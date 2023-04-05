Episode 19: In this episode of Critical Thinking - Bug Bounty Podcast we further discuss some tips and tricks for finding vulns once you’ve got source code and some banger tweets/tools that popped up in our feed this week. Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterPart 1:https://open.spotify.com/episode/2pdTaWHSzl9CY7PgRQtvTiNoperator’s Zip-Snip: https://twitter.com/noperator/status/1658313637189111808https://github.com/noperator/zip-sniphttps://noperator.dev/posts/zip-snip/Insecure’s SIP Bugs: https://twitter.com/ifsecure/status/1656591469518495745 AssetNote’s Sitecore Bugs: https://blog.assetnote.io/2023/05/10/sitecore-round-two/ Fyooer’s Shadow Clone: https://github.com/fyoorer/ShadowClone
Episode 18: In this episode of Critical Thinking - Bug Bounty Podcast, we dive into everything source-code related: how to get source-code and what to do with it once you have. This episode is packed with great examples of successful source code review, tips on how to review code yourself, and the tools you'll need along the way.

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater

Crossing the KASM:
https://www.youtube.com/watch?v=NwMY1umhpgg

PWNAssistant by Elttam:
https://www.elttam.com/blog/pwnassistant/#content

Andre's Git Arbitrary Configuration Injection:
https://blog.ethiack.com/en/blog/git-arbitrary-configuration-injection-cve-2023-29007

Jub0b's a Smorgasbord of a Bug Chain:
https://jub0bs.com/posts/2023-05-05-smorgasbord-of-a-bug-chain/

Ankur Sundara's Cookie Bugs - Smuggling & Injection:
https://twitter.com/ankursundara/status/1654556463703134208?t=7nTUSszPB6fS3MkATzxpaQ&s=19

James Kettle's Notes on Novel Pathways to Poisoning (cool quirks in here):
https://twitter.com/albinowax/status/1654767919690031106?t=vbVEOML5_QnWByi0m8Nv4A&s=19

Ignore Irrelevant Scripts During Debugging by Johan Carlsson:
https://twitter.com/joaxcar/status/1653787336105156616

Every known way to get references to windows:
https://bluepnume.medium.com/every-known-way-to-get-references-to-windows-in-javascript-223778bede2d

VS Code Todo Highlight:
https://marketplace.visualstudio.com/items?itemName=wayou.vscode-todo-highlight

VS Code:
https://code.visualstudio.com/
Episode 17: In this episode of Critical Thinking - Bug Bounty Podcast we talk with five legendary hackers about some of their favorite bugs. Live. From LA.

Corben Leo "Lorben CEO" @hacker_
Sam "ZLZ" "ZOZL" "The King" Curry @samwcyo
Frans "The Legend" Rosen @fransrosen
Jonathan "Doc" Bouman @JonathanBouman
Nagli…NagliNagli @naglinagli

Shoutout to Jonathan Bouman's Mom!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater

FOLLOW OUR LINKEDIN ACCOUNT FOR NAGLI:
https://www.linkedin.com/company/ctbbpodcast

Sam Curry's shoutout - Ian Carrol's Seats.Aero: 
https://seats.aero/
Episode 16: In this episode of Critical Thinking - Bug Bounty Podcast we talk about the hacker's toolkit. Joel and Justin talk about their VPS setup, go-to hacking tools, most often used Linux commands, and the ways they duct tape all of these together for the big hacks.

------ Links ------

Follow your hosts Rhynorater & Teknogeek on Twitter:
https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater

Our Boi @rez0__ Dropping Some AI Hackz:
https://twitter.com/rez0__/status/1648685943539245056?s=20

LiveOverflow Prompt Injection:
https://www.youtube.com/watch?v=Sv5OLj2nVAQ

Joel's Private Network Solution:
https://www.zerotier.com/

Stok & Tomnomnom on Vim/Bash:
https://www.youtube.com/watch?v=l8iXMgk2nnY

Latest GhostScript RCE:
https://offsec.almond.consulting/ghostscript-cve-2023-28879.html

Intigriti CSRF Basics & Jub0b's Legendary SameSite Article:
https://twitter.com/intigriti/status/1646104705561403398
https://jub0bs.com/posts/2021-01-29-great-samesite-confusion/

Nahamcon:
http://nahamcon.com/

Pentah0wnage:
https://research.aurainfosec.io/pentest/pentah0wnage/

DNSChef:
https://github.com/iphelix/dnschef

Httpx:
https://github.com/projectdiscovery/httpx

Espanso:
https://espanso.org/

GoWitness:
https://github.com/sensepost/gowitness
Episode 15: In this episode of Critical Thinking - Bug Bounty Podcast we talk with the latest Million-Dollar bug bounty hunter: @naglinagli . He talks about his climb from $1,000 in bounties to $1,000,000, recon tips and tricks, and some bug reports that made the news and landed him the "Best Bug" award at a H1 Live Hacking event.

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater

Follow Nagli and his new startup Shockwave:
https://twitter.com/naglinaglihttps://twitter.com/shockwave_sec

HackMD Collaborative Notes:
https://hackmd.io/

Ian Carroll's Airline Miles Website:
https://seats.aero

Nagli's Tweet in ChatGPT Web Cache Deception:
https://twitter.com/naglinagli/status/1639343866313601024

Timestamps:
(00:00:00) Intro
(00:04:40) Nagli's Climb
(00:05:40) What kind of vulns do you look for?
(00:09:25) Working with other hackers
(00:10:20) Bug Bounty Hunter's Guild
(00:12:35) Shockwave product
(00:14:12) Outsourcing tool development
(00:18:46) What got you started?
(00:21:13) Manual hacking vs recon suite + LHE focus
(00:25:00) How do you take notes
(00:29:42) Biggest things that you've learned over the past 2 years
(00:31:29) How do you ingest new techniques?
(00:31:50) Collaboration
(00:37:20) Justin Ranting about "Trained Eyes"
(00:40:18) Time spent coding vs hacking
(00:45:28) Travel and spending habits
(00:54:16) Grep is Nagli's database
(00:56:20) Nagli's ChatGPT Web Cache Deception
(00:58:44) What does your alerting look like?
(01:01:50) Nagli's "Most Critical" SSRF
(01:04:30) Burp Active Scan