Episode 50: ­Mathias "Fall in a well" Karlsson - Bug Bounty Prophet

Episode 50: In this episode of Critical Thinking - Bug Bounty Podcast, Justin catches up with hacking master Mathias Karlsson, and talks about burnout, collaboration, and the importance of specialization. Then we dive into the technical details of MXSS and XSLT, character encoding, and give some predictions of what Bug Bounty might look like in the future…Follow us on twitter at: @ctbbpodcastSend us any feedback here: [email protected] to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:------ Ways to Support CTBBPodcast ------Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.Hop on the CTBB Discord!We also do Discord subs at $25, $10, $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Today’s GuestEpisode ResourcesHow to Differentiate Yourself as a HunterMutateMethodshackaplanetenArticle About Unicode and Character SetsByte Order Mark:Character EncodingsShapeCatcherWAF BypassBountyDashEXPLOITING HTTP'S HIDDEN ATTACK-SURFACETimestamps:(00:00:00) Introduction(00:10:06) Automation Setup and Assetnote Origins(00:16:49) Sharing Tips, and Content Creation(00:22:27) Collaboration and Optimization(00:36:44) Working at Detectify(00:51:45) Bug Bounty Burnout(00:56:15) Early Days of Bug Bounty and Future Predictions(01:19:00) Nerdsnipeability(01:29:38) MXSS and XSLT(01:54:20) Learning through being wrong(02:00:15) Go-to Vulns