
Sign up to save your podcasts
Or


Episode 140: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph give an update from The Crit Research Lab, as well as some writeups on postMessage vulnerabilities, Cookie Chaos, and more.
Follow us on X at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Send us feedback at [email protected]
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater and Rez0
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord!
Get some hacker swag here!
====== This Week in Bug Bounty ======
Cross-site request forgery
HackerOne New Milestone Program
Email [email protected] for media opportunities
====== Resources ======
Exploiting Web Worker XSS with Blobs
Critical Research Lab
Rez0's Tweet
CVE-2022-21703: cross-origin request forgery against Grafana
Conversation about Forcing Quirks Mode
AI Busniess Logic & POC or GTFO
Hunting postMessage Vulnerabilities – Part 1
Hunting postMessage Vulnerabilities – Part 2
Executive Offense
Cookie Chaos: How to bypass Host and Secure cookie prefixes
====== Timestamps ======
(00:00:00) Introduction
(00:05:48) Crit Research Update
(00:13:00) Encouragement & Collaboration
(00:19:37) Cross-origin request forgery & Anthropic's web fetch
(00:29:17) Quirks Mode, AI Business Logic & POC or GTFO
(00:44:21) Hunting postMessage & Claude Code browserbase
(00:51:25) Community story, Executive Offense, & Cookie Chaos
By Justin Gardner (Rhynorater), Joseph Thacker (Rez0), & Brandyn Murtagh (gr3pme)5
5353 ratings
Episode 140: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph give an update from The Crit Research Lab, as well as some writeups on postMessage vulnerabilities, Cookie Chaos, and more.
Follow us on X at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Send us feedback at [email protected]
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater and Rez0
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord!
Get some hacker swag here!
====== This Week in Bug Bounty ======
Cross-site request forgery
HackerOne New Milestone Program
Email [email protected] for media opportunities
====== Resources ======
Exploiting Web Worker XSS with Blobs
Critical Research Lab
Rez0's Tweet
CVE-2022-21703: cross-origin request forgery against Grafana
Conversation about Forcing Quirks Mode
AI Busniess Logic & POC or GTFO
Hunting postMessage Vulnerabilities – Part 1
Hunting postMessage Vulnerabilities – Part 2
Executive Offense
Cookie Chaos: How to bypass Host and Secure cookie prefixes
====== Timestamps ======
(00:00:00) Introduction
(00:05:48) Crit Research Update
(00:13:00) Encouragement & Collaboration
(00:19:37) Cross-origin request forgery & Anthropic's web fetch
(00:29:17) Quirks Mode, AI Business Logic & POC or GTFO
(00:44:21) Hunting postMessage & Claude Code browserbase
(00:51:25) Community story, Executive Offense, & Cookie Chaos

43,923 Listeners

14,369 Listeners

188 Listeners

2,009 Listeners

3,717 Listeners

372 Listeners

1,025 Listeners

419 Listeners

8,088 Listeners

9,563 Listeners

11,987 Listeners

178 Listeners

2,665 Listeners

138 Listeners

16,492 Listeners