Sign up to save your podcasts
Or
Share Episode 158: 10hr Marathon Hack-Along Recap + $300k Client-side Bugs
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 158: 10hr Marathon Hack-Along Recap + $300k Client-side Bugs
Episode 158: In this episode of Critical Thinking - Bug Bounty Podcast we talk about our personal takeaways from the CTBB Charity Hackalong, and then break down some InsertScript POCs, what a $55,000 bug can look like, and if Smart People Ever Say They’re Smart.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
https://x.com/Rhynorater
https://x.com/rez0__
https://x.com/gr3pme
Critical Research Lab:
https://lab.ctbb.show/
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today's Sponsor: Join Justin at Zero Trust World in March and get $200 off registration with Code ZTWCTBB26
https://ztw.com/
====== Resources ======
InsertScript - XSS Challenge Solution
https://insert-script.blogspot.com/2020/03/xss-challenge-solution-refresh-header.html
InsertScript - Redirect AuthHeader
https://www.insert-script.com/examples/redirectAuthHeader/send.html
CRLF injection on a 302 redirect
https://x.com/0xdef1ant/status/2009040359482118500
Multiple XSS in Meta Conversion API Gateway Leading to Zero-Click Account Takeover
https://ysamm.com/uncategorized/2025/01/13/capig-xss.html
Arcanum Hack Tips
https://github.com/Arcanum-Sec/hack_tips
Trail of Bits Releases Claude Skills
https://x.com/dguido/status/2011541318229533063
what a $55,000 bug can look like
https://x.com/the_IDORminator/status/2007480636244697237
Pwning Claude Code in 8 Different Ways
https://flatt.tech/research/posts/pwning-claude-code-in-8-different-ways/
Do Smart People Ever Say They’re Smart?
https://labs.watchtowr.com/do-smart-people-ever-say-theyre-smart-smartertools-smartermail-pre-auth-rce-cve-2025-52691/
====== Timestamps ======
(00:00:00) Introduction
(00:04:18) Technical takeaways from CT Charity Hackalong
(00:22:21) InsertScript POCs & Rez0 and teknogeek's IOT Adventures
(00:32:16) CRLF injection on a 302 redirect & Multiple XSS in Meta
(00:41:00) Trail of Bits, what a $55,000 bug can look like, & Pwning Claude Code
(00:54:16) Do Smart People Ever Say They’re Smart?
View all episodes
By Justin Gardner (Rhynorater), Joseph Thacker (Rez0), & Brandyn Murtagh (gr3pme)
5
5353 ratings
Episode 158: In this episode of Critical Thinking - Bug Bounty Podcast we talk about our personal takeaways from the CTBB Charity Hackalong, and then break down some InsertScript POCs, what a $55,000 bug can look like, and if Smart People Ever Say They’re Smart.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
https://x.com/Rhynorater
https://x.com/rez0__
https://x.com/gr3pme
Critical Research Lab:
https://lab.ctbb.show/
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today's Sponsor: Join Justin at Zero Trust World in March and get $200 off registration with Code ZTWCTBB26
https://ztw.com/
====== Resources ======
InsertScript - XSS Challenge Solution
https://insert-script.blogspot.com/2020/03/xss-challenge-solution-refresh-header.html
InsertScript - Redirect AuthHeader
https://www.insert-script.com/examples/redirectAuthHeader/send.html
CRLF injection on a 302 redirect
https://x.com/0xdef1ant/status/2009040359482118500
Multiple XSS in Meta Conversion API Gateway Leading to Zero-Click Account Takeover
https://ysamm.com/uncategorized/2025/01/13/capig-xss.html
Arcanum Hack Tips
https://github.com/Arcanum-Sec/hack_tips
Trail of Bits Releases Claude Skills
https://x.com/dguido/status/2011541318229533063
what a $55,000 bug can look like
https://x.com/the_IDORminator/status/2007480636244697237
Pwning Claude Code in 8 Different Ways
https://flatt.tech/research/posts/pwning-claude-code-in-8-different-ways/
Do Smart People Ever Say They’re Smart?
https://labs.watchtowr.com/do-smart-people-ever-say-theyre-smart-smartertools-smartermail-pre-auth-rce-cve-2025-52691/
====== Timestamps ======
(00:00:00) Introduction
(00:04:18) Technical takeaways from CT Charity Hackalong
(00:22:21) InsertScript POCs & Rez0 and teknogeek's IOT Adventures
(00:32:16) CRLF injection on a 302 redirect & Multiple XSS in Meta
(00:41:00) Trail of Bits, what a $55,000 bug can look like, & Pwning Claude Code
(00:54:16) Do Smart People Ever Say They’re Smart?
More shows like Critical Thinking - Bug Bounty Podcast
View all
Radiolab
43,953 Listeners
StarTalk Radio
14,356 Listeners
Hacked
188 Listeners
Security Now (Audio)
2,008 Listeners
The Vergecast
3,718 Listeners
Risky Business
372 Listeners
CyberWire Daily
1,025 Listeners
Click Here
417 Listeners
Darknet Diaries
8,091 Listeners
The Indicator from Planet Money
9,561 Listeners
The Jordan Harbinger Show
11,988 Listeners
Cybersecurity Today
177 Listeners
My First Million
2,667 Listeners
Cybersecurity Headlines
139 Listeners
The Ezra Klein Show
16,446 Listeners