Player FM ऐप के साथ ऑफ़लाइन जाएं!
Episode 75: *Rerun* of The OG Bug Bounty King - Frans Rosen
Manage episode 423360018 series 3435922
Episode 75: In this episode of Critical Thinking - Bug Bounty Podcast, Justin and Joel are sick, So instead of a new full episode, we're going back 30 episodes to review.
Follow us on twitter at: @ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
------ Ways to Support CTBBPodcast ------
Hop on the CTBB Discord at https://ctbb.show/discord!
Today's Guest: https://twitter.com/fransrosen
Discovering s3 subdomain takeovers
https://labs.detectify.com/writeups/hostile-subdomain-takeover-using-heroku-github-desk-more/
https://gist.github.com/fransr/a155e5bd7ab11c93923ec8ce788e3368
A deep dive into AWS S3 access controls
Attacking Modern Web Technologies
Account hijacking using Dirty Dancing in sign-in OAuth flows
Timestamps:
(00:00:00) Introduction
(00:11:41) Franz Rosen's Bug Bounty Journey and Detectify
(00:20:21) Pseudo-code, typing, and thinking like a dev
(00:27:11) Hunter Methodologies and automationists
(00:42:31) Time on targets, Iteration vs. Ideation
(00:58:01) S3 subdomain takeovers
(01:11:53) Blog posting and hosting motivations
(01:20:21) Detectify and entrepreneurial endeavors
(01:36:41) Attacking Modern Web Technologies
(01:52:51) postMessage and MessagePort
(02:05:00) Live Hacking and Collaboration
(02:20:41) Account Hijacking and OAuth Flows
(02:35:39) Hacking + Parenthood
76 एपिसोडस
Manage episode 423360018 series 3435922
Episode 75: In this episode of Critical Thinking - Bug Bounty Podcast, Justin and Joel are sick, So instead of a new full episode, we're going back 30 episodes to review.
Follow us on twitter at: @ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
------ Ways to Support CTBBPodcast ------
Hop on the CTBB Discord at https://ctbb.show/discord!
Today's Guest: https://twitter.com/fransrosen
Discovering s3 subdomain takeovers
https://labs.detectify.com/writeups/hostile-subdomain-takeover-using-heroku-github-desk-more/
https://gist.github.com/fransr/a155e5bd7ab11c93923ec8ce788e3368
A deep dive into AWS S3 access controls
Attacking Modern Web Technologies
Account hijacking using Dirty Dancing in sign-in OAuth flows
Timestamps:
(00:00:00) Introduction
(00:11:41) Franz Rosen's Bug Bounty Journey and Detectify
(00:20:21) Pseudo-code, typing, and thinking like a dev
(00:27:11) Hunter Methodologies and automationists
(00:42:31) Time on targets, Iteration vs. Ideation
(00:58:01) S3 subdomain takeovers
(01:11:53) Blog posting and hosting motivations
(01:20:21) Detectify and entrepreneurial endeavors
(01:36:41) Attacking Modern Web Technologies
(01:52:51) postMessage and MessagePort
(02:05:00) Live Hacking and Collaboration
(02:20:41) Account Hijacking and OAuth Flows
(02:35:39) Hacking + Parenthood
76 एपिसोडस
Kaikki jaksot
×प्लेयर एफएम में आपका स्वागत है!
प्लेयर एफएम वेब को स्कैन कर रहा है उच्च गुणवत्ता वाले पॉडकास्ट आप के आनंद लेंने के लिए अभी। यह सबसे अच्छा पॉडकास्ट एप्प है और यह Android, iPhone और वेब पर काम करता है। उपकरणों में सदस्यता को सिंक करने के लिए साइनअप करें।