logo
episode-header-image
Jul 2024
2h 4m

Episode 81: Crushing Client-Side on Any ...

Justin Gardner (Rhynorater) & Joseph Thacker (Rez0)
About this episode

Episode 81: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by MatanBer to go over some recent bug reports, as well as share some tips and tricks on client-side hacking and using DevTools effectively.

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Today’s Sponsor - ThreatLocker

Today’s Guest: https://x.com/MtnBer

Resources:

Beyond XSS

https://aszx87410.github.io/beyond-xss/en/

Web VSCode XSS

https://gitlab.com/gitlab-org/gitlab/-/issues/461328

Timestamps

(00:00:00) Introduction

(00:05:24) Learning and Labs

(00:17:29) DevTools tips and tricks

(00:49:49) General Client-Side hacking tips

(01:09:59) Self-XSS Storytime

(01:32:16) Bug Reports

(01:46:37) Brainstorming a Client-side HUD

Up next
Jul 3
Episode 129: Is this how Bug Bounty Ends?
Episode 129: In this episode of Critical Thinking - Bug Bounty Podcast we chat about the future of hack bots and human-AI collaboration, the challenges posed by tokenization, and the need for cybersecurity professionals to adapt to the evolving landscape of hacking in the age of ... Show More
36m 14s
Jun 26
Episode 128: New Research in Blind SSRF and Self-XSS, and How to Architect Source-code Review AI Bots
Episode 128: In this episode of Critical Thinking - Bug Bounty Podcast we talking Blind SSRF and Self-XSS, as well as Reversing massive minified JS with AI and a wild Google Logo Ligature BugFollow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel fre ... Show More
58m 6s
Jun 19
Episode 127: Drama, PDF as JS Chaos, Bounty Profile Apps, And More
Episode 127: In this episode of Critical Thinking - Bug Bounty Podcast we address some recent bug bounty controversy before jumping into a slew of news itemsFollow us on XShoutout to YTCracker for the awesome intro music!Today's Sponsor: Adobe====== This Week In Bug Bounty ====== ... Show More
1h 7m
Recommended Episodes
Aug 2024
80% of professional programmers are unhappy (News)
The latest Stack Overflow Developer Survey has some concerning results, Joeri Sebrechts helps you do plain vanilla web dev, MIT’s “missing semester” course looks pretty amazing, a dive into the fascinating history of CSV & a tool to get request analytics from the nginx access log ... Show More
6m 44s
Jan 2015
17: Somewhere on The Monorail
This week Jason and Myke discuss Apple's software quality issues and the difficulty in diagnosing problems from outside an organization, why Family Sharing is a problematic feature, and what's good and bad about CES. Plus, Jason listens to Hello Internet and Myke listens ... Show More
1h 41m
Oct 2024
The Ultimate Guide to Knowing Your Users as a PM | George Harter, 20+ Years of PM
As a PM, you have to be the expert in your user.In this episode, 20+ year PM George Harter (a 'Super IC PM') breaks down his two part strategy to knowing your users:Listening tourSurveysTune in for his methodology and much more - like navigating leadership challenges to the futur ... Show More
1h 23m
Feb 2025
From JavaScript to PHP: Josh Cirre’s Unexpected Dev Journey
This week, Robbie and Chuck talk with Josh Cirre about his journey from JavaScript to PHP, working with the Laravel team, and creating content for developers. They also discuss the value of opinionated frameworks, whether React was a mistake, fast food whatnot, and a surprising h ... Show More
54m 28s
Sep 2024
SN 990: Is Telegram an Encrypted App? - CrowdStrike Exodus, DDoS-as-a-Service, 'Active Listening' Ad Tech?
Telegram puts End-to-End Privacy in the Crosshairs Free security logging is good for everyone CrowdStrike hemorrhaging customers Microsoft to meet privately with EDR (Endpoint Detection & Response) vendors Yelp's Unhappy with Google Telegram as the hotbed for DDoSass – DDoS as a ... Show More
2h 9m
Dec 2024
ShopTalk & Friends (Changelog & Friends #72)
Chris Coyier and Dave Rupert join Adam and Jerod for a ShopTalk & Friends conversation on the viability of the web, making content, ads to support that content, Codepen’s future plans, books, side quests, and social networks devaluing links. Join the discussionChangelog++ members ... Show More
1h 34m
May 19
Redacted realities: Inside the MoJ hack.
The UK’s Ministry of Justice suffers a major breach. Mozilla patches two critical JavaScript engine flaws in Firefox. Over 200,000 patients of a Georgia-based health clinic see their sensitive data exposed. Researchers track increased malicious targeting of iOS devices. A popular ... Show More
33m 20s
Mar 2020
It is Go Time! (Go Time)
This is THE podcast for diverse discussions from around the Go community. Go Time’s panel hosts special guests like Kelsey Hightower… (clip from episode #114) picks the brains of the Go team at Google… (clip from episode #100) shares their expertise from years in the industry (cl ... Show More
1m 30s
Mar 2016
Episode 214: 214: Atrophic Cohost
Sean, Kyle, and a chorus of small frogs discuss the Game Developers Conference, eating alone, atrophic organs, Slack vs Basecamp, the cost of abstractions, and tips for adding new team members. Braintree: An easy way to accept multiple payment types with one integration. Quick, k ... Show More
1h 23m
Dec 2024
The Spirit of Open Source in a Modern .NET World with Scott Harden
RJJ Software's Software Development Service This episode of The Modern .NET Show is supported, in part, by RJJ Software's Podcasting Services, whether your company is looking to elevate its UK operations or reshape its US strategy, we can provide tailored solutions that exceed ex ... Show More
1h 22m
Listen to millions of songs and podcasts on Anghami