Episode 77: Bug Bounty Mental - Practical Tips for Staying Sharp & Motivated

Critical Thinking - Bug Bounty Podcast - A podcast by Justin Gardner (Rhynorater) & Joel Margolis (teknogeek) - Thursdays

Categories:

Episode 77: In this episode of Critical Thinking - Bug Bounty Podcast Joel and Justin discuss some fresh writeups including some MongoDB injections, ORMs, and exploits in Kakao and iOS before pivoting into a conversation about staying motivated and avoiding burnout while hunting.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Resources:MongoDB NoSQL Injectionhttps://soroush.me/blog/2024/06/mongodb-nosql-injection-with-aggregation-pipelines/Mongo DB Is Web Scalehttps://www.youtube.com/watch?v=b2F-DItXtZs1-click Exploit in Kakaohttps://stulle123.github.io/posts/kakaotalk-account-takeover/Unsecure time-based secret and Sandwich Attackhttps://www.aeth.cc/public/Article-Reset-Tolkien/secret-time-based-article-en.htmlReset Tolkienhttps://github.com/AethliosIK/reset-tolkieniOS URL Scheme Hijacking Revampedhttps://evanconnelly.github.io/post/ios-oauth/PLORMBING YOUR DJANGO ORMhttps://www.elttam.com/blog/plormbing-your-django-orm/#contentTimestamps:(00:00:00) Introduction(00:02:07) MongoDB NoSQL Injection(00:12:42) 1-click Exploit in Kakao(00:33:21) Time-based secrets and Reset Tolkien(00:39:26) iOS URL Scheme Hijacking Revamped(00:51:42) ORMs(00:58:57) Community Bug Submission(01:07:45) Motivation, Mental Sharpness, and Burnout avoidance