Critical Thinking - Bug Bounty Podcast

Episode 39: The Art of Architectures

Listen Later

Episode 39: In this episode of Critical Thinking - Bug Bounty Podcast, We're catching up on news, including new override updates from Chrome, GPT-4, SAML presentations, and even a shoutout from Live Overflow! Then we get busy laying the groundwork on a discussion of web architecture. better get started on this one, cause we're going to need a part two!

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: [email protected]

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

CT shoutout from Live Overflow

https://www.youtube.com/watch?v=3zShGLEqDn8

Chrome Override updates

https://developer.chrome.com/blog/new-in-devtools-117/#overrides

GPT-4/AI Prompt Injection

https://x.com/rez0__/status/1706334160569213343?s=20 & https://x.com/evrnyalcin/status/1707298475216425400?s=20

Caido Releases Pro free for students

https://twitter.com/CaidoIO/status/1707099640846250433

Or, use code ctbbpodcast for 10% of the subscription price

Aleksei Tiurin on SAML hacking

https://twitter.com/antyurin/status/1704906212913951187

Account Takeover on Tesla

https://medium.com/@evan.connelly/post-account-takeover-account-takeover-of-internal-tesla-accounts-bc720603e67d

Joseph

https://portswigger.net/bappstore/82d6c60490b540369d6d5d01822bdf61

Cookie Monster

https://github.com/iangcarroll/cookiemonster

HTMX

https://htmx.org/

Timestamps:

(00:00:00) Introduction

(00:04:40) Shoutout from Live Overflow

(00:06:40) Chrome Overrides update

(00:08:48) GPT-4V and AI Prompt Injection

(00:14:35) Caido Promos

(00:15:40) SAML Vulns

(00:17:55) Account takeover on Tesla, and auth token from one context in a different context

(00:24:30) Testing for vulnerabilities in JWT-based authentication

(00:28:07) Web Architectures

(00:32:49) Single page apps + a rest API

(00:45:20) XSS vulnerabilities in single page apps

(00:49:00) Direct endpoint architecture

(00:55:50) Content Enumeration

(01:02:23) gRPC & Protobuf

(01:06:08) Microservices and Reverse Proxy

(01:12:10) Request Smuggling/Parameter Injections

...more
View all episodesView all episodes
Download on the App Store
Critical Thinking - Bug Bounty PodcastBy Justin Gardner (Rhynorater) & Joseph Thacker (Rez0)
  • 5
  • 5
  • 5
  • 5
  • 5

5

51 ratings

More shows like Critical Thinking - Bug Bounty Podcast

View all
Risky Business by Patrick Gray

Risky Business

360 Listeners

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

627 Listeners

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

367 Listeners

Hacked by Hacked

Hacked

179 Listeners

CyberWire Daily by N2K Networks

CyberWire Daily

1,006 Listeners

Smashing Security by Graham Cluley & Carole Theriault

Smashing Security

310 Listeners

Click Here by Recorded Future News

Click Here

406 Listeners

Malicious Life by Malicious Life

Malicious Life

927 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

7,873 Listeners

Cybersecurity Today by Jim Love

Cybersecurity Today

167 Listeners

Hacking Humans by N2K Networks

Hacking Humans

314 Listeners

Defense in Depth by David Spark, Steve Zalewski, Geoff Belknap

Defense in Depth

74 Listeners

Cyber Security Headlines by CISO Series

Cyber Security Headlines

127 Listeners

Bug Bounty Reports Discussed by Grzegorz Niedziela

Bug Bounty Reports Discussed

4 Listeners

Hacker And The Fed by Chris Tarbell & Hector Monsegur

Hacker And The Fed

158 Listeners