Podbean logo
  • Discover
  • Podcast Features
    • Podcast Hosting

      Start your podcast with all the features you need.
    • Podbean AI Podbean AI

      AI-Enhanced Audio Quality and Content Generation.
    • Blog to Podcast

      Repurpose your blog into an engaging podcast.
    • Video to Podcast

      Convert YouTube playlists to podcasts, videos to audios.
  • Monetization
    • Ads Marketplace

      Join Ads Marketplace to earn through podcast sponsorships.
    • PodAds

      Manage your ads with dynamic ad insertion capability.
    • Apple Podcasts Subscriptions Integration

      Monetize with Apple Podcasts Subscriptions via Podbean.
    • Live Streaming

      Earn rewards and recurring income from Fan Club membership.
  • Podbean App
    • Podcast Studio

      Easy-to-use audio recorder app.
    • Podcast App

      The best podcast player & podcast app.
  • Help and Support
    • Help Center

      Get the answers and support you need.
    • Podbean Academy

      Resources and guides to launch, grow, and monetize podcast.
    • Podbean Blog

      Stay updated with the latest podcasting tips and trends.
    • What’s New

      Check out our newest and recently released features!
    • Podcasting Smarter

      Podcast interviews, best practices, and helpful tips.
  • Popular Topics
    • How to Start a Podcast

      The step-by-step guide to start your own podcast.
    • How to Start a Live Podcast

      Create the best live podcast and engage your audience.
    • How to Monetize a Podcast

      Tips on making the decision to monetize your podcast.
    • How to Promote Your Podcast

      The best ways to get more eyes and ears on your podcast.

    • Podcast Advertising 101

      Everything you need to know about podcast advertising.
    • Mobile Podcast Recording Guide

      The ultimate guide to recording a podcast on your phone.
    • How to Use Group Recording

      Steps to set up and use group recording in the Podbean app.
  • All Arts Business Comedy Education
  • Fiction Government Health & Fitness History Kids & Family
  • Leisure Music News Religion & Spirituality Science
  • Society & Culture Sports Technology True Crime TV & Film
  • Live
  • How to Start a Podcast
  • How to Start a Live Podcast
  • How to Monetize a podcast
  • How to Promote Your Podcast
  • How to Use Group Recording
  • Log in
  • Start your podcast for free
  • Podcasting
    • Podcast Features
      • Podcast Hosting

        Start your podcast with all the features you need.
      • Podbean AI Podbean AI

        AI-Enhanced Audio Quality and Content Generation.
      • Blog to Podcast

        Repurpose your blog into an engaging podcast.
      • Video to Podcast

        Convert YouTube playlists to podcasts, videos to audios.
    • Monetization
      • Ads Marketplace

        Join Ads Marketplace to earn through podcast sponsorships.
      • PodAds

        Manage your ads with dynamic ad insertion capability.
      • Apple Podcasts Subscriptions Integration

        Monetize with Apple Podcasts Subscriptions via Podbean.
      • Live Streaming

        Earn rewards and recurring income from Fan Club membership.
    • Podbean App
      • Podcast Studio

        Easy-to-use audio recorder app.
      • Podcast App

        The best podcast player & podcast app.
  • Advertisers
  • Enterprise
  • Pricing
  • Resources
    • Help and Support
      • Help Center

        Get the answers and support you need.
      • Podbean Academy

        Resources and guides to launch, grow, and monetize podcast.
      • Podbean Blog

        Stay updated with the latest podcasting tips and trends.
      • What’s New

        Check out our newest and recently released features!
      • Podcasting Smarter

        Podcast interviews, best practices, and helpful tips.
    • Popular Topics
      • How to Start a Podcast

        The step-by-step guide to start your own podcast.
      • How to Start a Live Podcast

        Create the best live podcast and engage your audience.
      • How to Monetize a Podcast

        Tips on making the decision to monetize your podcast.
      • How to Promote Your Podcast

        The best ways to get more eyes and ears on your podcast.

      • Podcast Advertising 101

        Everything you need to know about podcast advertising.
      • Mobile Podcast Recording Guide

        The ultimate guide to recording a podcast on your phone.
      • How to Use Group Recording

        Steps to set up and use group recording in the Podbean app.
  • Discover
    • Log in
    Sign up free
Critical Thinking - Bug Bounty Podcast

Critical Thinking - Bug Bounty Podcast

Technology

Episode 39: The Art of Architectures

Episode 39: The Art of Architectures

2023-10-05
Download Right click and do "save link as"

Episode 39: In this episode of Critical Thinking - Bug Bounty Podcast, We're catching up on news, including new override updates from Chrome, GPT-4, SAML presentations, and even a shoutout from Live Overflow! Then we get busy laying the groundwork on a discussion of web architecture. better get started on this one, cause we're going to need a part two!

