Critical Thinking – Bug Bounty Podcast
Episode 32: In this episode of Critical Thinking - Bug Bounty Podcast, Joel caught a nasty bug (no, not that kind) so Justin is flying solo, and catches us up to speed on what's been happening in hacking news.
Follow us on twitter at: @ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
Smashing the State article
Nagles Algorithm
https://en.wikipedia.org/wiki/Nagle%27s_algorithm
HTTP/2 RFC
https://httpwg.org/specs/rfc7540.html
Tweet by Alex Chapman
https://twitter.com/ajxchapman/status/1691103677920968704?s=20
Cookieless Duodrop IIS Auth Bypass
Xss and .Net
https://blog.isec.pl/all-is-xss-that-comes-to-the-net/
Shopify Account Takeover
https://ophionsecurity.com/blog/shopify-acount-takeover
Short Name Guesser
https://github.com/projectmonke/shortnameguesser
Hacking Points.com
https://samcurry.net/Points-com/
Hacking Starbucks
https://samcurry.net/hacking-starbucks/
Bug Bounty Tag Request
https://twitter.com/ajxchapman/status/1688892093597470720
Sandwich Attack
https://www.landh.tech/blog/20230811-sandwich-attack
Timestamps:
(00:00:00) Introduction
(00:01:25) Smashing the State
(00:11:30) HTTP/2 RFC
(00:17:30) Cookieless Duodrop IIS Auth Bypass
(00:24:45) Takeovers and Tools
(00:32:30) Sam Curry writeup
(00:53:10) Community requests
(00:55:10) Sandwich Attacks