使用Player FM应用程序离线!
Episode 85: Practical Applications of DEFCON 32 Web Research
Manage episode 435542505 series 3435922
Episode 85: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel talk through some of the research coming out of DEFCON, mainly from the PortSwigger team. Web timing attacks, cache exploitation, and exploits related to email protocols are all featured. Plus we also talk some fun Apache hacks from Orange Tsai
Follow us on twitter at: @ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Find the Hackernotes: https://blog.criticalthinkingpodcast.io/
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
------ Ways to Support CTBBPodcast ------
Hop on the CTBB Discord at https://ctbb.show/discord!
Check out our new SWAG store at https://ctbb.show/swag!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Today’s Sponsor - ThreatLocker
Resources
Listen to the whispers
https://portswigger.net/research/listen-to-the-whispers-web-timing-attacks-that-actually-work
Splitting the email atom
https://portswigger.net/research/splitting-the-email-atom
Gotta cache 'em all
https://portswigger.net/research/gotta-cache-em-all
HTTP Garden
https://github.com/narfindustries/http-garden
Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!
Trusted API Types
https://developer.mozilla.org/en-US/docs/Web/API/Trusted_Types_API
Untrusted Types
https://github.com/filedescriptor/untrusted-types
Timestamps:
(00:00:00) Introduction
(00:09:45) 'Listen to the whispers'
(00:30:03) 'Splitting the email atom'
(00:58:42) 'Gotta cache 'em all'
(01:21:03) 'Confusion Attacks'
88集单集
Manage episode 435542505 series 3435922
Episode 85: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel talk through some of the research coming out of DEFCON, mainly from the PortSwigger team. Web timing attacks, cache exploitation, and exploits related to email protocols are all featured. Plus we also talk some fun Apache hacks from Orange Tsai
Follow us on twitter at: @ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Find the Hackernotes: https://blog.criticalthinkingpodcast.io/
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
------ Ways to Support CTBBPodcast ------
Hop on the CTBB Discord at https://ctbb.show/discord!
Check out our new SWAG store at https://ctbb.show/swag!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Today’s Sponsor - ThreatLocker
Resources
Listen to the whispers
https://portswigger.net/research/listen-to-the-whispers-web-timing-attacks-that-actually-work
Splitting the email atom
https://portswigger.net/research/splitting-the-email-atom
Gotta cache 'em all
https://portswigger.net/research/gotta-cache-em-all
HTTP Garden
https://github.com/narfindustries/http-garden
Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!
Trusted API Types
https://developer.mozilla.org/en-US/docs/Web/API/Trusted_Types_API
Untrusted Types
https://github.com/filedescriptor/untrusted-types
Timestamps:
(00:00:00) Introduction
(00:09:45) 'Listen to the whispers'
(00:30:03) 'Splitting the email atom'
(00:58:42) 'Gotta cache 'em all'
(01:21:03) 'Confusion Attacks'
88集单集
All episodes
×欢迎使用Player FM
Player FM正在网上搜索高质量的播客,以便您现在享受。它是最好的播客应用程序,适用于安卓、iPhone和网络。注册以跨设备同步订阅。