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

CT shoutout from Live Overflow

https://www.youtube.com/watch?v=3zShGLEqDn8

Chrome Override updates

https://developer.chrome.com/blog/new-in-devtools-117/#overrides

GPT-4/AI Prompt Injection

https://x.com/rez0__/status/1706334160569213343?s=20 & https://x.com/evrnyalcin/status/1707298475216425400?s=20

Caido Releases Pro free for students

https://twitter.com/CaidoIO/status/1707099640846250433

Or, use code ctbbpodcast for 10% of the subscription price

Aleksei Tiurin on SAML hacking

https://twitter.com/antyurin/status/1704906212913951187

Account Takeover on Tesla

https://medium.com/@evan.connelly/post-account-takeover-account-takeover-of-internal-tesla-accounts-bc720603e67d

Joseph

https://portswigger.net/bappstore/82d6c60490b540369d6d5d01822bdf61

Cookie Monster

https://github.com/iangcarroll/cookiemonster

HTMX

https://htmx.org/

Timestamps:

(00:00:00) Introduction

(00:04:40) Shoutout from Live Overflow

(00:06:40) Chrome Overrides update

(00:08:48) GPT-4V and AI Prompt Injection

(00:14:35) Caido Promos

(00:15:40) SAML Vulns

(00:17:55) Account takeover on Tesla, and auth token from one context in a different context

(00:24:30) Testing for vulnerabilities in JWT-based authentication

(00:28:07) Web Architectures

(00:32:49) Single page apps + a rest API

(00:45:20) XSS vulnerabilities in single page apps

(00:49:00) Direct endpoint architecture

(00:55:50) Content Enumeration

(01:02:23) gRPC & Protobuf

(01:06:08) Microservices and Reverse Proxy

(01:12:10) Request Smuggling/Parameter Injections

view more

More Episodes

Episode 102: Building Web Hacking Micro Agents with Jason Haddix
2024-12-19
Episode 101: CTBB Hijacked: Rez0__ on AI Attack Vectors with Johann Rehberger
2024-12-12
Ep 100 - 8 Fav Bugs of 2024, Farewell Joel, Hello Shift - Cursor of Hacking
2024-12-05
Episode 99: Back to the Basics - Web Fundamental to 100k a Year in Bug Bounty
2024-11-28
Episode 98: Team 82 Sharon Brizinov - The Live Hacking Polymath
2024-11-21
Episode 97: Bcrypt Hash Input Truncation & Mobile Device Threat Modeling
2024-11-14
Episode 96: Cookies & Caching with MatanBer
2024-11-07
Episode 95: Attacking Chrome Extensions with MatanBer - Big Impact on the Client-Side
2024-10-31
Episode 94: Zendesk Fiasco & the CTBB Naughty List
2024-10-24
Episode 93: A Chat with Dr. Bouman - Life as a Hacker and a Doctor
2024-10-17
Episode 92 - SAML XPath Confusion, Chinese DNS Poisoning, and AI Powered 403 Bypasser
2024-10-10
Episode 91: Zero to LHE in 9 Months (feat gr3pme)
2024-10-03
Episode 90: 5k Clickjacking, Encryption Oracles, and Cursor for PoCs
2024-09-26
Episode 89: The Untapped Bug Bounty Landscape of IoT w/ Matt Brown
2024-09-19
Episode 88: News, Tools, and Writeups
2024-09-12
Episode 87: 'Hacker Wife' Mariah Gardner on Bug Bounty mentality and relationships
2024-09-05
Episode 86: The X-Correlation between Frans & RCE - Research Drop
2024-08-29
Episode 85: Practical Applications of DEFCON 32 Web Research
2024-08-22
Episode 84: 0xLupin & Takeaways from Google's Las Vegas BugSwat
2024-08-15
Episode 83: Brainstorming Proxy Plugins
2024-08-08
  • ←
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • →
012345678910111213141516171819

Get this podcast on your
phone, FREE

Download Podbean app on App Store Download Podbean app on Google Play

Create your
podcast in
minutes

  • Full-featured podcast site
  • Unlimited storage and bandwidth
  • Comprehensive podcast stats
  • Distribute to Apple Podcasts, Spotify, and more
  • Make money with your podcast
Get started

It is Free

  • Podcast Services

    • Podcast Features
    • Pricing
    • Enterprise Solution
    • Private Podcast
    • The Podcast App
    • Live Stream
    • Audio Recorder
    • Remote Recording
    • Podbean AI
  •  
    • Create a Podcast
    • Video Podcast
    • Start Podcasting
    • Start Radio Talk Show
    • Education Podcast
    • Church Podcast
    • Nonprofit Podcast
    • Get Sermons Online
    • Free Audiobooks

  • MONETIZATION & MORE

    • Podcast Advertising
    • Dynamic Ads Insertion
    • Apple Podcasts Subscriptions
    • Switch to Podbean
    • YouTube to Podcast
    • Blog to Podcast
    • Submit Your Podcast
    • Podbean Plugins
    • Developers

  • KNOWLEDGE BASE

    • How to Start a Podcast
    • How to Start a Live Podcast
    • How to Monetize a Podcast
    • How to Promote Your Podcast
    • Mobile Podcast Recording Guide
    • How to Use Group Recording
    • Podcast Advertising 101

  • Support

    • Support Center
    • What’s New
    • Free Webinars
    • Podcast Events
    • Podbean Academy
    • Podcasting Smarter
    • Badges
    • Resources

  • Podbean

    • About Us
    • Podbean Blog
    • Careers
    • Press and Media
    • Green Initiative
    • Affiliate Program
    • Contact Us
  • Privacy Policy
  • Cookie Policy
  • Terms of Use
  • Consent Preferences
  • Copyright © 2015-2024 Podbean.com