otr

I just want to find vulnerabilities. Having to fix them is a headache.

We spend a lot of time talking to the hackers, but today, we're dropping a goodie for the program managers! Here are our top tips for running a kickass bug bounty program. See the matrix at the end for high impact to hackers, low effort to impl. changes. blog.criticalthinkingpodcast.io/p/program-mana…

UNBELIEVABLE OS Command Injection technique!? 😱 (with @fransrosen) #bugbountytips #bugbounty #bugbounties

.@joaxcar takes proving impact to the extreme by showing that a GitLab bug could've resulted in an attacker being able to: - Trigger new and existing pipelines - Overwrite variables - Upload images for RCE - Gain full access to all CI variables - [INSERT IMAGINATION]

Neat browser behaviour gadget for cross-origin exploitation: If you know the target's full path, onhashchange can be triggered cross-origin by using window[.]open + full path + changed hash. window[.]open("//site[.]com/full/path#ourhash","targetWindow") Credit: @joaxcar

Happy Monday, hackers

This app is incentivizing children to send pictures to strangers for money, if you see it please remove it immediately! Stay safe.

Did you know you can use ffuf to fuzz multiple keywords simultaneously? Here's how you can fuzz the protocol and subdomain at the same time👇

@th3cyb3rc0p Hii

I am looking to #Connect with people who are interested in: 💫 Bug Bounty VAPT Security Consulting Red Teaming CTF #LetsConnect #cybersecurity #connection

@ADITYASHENDE17 ATO via XSS

Whats the last vulnerability you reported ?

@Rhynorater @0xteknogeek Nice! Critical Thinkers meetup?

Hyyype! @0xteknogeek and I are gonna be there dropping some bb 🔥 so swing by if you're at DEFCON!

Can I just say @PaulosYibelo has been dropping some bangers lately. We'll mention them on the pod this upcoming Thursday, but both of these client-side techniques are really innovative and sick: paulosyibelo.com/2024/02/cross-… octagon.net/blog/2022/05/2…

I forgot how constricting Synack LP+ is after spending some time on HackerOne. I don't understand why a VPN isn't sufficient. #bugbounty

Whenever @avlidienbrunn comes on the pod, we always walk away with some gold. For episode 68, Mathias drops some 0-days in HTMX and a gadget on cloudflare based networks which will help exploit GET or POST based CSPT and SSRF! ctbb.show/68

Live hack-along starting in 40 minutes in the CTBB Discord (ctbb.show/discord) for the Critical Thinkers subscription tier!

Can't wait for the the live hack-along session happening tomorrow on the @ctbbpodcast Discord channel🔥

@Bugcrowd Live passive crawl and Live audit are enabled by default and set to All Traffic. You may want to disable this or change it to scope only. I find them noisy and unnecessary. Be intentional about your scans/crawls.

What's your top tip for those setting up Burp Suite for the first time?

Caido Pets is now publicly available via @bebiksior's EvenBetterExtensions. My suite of plugins is called The Primate Pack. I'll be releasing more features under this plugin in the future. 😄 @CaidoIO github.com/bebiksior/Even… github.com/projectmonke/P… #bugbounty #bugbountytips

Another gold episode youtu.be/mFC0G4oBlIY?si…. Check it out BBP program managers! @ctbbpodcast