logo
episode-header-image
Jun 26
58m 6s

Episode 128: New Research in Blind SSRF ...

Justin Gardner (Rhynorater) & Joseph Thacker (Rez0)
About this episode

Episode 128: In this episode of Critical Thinking - Bug Bounty Podcast we talking Blind SSRF and Self-XSS, as well as Reversing massive minified JS with AI and a wild Google Logo Ligature Bug

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater and Rez0 on Twitter:

https://x.com/Rhynorater

https://x.com/rez0__

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today's Sponsor: ThreatLocker - Patch Management

====== This Week in Bug Bounty ======

BitK's "Payload plz" challenge at LeHack

====== Resources ======

Make Self-XSS Great Again

Novel SSRF Technique Involving HTTP Redirect Loops

Surf - Escalate your SSRF vulnerabilities on Modern Cloud Environments

Gecko: Intent to prototype: Framebusting Intervention

Conducting smarter intelligences than me: new orchestras

Mandark

Lumentis

jscollab

Google Logo Ligature Bug

====== Timestamps ======

(00:00:00) Introduction

(00:03:55) Self-XSS and credentialless iframe

(00:16:50) Novel SSRF Technique Involving HTTP Redirect Loops

(00:25:02) Framebusting

(00:29:13) Reversing massive minified JS with AI

(00:53:12) Google Logo Ligature Bug

Up next
Jul 3
Episode 129: Is this how Bug Bounty Ends?
Episode 129: In this episode of Critical Thinking - Bug Bounty Podcast we chat about the future of hack bots and human-AI collaboration, the challenges posed by tokenization, and the need for cybersecurity professionals to adapt to the evolving landscape of hacking in the age of ... Show More
36m 14s
Jun 19
Episode 127: Drama, PDF as JS Chaos, Bounty Profile Apps, And More
Episode 127: In this episode of Critical Thinking - Bug Bounty Podcast we address some recent bug bounty controversy before jumping into a slew of news itemsFollow us on XShoutout to YTCracker for the awesome intro music!Today's Sponsor: Adobe====== This Week In Bug Bounty ====== ... Show More
1h 7m
Jun 12
Episode 126: Hacking AI Series: Vulnus ex Machina - Part 3
Episode 126: In this episode of Critical Thinking - Bug Bounty Podcast we wrap up Rez0’s AI miniseries ‘Vulnus Ex Machina’. Part 3 includes a showcase of AI Vulns that Rez0 himself has found, and how much they paid out.Follow us on twitter at: https://x.com/ctbbpodcastGot any ide ... Show More
38m 32s
Recommended Episodes
Sep 2024
#67: "Introducing Crypto Unplugged's Alpha Insider and DataVision Analytics"
Send us a textIn Episode 67 of the Crypto Unplugged Podcast, Doc and Oz sit down to discuss a major evolution in the TheMarketsUnplugged journey: the decision to transition to a subscription-based website. After years of providing free crypto insights, Doc and Oz explain why they ... Show More
46m 6s
Oct 2024
Navigating NIST CSF 2.0: Guide to Frameworks and Governance
In this episode, we sat down with Lukasz Gogolkiewicz, an Australia-based Cybersecurity Leader and former pentester, to explore his journey from offensive security into cybersecurity leadership. Lukasz, also a speaker coach at BlackHat USA, brings valuable insights into what it t ... Show More
36m 29s
Aug 2019
SLP100 Pavol Rusnak (Stick) - Trezor One and Model T by SatoshiLabs
Pavol Rusnak aka Stick, CTO of SatoshiLabs (the company behind Trezor) joins me in this episode to talk about his journey creating the world’s first bitcoin hardware wallet. We talk about: Making the world’s first bitcoin hardware wallet SLIP39 and Shamir’s secret sharing Multi s ... Show More
1h 6m
Aug 2024
D2DO249: The Anatomy of TLS 1.3 and Why You Should Risk It
Transport Layer Security (TLS) is today’s topic with guest Ed Harmoush. TLS plays a critical role in Internet security, and we dive into the differences between versions 1.2 and 1.3 In addition, Ed shares his journey into TLS, explains its components, and addresses common misconc ... Show More
36m 20s
Apr 2024
The role of Real Time Defense in Cloud Security
In this episode from KubeCon Paris 2024, we spoke to Loris Degioanni, Co-Founder and CTO of Sysdig about Open Source Project, Falco that celebrated its graduation this year at KubeconEU, Loris shared with us this proud moment and journey from writing the 1st lines of code to its ... Show More
21m 35s
Nov 2024
Enhancing OAuth Security and Interoperability Using FAPI with Joseph Heenan
FAPI is a refinement of the OAuth standard developed by the OpenID Foundation. It was conceived to solve a core problem of providing a consistent approach to API security across the financial industry, with the goal of enhancing interoperability of financial data exchange. It has ... Show More
42m 49s
Nov 2024
SN 1001: Artificial General Intelligence (AGI) - Gmail Temp Addresses, Russia's Internet Off Switch
How Microsoft lured the US Government into a far deeper and expensive dependency upon its cybersecurity solutions. Gmail to offer native throwaway email aliases like Apple and Mozilla. Russia to ban several additional hosting companies and give its big Internet disconnect switch ... Show More
2h 26m
Aug 2019
SLP101 Rodolfo Novak - Coldcard by Coinkite
Rodolfo Novak (CEO CoinKite) rejoins me in this episode to talk about the Coldcard from Coinkite. We talk about: Why he made the Coldcard Basic features of the Coldcard Bitcoiner support for the Coldcard Multi signature with Coldcard WalletsRecovery.org Rodolfo Novak and Coldcard ... Show More
1h 1m
Sep 2022
Security, Access and War, with Kateryna Ivashchenko
Kateryna Ivashchenko is a Senior Demand Generation Manager at Teleport, an organizer of community events, and a supporter of the developer community in her home country of Ukraine. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: ... Show More
39m 1s
Listen to millions of songs and podcasts on Anghami