logo
episode-header-image
May 2024
43m 8s

Episode 70: NahamCon and CSP Bypasses Ev...

Justin Gardner (Rhynorater) & Joseph Thacker (Rez0)
About this episode

Episode 70: In this episode of Critical Thinking - Bug Bounty Podcast we’re once again joined by Ben Sadeghipour to talk about some Nahamcon news, as well as discuss a couple other LHE’s taking place. Then they cover CI/CD and drop some cool CSP Bypasses.

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Today's Sponsor - Project Discovery: https://nux.gg/podcast

Today’s Guest: https://twitter.com/NahamSec

https://www.nahamcon.com/

Resources:

Depi

https://www.landh.tech/depi

Youtube CSP:

https://www.youtube.com/oembed?callback=alert()

Maps CSP:

https://maps.googleapis.com/maps/api/js?callback=alert()-print

Google APIs CSP

https://www.googleapis.com/customsearch/v1?callback=alert(1)

Google CSP

https://www.google.com/complete/search?client=chrome&q=123&jsonp=alert(1)//

CSP Bypass for opener.child.child.child.click()

https://octagon.net/blog/2022/05/29/bypass-csp-using-wordpress-by-abusing-same-origin-method-execution/

Timestamps:

(00:00:00) Introduction

(00:02:55) BSides Takeaways and hacking on Meta

(00:12:12) NahamCon News

(00:23:45) CI/CD and the launch of Depi

(00:33:29) CSP Bypasses

Up next
Oct 9
Episode 143: New Cohost + Client-Side Gadgets, LHE Meta — Instant Global Admin in Entra!
Episode 143: In this episode of Critical Thinking - Bug Bounty Podcast Justin brings Brandyn back to announce him as our newest co-host. We chat about recent LHE experiences, and then break down some news. Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and sugges ... Show More
1h 4m
Oct 2
Episode 142: Gr3pme's Full-Time Hunting Journey Update, Insane AI research, And Some Light News
Episode 142: In this episode of Critical Thinking - Bug Bounty Podcast Rez0 and Gr3pme join forces to discuss Websocket research, Meta’s $111750 Bug, PROMISQROUTE, and the opportunities afforded by going full time in Bug Bounty.Follow us on twitter at: https://x.com/ctbbpodcastGo ... Show More
54m 50s
Sep 25
Episode 141: Hacking the Pod - Google Docs 0-day & React CreateElement Exploits with Nick Copi (7urb0)
Episode 141: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Nick Copi to talk about CSPT, React, CSS Injections and how Nick hacked the pod.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any f ... Show More
1h 23m
Recommended Episodes
Feb 2024
E167: Nvidia smashes earnings (again), Google's Woke AI disaster, Groq's LPU breakthrough & more
(0:00) Bestie intros: Banana boat! (2:34) Nvidia smashes expectations again: understanding its terminal value and bull/bear cases in the context of the history of the internet (27:26) Groq's big week, training vs. inference, LPUs vs. GPUs, how to succeed in deep tech (49:37) Goog ... Show More
1h 20m
Feb 2024
Episode 119 - Dart Squad (Ft. 1Dime)
You are listening to this episode 1 week after it was released. To get episodes on time check out our Patreon!  Episode 120 is already available there: https://www.patreon.com/TheDeprogram Check out his work here:Controlled Opposition video: https://www.youtube.com/watch?v=7uPevW ... Show More
1h 16m
Feb 2024
BTS | EP.148 - Valentine's Day Horror Stories ft ShxtsnGigs
Welcome to the Behind the Scenes podcast!Today we are joined by our first guests of the year...ShxtsnGigs!!Make sure you follow our page and like, comment, and share this episode with your friends and family if you enjoyed it! 0:00 - Intro02:13 - Who is Your Zaddy?10:55 - Dilemma ... Show More
1h 8m
Dec 2022
Internet Booby Traps
Today’s podcast features 3 separate, unique stories about the dangers of the internet. The audio from all three stories has been pulled from our main YouTube channel, which is just called "MrBallen," and has been remastered for today's podcast.Story names, previews & links to ori ... Show More
32m 55s
Feb 2024
10 Steps to Self Care
Today we're talking about self-care that goes so much deeper than throwing on a face mask or going for a walk. In today's episode, I talk about 10 non-physical things that you can do to take care of yourself.  SOCIALS AND LINKS Instagram: Ashley's Instagram | Trying Not to Care I ... Show More
37m 49s
Sep 2023
Journeying With Throat Chakra Blockages + Powerful Practices
Text me your thoughts/questionsHello Magical Human & welcome back 🪷🫧 In this episode, I get vulnerable with you and share what I have been learning about my body and more specifically, throat chakra and its impact on your life. I share my deeper encounters with the Chakra syste ... Show More
23m 53s
Nov 2023
65. FIS highlights 1 - SNAP trial, AMR musical, S. aureus update, IPC in LMIC
Join Jame, Callum and Pals for a discussion on some highlights from FIS 2023: https://microbiologysociety.org/event/full-events-listing/federation-of-infection-societies-fis-conference.html Mentioned in episode: UCHL HLH protocol and referral details: https://www.uclh.nhs.uk/our- ... Show More
27m 34s
Feb 2024
BTS l EP.150 - "Platonic Friendships are a Myth!"
Welcome to the Behind the Scenes podcast! Make sure you follow our page and like, comment, and share this episode with your friends and family if you enjoyed it!  0:00 Intro 0:45 Dilemma32:57 How Was Your Week & Song of the Week47:00 Twitter Thread51:56 Hot Gist: Who TF Did I Mar ... Show More
1h 17m
Feb 2024
Microsoft's New Direction with Copilot, Data Management & Retention, Tech Skills Shortage
The Transformation Ground Control podcast covers a number of topics important to digital and business transformation. This episode covers the following topics and interviews: Microsoft’s New Direction with Copilot, Q&A (Darian Chwialkowski, Third Stage Consulting) Data Management ... Show More
1h 54m
Aug 1
Doctor’s Orders | 1. Red Flags
When 21-year-old Juliana Redding is found murdered in her Santa Monica, Calif. bungalow, her friends all think the same thing. Juliana had been caught up with a mysterious man — older, charming and very, very rich. Could he be connected to her shocking death? Doctor’s Orders is p ... Show More
41m 40s
Listen to millions of songs and podcasts on Anghami