انتقل إلى وضع عدم الاتصال باستخدام تطبيق Player FM !
Episode 107: Bypassing Cross-Origin Browser Headers
Manage episode 462674806 series 3435922
Episode 107: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph are tackling the subject of cross-origin security headers. They also cover some news items including Google’s OAuth login flaw, RAINK, and gift card hacking.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to https://x.com/realytcracker for the awesome intro music!
====== Links ======
Follow your hosts on Twitter:
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today’s Sponsor - ThreatLocker. Check out their Managed Detection and Response! https://www.criticalthinkingpodcast.io/tl-mdr
====== Resources ======
A Proud Dad's Tale of Two Bug Hunting Daughters and Their Responsible Disclosures
Top 10 web hacking techniques of 2024
Cross-Origin-Opener-Policy: preventing attacks from popups
====== Timestamps ======
(00:00:00) Introduction
(00:05:13) Hacking with your kids
(00:09:46) H1/bc pentests
(00:12:23) Google’s OAuth login flaw
(00:18:01) Raink & Rez0's AI tweets
(00:28:46) Giftcard hacking & Portswigger top 10 voting
(00:34:23) Cross Origin Web Headers
110 حلقات
Manage episode 462674806 series 3435922
Episode 107: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph are tackling the subject of cross-origin security headers. They also cover some news items including Google’s OAuth login flaw, RAINK, and gift card hacking.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to https://x.com/realytcracker for the awesome intro music!
====== Links ======
Follow your hosts on Twitter:
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today’s Sponsor - ThreatLocker. Check out their Managed Detection and Response! https://www.criticalthinkingpodcast.io/tl-mdr
====== Resources ======
A Proud Dad's Tale of Two Bug Hunting Daughters and Their Responsible Disclosures
Top 10 web hacking techniques of 2024
Cross-Origin-Opener-Policy: preventing attacks from popups
====== Timestamps ======
(00:00:00) Introduction
(00:05:13) Hacking with your kids
(00:09:46) H1/bc pentests
(00:12:23) Google’s OAuth login flaw
(00:18:01) Raink & Rez0's AI tweets
(00:28:46) Giftcard hacking & Portswigger top 10 voting
(00:34:23) Cross Origin Web Headers
110 حلقات
كل الحلقات
×مرحبًا بك في مشغل أف ام!
يقوم برنامج مشغل أف أم بمسح الويب للحصول على بودكاست عالية الجودة لتستمتع بها الآن. إنه أفضل تطبيق بودكاست ويعمل على أجهزة اندرويد والأيفون والويب. قم بالتسجيل لمزامنة الاشتراكات عبر الأجهزة.