Critical Thinking - Bug Bounty Podcast
Technology
Episode 70: NahamCon and CSP Bypasses Everywhere
Episode 70: In this episode of Critical Thinking - Bug Bounty Podcast we’re once again joined by Ben Sadeghipour to talk about some Nahamcon news, as well as discuss a couple other LHE’s taking place. Then they cover CI/CD and drop some cool CSP Bypasses.
Follow us on twitter at: @ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
------ Ways to Support CTBBPodcast ------
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Today's Sponsor - Project Discovery: https://nux.gg/podcast
Today’s Guest: https://twitter.com/NahamSec
https://www.nahamcon.com/
Resources:
Depi
https://www.landh.tech/depi
Youtube CSP:
https://www.youtube.com/oembed?callback=alert()
Maps CSP:
https://maps.googleapis.com/maps/api/js?callback=alert()-print
Google APIs CSP
https://www.googleapis.com/customsearch/v1?callback=alert(1)
Google CSP
https://www.google.com/complete/search?client=chrome&q=123&jsonp=alert(1)//
CSP Bypass for opener.child.child.child.click()
https://octagon.net/blog/2022/05/29/bypass-csp-using-wordpress-by-abusing-same-origin-method-execution/
Timestamps:
(00:00:00) Introduction
(00:02:55) BSides Takeaways and hacking on Meta
(00:12:12) NahamCon News
(00:23:45) CI/CD and the launch of Depi
(00:33:29) CSP Bypasses
Create your
podcast in
minutes
It is Free