Sign up to save your podcasts
Or
Share Episode 21: Chill Chat with Legendary DoD Hacker Corben Leo
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 21: Chill Chat with Legendary DoD Hacker Corben Leo
In this episode of Critical Thinking - Bug Bounty Podcast, we chat with Corben Leo about his journey in bug bounty hunting and ethical hacking. We discuss the state of DNS rebinding in 2023, a Twitter thread by Douglas Day (@ArchAngelDDay) on one-hundred bug bounty rules, and our own unique approaches to bug hunting. We also discuss Corben's recon-focused bug hunting methodology and how he developed it. Don't miss this episode filled with valuable tips, insights, and Corben's Boring Mattress Company.
Follow us on twitter at: @ctbbpodcast
Get on our newsletter for some exclusive content: https://www.criticalthinkingpodcast.io/subscribe
We're new to this podcasting thing, so feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
Today’s Guest:
https://twitter.com/hacker_
Article on the State of DNS Rebinding in 2023:
https://research.nccgroup.com/2023/04/27/state-of-dns-rebinding-in-2023/
See @ArchAngelDDay's twitter thread about 100 bug bounty rules:
https://twitter.com/ArchAngelDDay/status/1661924038875435008
Talkback - Cybersecurity news aggregator:
https://talkback.sh/
PyPI announces mandatory 2FA:
https://www.bleepingcomputer.com/news/security/pypi-announces-mandatory-use-of-2fa-for-all-software-publishers/
Timestamps:
(00:00:00) Introduction
(01:05) State of DNS rebinding in 2023
(04:40) 100 Bug Bounty Rules by @ArchAngelDDay
(05:30) Give yourself a ‘no bug’ limit
(07:00) The value of reporting Low and Medium Bugs for Bug Bounty Programs
(11:15) Reporting Out of Scope Bugs
(14:30) Reporting IDORs as Access Control Bugs
(17:28) Talkback
(18:12) PyPI's mandatory 2FA implementation for software publishers
(Start of main content)
(20:07) Starting out in bug bounty/ethical hacking
(25:00) Hacking methodology and mentorship
(28:15) Identifying Load Balancers
(33:20) Triage and live events:
(38:30) College and Computer Science vs. Cybersecurity
(45:45) Importance of writing for the Hacker Community
(51:21) Storytelling and report writing.
(55:00) When to stop doing recon and start hacking
(01:00:58) Lessons Learned from BreachlessAI and the pivot to Boring Mattress Co.
View all episodes
By Justin Gardner (Rhynorater) & Joseph Thacker (Rez0)
5
5353 ratings
In this episode of Critical Thinking - Bug Bounty Podcast, we chat with Corben Leo about his journey in bug bounty hunting and ethical hacking. We discuss the state of DNS rebinding in 2023, a Twitter thread by Douglas Day (@ArchAngelDDay) on one-hundred bug bounty rules, and our own unique approaches to bug hunting. We also discuss Corben's recon-focused bug hunting methodology and how he developed it. Don't miss this episode filled with valuable tips, insights, and Corben's Boring Mattress Company.
Follow us on twitter at: @ctbbpodcast
Get on our newsletter for some exclusive content: https://www.criticalthinkingpodcast.io/subscribe
We're new to this podcasting thing, so feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
Today’s Guest:
https://twitter.com/hacker_
Article on the State of DNS Rebinding in 2023:
https://research.nccgroup.com/2023/04/27/state-of-dns-rebinding-in-2023/
See @ArchAngelDDay's twitter thread about 100 bug bounty rules:
https://twitter.com/ArchAngelDDay/status/1661924038875435008
Talkback - Cybersecurity news aggregator:
https://talkback.sh/
PyPI announces mandatory 2FA:
https://www.bleepingcomputer.com/news/security/pypi-announces-mandatory-use-of-2fa-for-all-software-publishers/
Timestamps:
(00:00:00) Introduction
(01:05) State of DNS rebinding in 2023
(04:40) 100 Bug Bounty Rules by @ArchAngelDDay
(05:30) Give yourself a ‘no bug’ limit
(07:00) The value of reporting Low and Medium Bugs for Bug Bounty Programs
(11:15) Reporting Out of Scope Bugs
(14:30) Reporting IDORs as Access Control Bugs
(17:28) Talkback
(18:12) PyPI's mandatory 2FA implementation for software publishers
(Start of main content)
(20:07) Starting out in bug bounty/ethical hacking
(25:00) Hacking methodology and mentorship
(28:15) Identifying Load Balancers
(33:20) Triage and live events:
(38:30) College and Computer Science vs. Cybersecurity
(45:45) Importance of writing for the Hacker Community
(51:21) Storytelling and report writing.
(55:00) When to stop doing recon and start hacking
(01:00:58) Lessons Learned from BreachlessAI and the pivot to Boring Mattress Co.
More shows like Critical Thinking - Bug Bounty Podcast
View all
Hacked
184 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
369 Listeners
Risky Business
374 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
637 Listeners
CyberWire Daily
1,016 Listeners
Smashing Security
322 Listeners
Click Here
416 Listeners
Darknet Diaries
8,000 Listeners
Cybersecurity Today
175 Listeners
Hacking Humans
314 Listeners
CISO Series Podcast
188 Listeners
Defense in Depth
73 Listeners
Bug Bounty Reports Discussed
4 Listeners
Risky Bulletin
44 Listeners
Hacker And The Fed
168 Listeners