使用Player FM应用程序离线!
Episode 45: The OG Bug Bounty King - Frans Rosen
Manage episode 384110018 series 3435922
Episode 45: In this episode of Critical Thinking - Bug Bounty Podcast, we're thrilled to welcome Frans Rosén, an OG bug bounty hunter and co-founder of Detectify. We kick off with Frans sharing his journey bug bounty and security startups, before diving headfirst into a host of his blog posts. We also cover the value of pseudo-code for bug exploitation, understanding developer terminology, the challenges of collaboration and delegating tasks, and balancing hacking with parenting. If you're interested in bug bounty or entrepreneurship, you won't want to miss it!
Follow us on twitter at: @ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
------ Ways to Support CTBBPodcast ------
Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.
Join our Discord!
Today's Guest:
https://twitter.com/fransrosen
Discovering s3 subdomain takeovers
A deep dive into AWS S3 access controls
Attacking Modern Web Technologies
Account hijacking using Dirty Dancing in sign-in OAuth flows
Timestamps:
(00:00:00) Introduction
(00:04:50) Franz Rosen's Bug Bounty Journey and the creation of Detectify
(00:13:30) Benefits of pseudo-code, typing, and thinking like a developer
(00:20:20) Hunter Methodologies
(00:35:40) Time on targets, Iteration vs. Ideation, and tips for standing out
(00:51:10) S3 subdomain takeovers
(01:05:02) Blog posting and hosting motivations
(01:13:30) Detectify and entrepreneurial endeavors
(01:29:50) Attacking Modern Web Technologies
(01:46:00) postMessage and MessagePort
(01:58:09) Live Hacking and Collaboration
(02:13:50) Account Hijacking and OAuth Flows
(02:28:48) Hacking/Parenting
93集单集
Manage episode 384110018 series 3435922
Episode 45: In this episode of Critical Thinking - Bug Bounty Podcast, we're thrilled to welcome Frans Rosén, an OG bug bounty hunter and co-founder of Detectify. We kick off with Frans sharing his journey bug bounty and security startups, before diving headfirst into a host of his blog posts. We also cover the value of pseudo-code for bug exploitation, understanding developer terminology, the challenges of collaboration and delegating tasks, and balancing hacking with parenting. If you're interested in bug bounty or entrepreneurship, you won't want to miss it!
Follow us on twitter at: @ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
------ Ways to Support CTBBPodcast ------
Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.
Join our Discord!
Today's Guest:
https://twitter.com/fransrosen
Discovering s3 subdomain takeovers
A deep dive into AWS S3 access controls
Attacking Modern Web Technologies
Account hijacking using Dirty Dancing in sign-in OAuth flows
Timestamps:
(00:00:00) Introduction
(00:04:50) Franz Rosen's Bug Bounty Journey and the creation of Detectify
(00:13:30) Benefits of pseudo-code, typing, and thinking like a developer
(00:20:20) Hunter Methodologies
(00:35:40) Time on targets, Iteration vs. Ideation, and tips for standing out
(00:51:10) S3 subdomain takeovers
(01:05:02) Blog posting and hosting motivations
(01:13:30) Detectify and entrepreneurial endeavors
(01:29:50) Attacking Modern Web Technologies
(01:46:00) postMessage and MessagePort
(01:58:09) Live Hacking and Collaboration
(02:13:50) Account Hijacking and OAuth Flows
(02:28:48) Hacking/Parenting
93集单集
Tüm bölümler
×欢迎使用Player FM
Player FM正在网上搜索高质量的播客,以便您现在享受。它是最好的播客应用程序,适用于安卓、iPhone和网络。注册以跨设备同步订阅。