Episode 131: In this episode of Critical Thinking - Bug Bounty Podcast we're covering Christmas in July with several banger articles from Searchlight Cyber, as well as covering things like Raycast for Windows, Third-Person prompting, and touch on the recent McDonalds Leak

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater and Rez0 on Twitter:

https://x.com/Rhynorater

https://x.com/rez0__

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today’s Sponsor is Adobe. Use code CTBBP0907 in your first report on Adobe Behance, Portfolio, Fonts or Acrobat Web, and earn a one-time 10% bonus reward!

====== Resources ======

v1 Instance Metadata Service protections bypass

Would you like an IDOR with that? Leaking 64 million McDonald’s job applications

How we got persistent XSS on every AEM cloud site, thrice

Google docs now supports export as markdown

Abusing Windows, .NET quirks, and Unicode Normalization to exploit DNN (DotNetNuke)

How I Scanned all of GitHub’s “Oops Commits” for Leaked Secrets

Bug bounty, feedback, strategy and alchemy

====== Timestamps ======

(00:00:00) Introduction

(00:05:39) Metadata Service protections bypass & Mcdonalds Leak

(00:12:30) Christmas in July with Searchlight Cyber Pt 1

(00:19:43) Export as Markdown, Raycast for Windows, & Third-Person prompting

(00:23:56) Christmas in July with Searchlight Cyber Pt 2

(00:27:39) GitHub’s “Oops Commits” for Leaked Secrets

(00:36:53) Bug bounty, feedback, strategy and alchemy