Offline dengan aplikasi Player FM !
Episode 88: News, Tools, and Writeups
Manage episode 439513696 series 3435922
Episode 88: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel tackle a whole slate of new research including a new cheat sheet for URL validation bypass from Portswigger, the introduction of Sanic DNS as a high-speed DNS resolver, xsstools, and the Dockerization of Orange Confusion Attacks.
Follow us on twitter at: @ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Find the Hackernotes: https://blog.criticalthinkingpodcast.io/
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
------ Ways to Support CTBBPodcast ------
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Shop our new swag store at ctbb.show/swag
Resources
URL Validation Bypass cheat sheet
Bypassing browser tracking protection
DOM Clobbering
And
https://domclob.xyz/domc_payload_generator/
Timestamps:
(00:00:00) Introduction
(00:02:00) URL validation bypass
(00:07:41) SanicDNS and Orange confusion attacks
(00:20:06) WordPress GiveWP POP to RCE
(00:31:29) Xsstools
(00:43:56) Bypassing browser tracking protection
(00:52:06) DOM Clobbering and mixing up your approach
92 episode
Manage episode 439513696 series 3435922
Episode 88: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel tackle a whole slate of new research including a new cheat sheet for URL validation bypass from Portswigger, the introduction of Sanic DNS as a high-speed DNS resolver, xsstools, and the Dockerization of Orange Confusion Attacks.
Follow us on twitter at: @ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Find the Hackernotes: https://blog.criticalthinkingpodcast.io/
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
------ Ways to Support CTBBPodcast ------
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Shop our new swag store at ctbb.show/swag
Resources
URL Validation Bypass cheat sheet
Bypassing browser tracking protection
DOM Clobbering
And
https://domclob.xyz/domc_payload_generator/
Timestamps:
(00:00:00) Introduction
(00:02:00) URL validation bypass
(00:07:41) SanicDNS and Orange confusion attacks
(00:20:06) WordPress GiveWP POP to RCE
(00:31:29) Xsstools
(00:43:56) Bypassing browser tracking protection
(00:52:06) DOM Clobbering and mixing up your approach
92 episode
Semua episode
×Selamat datang di Player FM!
Player FM memindai web untuk mencari podcast berkualitas tinggi untuk Anda nikmati saat ini. Ini adalah aplikasi podcast terbaik dan bekerja untuk Android, iPhone, dan web. Daftar untuk menyinkronkan langganan di seluruh perangkat.