Episode 36: Bug Bounty Ethics & CT Exclusive Bug Reports

Episode 36: In this episode of Critical Thinking - Bug Bounty Podcast, Justin and Joel take a break from LHE prep to answer questions about the ethics of bug bounty and share their recent bug finds. We talk Iframes, mobile intercept proxies, open redirects, and that time Justin got shot at…Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterTimeshifter:https://www.timeshifter.com/Tweet about Google Open Redirecthttps://twitter.com/Rhynorater/status/1697357773690818844 Tweet about XSS Exploitation https://twitter.com/Rhynorater/status/1698059391700701424 Request Minimizerhttps://portswigger.net/bappstore/cc16f37549ff416b990d4312490f5fd1Timestamps:(00:00:00) Introduction(00:02:45) Hacker One LHE Preview(00:05:40) Is Bug Bounty Inherently Ethical(00:19:25) Ethics of Going out of scope(00:27:56) Justin’s story of getting shot at(00:30:22) Setting up a mobile intercept proxy(00:33:40) How to approach a new target(00:40:30) Google Open Redirect(00:43:35) Recent XSS Exploitation(00:46:28) ATO Trick(00:50:25) Joel’s Bug Report(00:55:40) Justin’s Bug Report