Episode 49: Getting Live Hacking Event Invites & Bug Bounty Collab with Nagli

Critical Thinking - Bug Bounty Podcast - A podcast by Justin Gardner (Rhynorater) & Joel Margolis (teknogeek) - Thursdays

Categories:

Episode 49: In this episode of Critical Thinking - Bug Bounty Podcast, Justin Gardner is once again joined by Nagli to discuss some of their recent hacking discoveries. They talk about finding and exploiting a backup file in an ASP.NET app, discovering vulnerabilities through Swagger files, and debating the vulnerability of a specific ‘undisclosed’ domain. Then they reflect on 2023’s Live Hacking Event circuit, and preview what’s to come in 2024’s.This episode sponsored by Wordfence! Wordfence recently launched a game-changer of a bug bounty program with ALL WordPress plugins over 50k installs are in-scope. They are currently paying 6.25x their normal bounty amounts, and have agreed to give CT listeners a 10% bonus on top of that! If you wanna pop some crits and see those bounties roll in, head over to https://ctbb.show/wf for more info and keep an eye on the CTBB Discord for inspiration/collabs.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:------ Ways to Support CTBBPodcast ------Sign up for Caido using the referral code CTBBPODCAST for a 10% discount. Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s GuestEpisode Resources:ShockwaveWhy So SerialNew LHE Standards DroppedTimestamps:(00:00:00) Introduction(00:02:37) wwwroot .zip Hack Recap(00:13:44) Swagger File Hack Recap(00:18:27) Undisclosed URL Hack Recap(00:24:29) 2023 LHE Circut Recap(00:37:14) 2024 LHE Preview and New Standards(00:47:22) Bug Bounty Motivation