Episode 60: Our Take on PortSwigger's Top 10 Web Hacking Techniques of 2023
Critical Thinking - Bug Bounty Podcast - Un pódcast de Justin Gardner (Rhynorater) & Joel Margolis (teknogeek) - Jueves
Categorías:
Episode 60: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel review the Portswigger Research list of top 10 web hacking techniques of 2023.Follow us on twitter at: @ctbbpodcastSend us any feedback here: [email protected] to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:------ Ways to Support CTBBPodcast ------Hop on the CTBB DiscordWe also do Discord subs at $25, $10, $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Resources:Top 10 web hacking techniques of 20231: Smashing the state machine8: From Akamai to F5 to NTLM3: SMTP Smuggling4: PHP filter chains(Bonus Read)5: HTTP Parsers Inconsistencies6: HTTP Request Splitting7: How I Hacked Microsoft Teams9: Cookie Crumbles(Bonus Read)10: Hacking root EPP servers to take control of zonesTimestamps:(00:00:00) Introduction(00:04:26) 1: Smashing the state machine(00:11:56) 8: From Akamai to F5 to NTLM... with love(00:17:11) 3: SMTP Smuggling(00:26:27) 4: PHP filter chains(00:36:40) 5: HTTP Parsers Inconsistencies(00:44:56) 6: HTTP Request Splitting(00:53:43) 7: How I Hacked Microsoft Teams(01:02:25) 9: Cookie Crumbles(01:11:36) 10: EPP Server Takeover