Episode 85: Practical Applications of DEFCON 32 Web Research

Episode 85: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel talk through some of the research coming out of DEFCON, mainly from the PortSwigger team. Web timing attacks, cache exploitation, and exploits related to email protocols are all featured. Plus we also talk some fun Apache hacks from Orange TsaiFollow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!------ Links ------Find the Hackernotes: https://blog.criticalthinkingpodcast.io/Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!Check out our new SWAG store at https://ctbb.show/swag!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Today’s Sponsor - ThreatLockerResourcesListen to the whispershttps://portswigger.net/research/listen-to-the-whispers-web-timing-attacks-that-actually-workSplitting the email atomhttps://portswigger.net/research/splitting-the-email-atomGotta cache 'em allhttps://portswigger.net/research/gotta-cache-em-allHTTP Gardenhttps://github.com/narfindustries/http-gardenConfusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server! https://blog.orange.tw/2024/08/confusion-attacks-en.html#%E2%9C%94%EF%B8%8F-2-2-2-Local-Gadget-to-XSSTrusted API Typeshttps://developer.mozilla.org/en-US/docs/Web/API/Trusted_Types_APIUntrusted Typeshttps://github.com/filedescriptor/untrusted-types Timestamps:(00:00:00) Introduction(00:09:45) 'Listen to the whispers'(00:30:03) 'Splitting the email atom'(00:58:42) 'Gotta cache 'em all'(01:21:03) 'Confusion Attacks'