recommended Episodes
Mar 2024
Linux Kernel Scheduler Developer | David Vernet
The linux kernel is something we all use but have you ever thought about what goes into it, well today we've got David Vernet on the show who has spent quite a bit of time focusing on one aspect, that being the scheduler. =========Guest Links========== Twitch: https://www.twi ... Show More
1h 55m
Jun 2024
20 Years, 1000 Episodes: The Man Behind PodQuiz
We have another bonus episode! In this one, Andrew sits down and talks with James Carter from PodQuiz who began his popular trivia podcast back in 2005. He just published his 1000th episode so Andrew took the opportunity to pick his brain on how he comes up with his questions and ... Show More
59m 30s
Apr 2024
EPISODE 551 I Boloyi, Mamkhize, Kabza, Yeezy, Black Motion, Pleasure Tsa Manyalo, Peter Mashata
➡️ EVERYTHING PODCAST RELATED :https://linktr.ee/podcastwithmacg 🥇 BECOME A PATREON:https://www.patreon.com/podcastwithmacg ✅ PODCAST MEMBERSHIP : https://bit.ly/34FUKZj CONTACT US 📱EMAIL : PODCAST@THISISMACG.COM Meet The Team 🧑🏽 Host : @MacGUnleashed 👨🏽‍🏫 Co Host: @SolPhe ... Show More
1h 45m
Jul 2021
Diaries of an F1 Boss: Episode 19
Spanners and Trumpets are joined by ex-F1 team boss and Formula E Race promoter Matthew Carter as they discuss all the ways to make the aero department cry. From sprint races to the steward’s graces, from human performance to high cost hospitality, no revenue stream goes unlevera ... Show More
1h 30m
Jun 2024
How to Scale your Startup with Growth Levers: Matt Lerner
Sponsored by Brilliant - visit https://brilliant.org/DeepDive/ and the first 200 of you will get 20% off Brilliant's annual premium subscription. I’ve built a brand new community for like-minded people called Productivity Lab. We’ll have online classes, workshops, and coaching to ... Show More
2h 32m
May 2024
Can Your Law Firm’s Podcast Become a Go-To Legal Resource? With Alex Sanfilippo
In this episode, Alex Sanfilippo, founder of Podmatch.com, joins me to discuss strategies for leveraging podcasts effectively, especially for law firms seeking to become authoritative resources in their niche. He talks about the significance of podcasting in marketing strategies, ... Show More
46m 1s
Mar 2024
AI vs software devs
Daniel and Chris are out this week, so we’re bringing you conversations all about AI’s complicated relationship to software developers from other Changelog pods: JS Party, Go Time & The Changelog.Join the discussionChangelog++ members save 2 minutes on this episode because they m ... Show More
57 m
May 2024
Episode 78 | Loco Motions
Judge Aileen Cannon continues to complain– after much deliberation– about having to grant DoJ’s motions.  Trump’s lawyers deceive the court in their motion to dismiss by mischaracterizing the language in the Mar-a-Lago search warrant. Hearings on that got heated.  DoJ files a mot ... Show More
1h 9m
Feb 2024
Justin Drake & Ben Fisch: The United Rollups of Ethereum
In today’s episode, we do a shared sequencing deep dive with repeat guest, Mr. Moonmath himself, the Blockchain Brainiac, and the Ethereum Evangelist– Justin "The Juggernaut" Drake. Justin is joined by The Sultan of Sequencing, the Espresso Emperor, the Cross-Rollup Connoisseur h ... Show More
1h 40m
Listen to millions of songs and podcasts on Anghami