【Episode 14】

Speakers

• morioka12 (⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@scgajge12⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠)
• mokusou (⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@Mokusou4⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠)
• RyotaK (⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@ryotkak⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠)

Summary (Linkのみ)

• [大テーマ] 最近の取り組みについて

• Burp Suite Extension "Autorize"
• - https://github.com/Quitten/Autorize/
• Web Security Auditing Toolkit "Caido"
• - https://caido.io/
• Caido Plugin "CaidoReflector"
• - https://github.com/bebiksior/CaidoReflector
• Caido Plugin "ui-kit"
• - https://x.com/caidoio/status/1904542918641160441
• Caido Plugin "devtools"
• - https://github.com/caido-community/devtools
• Caido Plugin "ParamFinder"
• - https://github.com/bebiksior/ParamFinder
• Caido Plugin "Shift"
• - https://shiftplugin.com/
• HTTPS Proxy "mitmproxy"
• - https://mitmproxy.org/
• - https://github.com/mitmproxy/mitmproxy
• SECCON CTF 13 Finals "not-that-short Challenge": creator RyotaK
• - https://x.com/ryotkak/status/1897299540598006249
• Critical Thinking - Bug Bounty Podcast "Ep 115": guest mokusou
• - https://youtu.be/zELFGXP6oeA
• P3NFST 2025 Winter "開催レポート"
• - https://issuehunt.jp/events/2025/winter/news/thanks
• P3NFEST 2025 Winte "コードから探す脆弱性": by RyotaK
• - https://ryotak.net/slides/?id=1
• セキュリティ診断AIエージェント "Takumi"
• - https://flatt.tech/takumi
• CVE-2025-29768 "potential data loss with zip.vim and special crafted zip files"
• - https://github.com/vim/vim/security/advisories/GHSA-693p-m996-3rmf
• CVE-2025-27423 "potential code execution with tar.vim and special crafted tar files"
• - https://github.com/vim/vim/security/advisories/GHSA-wfmf-8626-q3r3
• 語学アプリ "Duolingo"
• - https://www.duolingo.com/
• P3NFEST 2025 Winte "実践的なバグバウンティ入門(2025年版)"
• - https://speakerdeck.com/scgajge12/shi-jian-de-nabagubaunteiru-men-2025nian-ban
• セキュリティ若手の会 "第2回 LT&交流会 開催記ブログ"
• - https://zenn.dev/sec_wakate/articles/3891a59ab0b4fb
• [中テーマ] トレンドの出来事や脆弱性についてなど
• CVE-2025-29927 "Authorization Bypass in Next.js Middleware"
• - https://github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw
• Next.js and the corrupt middleware: the authorizing artifact
• - https://zhero-web-sec.github.io/research-and-things/nextjs-and-the-corrupt-middleware
• One PUT Request to Own Tomcat: CVE-2025-24813 RCE is in the Wild
• - https://lab.wallarm.com/one-put-request-to-own-tomcat-cve-2025-24813-rce-is-in-the-wild/
• IngressNightmare: 9.8 Critical Unauthenticated Remote Code Execution Vulnerabilities in Ingress NGINX
• - https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities
• HackerOne "Hai"
• - https://x.com/jobertabma/status/1904947501649830366
• Bug Bounty Village CFP
• - https://x.com/BugBountyDEFCON/status/1902853396257710489

• [Q&A] なし

Web Page

• ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://bugbountyjppodcast.notion.site/Bug-Bounty-JP-Podcast-8bf1080383a54c4a8848f10bfeb874b3?pvs=4⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Survery

• ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://forms.gle/wkr2jkc3m9o8NhPk7⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

BBJP_Podcast で話して欲しいテーマや聞きたいことなどを Google Form で募集しています。

感想も X(Twitter)でハッシュタグ「#BBJP_Podcast」や Google Formでいただけると嬉しいです。