Episode 7: PortSwigger Top 10, TruffleSecurity Drama, and More!
Critical Thinking - Bug Bounty Podcast - Un p贸dcast de Justin Gardner (Rhynorater) & Joel Margolis (teknogeek) - Jueves
Categor铆as:
Episode 7: In this episode of Critical Thinking - Bug Bounty Podcast we talk about PortSwigger's Top 10 Web Hacking Techniques of 2022 (link below), some drama surrounding TruffleSecurity's XSS Hunter, and, as always, some great bug bounty tips.Sorry if the audio is a little rough around the edges this time, should be better than ever next time.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterPortSwigger's Top 10 Web Hacking Techniques of 2022:https://portswigger.net/research/top-10-web-hacking-techniques-of-2022Ian Carroll Cookie Monster:https://github.com/iangcarroll/cookiemonsterFrans Rosen's postMessage Tracker Chrome Extension:https://github.com/fransr/postMessage-trackerNotes from Justin on postMessages:https://rhynorater.github.io/postMessage-BraindumpFrans Rosen's research on nginx misconfiguration that are similar to #6:https://blog.detectify.com/2020/11/10/common-nginx-misconfigurations/"Mount" Wycheproof 馃槀:https://github.com/google/wycheproofhttps://en.wikipedia.org/wiki/Mount_WycheproofNathan Davison - Abusing Hop-by-Hop headers:https://nathandavison.com/blog/abusing-http-hop-by-hop-request-headersAwesome example of client-side path traversal:https://erasec.be/blog/client-side-path-manipulation/Joohoi Ffuf 2.0:https://infosec.exchange/@joohoi/109806822104162973FeroxBuster:https://github.com/epi052/feroxbuster