Critical Thinking – Bug Bounty Podcast
Episode 9: In this episode of Critical Thinking - Bug Bounty Podcast we talk about Headless Browser SSRF and drop a tool called RebindMultiA. Joel also walks us through a web3 bug and we cover some bug bounty news from the past week. As always, we drop some bug bounty tips and give you some attack vectors to think about.
Follow us on twitter at: @ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Truffle Security End-To-End Encryption Video:
https://www.youtube.com/watch?v=BBcZcoIZ1Jc
HackerOne World Cup:
https://www.hackerone.com/hackers/brand-ambassador-program
HackerOne World Cup Sign Up Form for USA:
https://docs.google.com/forms/d/e/1FAIpQLSeRQpH2y0J-opxlsz8dPkvnIu8BqC_DA3CJe_eFhTFroPwdcg/viewform
ChatGPT API:
https://openai.com/blog/introducing-chatgpt-and-whisper-apis
Megachad RobertMD GitHub Issue:
https://github.com/nccgroup/singularity/issues/2
Justin’s RebindMultiA Tool:
https://github.com/Rhynorater/rebindMultiA
Brandon Dorsey’s WhoNow Tool:
https://github.com/brannondorsey/whonow
NCC Group’s Singularity:
https://github.com/nccgroup/singularity
Chromium Disclosed Bugs:
https://chromium-disclosed-bugs.appspot.com/
NahamSec Talk on Headless Browser SSRF:
https://docs.google.com/presentation/d/1JdIjHHPsFSgLbaJcHmMkE904jmwPM4xdhEuwhy2ebvo/htmlpresen
Jonathan Bowman - LFI via <annotation>:
https://medium.com/@jonathanbouman/local-file-inclusion-at-ikea-com-e695ed64d82f
WASM Port Scanning:
https://github.com/avilum/portsscan
Jack Halon - Chrome Browser Exploitation:
https://twitter.com/jack_halon/status/1583957704930131968
DNSChef: