Artwork

Content provided by Justin Gardner (Rhynorater) & Joel Margolis (teknogeek), Justin Gardner (Rhynorater), and Joel Margolis (teknogeek). All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Justin Gardner (Rhynorater) & Joel Margolis (teknogeek), Justin Gardner (Rhynorater), and Joel Margolis (teknogeek) or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Player FM - Podcast App
Go offline with the Player FM app!

Episode 60: Our Take on PortSwigger's Top 10 Web Hacking Techniques of 2023

1:24:37
 
Share
 

Manage episode 403743743 series 3435922
Content provided by Justin Gardner (Rhynorater) & Joel Margolis (teknogeek), Justin Gardner (Rhynorater), and Joel Margolis (teknogeek). All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Justin Gardner (Rhynorater) & Joel Margolis (teknogeek), Justin Gardner (Rhynorater), and Joel Margolis (teknogeek) or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

Episode 60: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel review the Portswigger Research list of top 10 web hacking techniques of 2023.

Follow us on twitter at: @ctbbpodcast

Send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord

We also do Discord subs at $25, $10, $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Resources:

Top 10 web hacking techniques of 2023

1: Smashing the state machine

8: From Akamai to F5 to NTLM

3: SMTP Smuggling

4: PHP filter chains

(Bonus Read)

5: HTTP Parsers Inconsistencies

6: HTTP Request Splitting

7: How I Hacked Microsoft Teams

9: Cookie Crumbles

(Bonus Read)

10: Hacking root EPP servers to take control of zones

Timestamps:

(00:00:00) Introduction

(00:04:26) 1: Smashing the state machine

(00:11:56) 8: From Akamai to F5 to NTLM... with love

(00:17:11) 3: SMTP Smuggling

(00:26:27) 4: PHP filter chains

(00:36:40) 5: HTTP Parsers Inconsistencies

(00:44:56) 6: HTTP Request Splitting

(00:53:43) 7: How I Hacked Microsoft Teams

(01:02:25) 9: Cookie Crumbles

(01:11:36) 10: EPP Server Takeover

  continue reading

78 episodes

Artwork
iconShare
 
Manage episode 403743743 series 3435922
Content provided by Justin Gardner (Rhynorater) & Joel Margolis (teknogeek), Justin Gardner (Rhynorater), and Joel Margolis (teknogeek). All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Justin Gardner (Rhynorater) & Joel Margolis (teknogeek), Justin Gardner (Rhynorater), and Joel Margolis (teknogeek) or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

Episode 60: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel review the Portswigger Research list of top 10 web hacking techniques of 2023.

Follow us on twitter at: @ctbbpodcast

Send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord

We also do Discord subs at $25, $10, $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Resources:

Top 10 web hacking techniques of 2023

1: Smashing the state machine

8: From Akamai to F5 to NTLM

3: SMTP Smuggling

4: PHP filter chains

(Bonus Read)

5: HTTP Parsers Inconsistencies

6: HTTP Request Splitting

7: How I Hacked Microsoft Teams

9: Cookie Crumbles

(Bonus Read)

10: Hacking root EPP servers to take control of zones

Timestamps:

(00:00:00) Introduction

(00:04:26) 1: Smashing the state machine

(00:11:56) 8: From Akamai to F5 to NTLM... with love

(00:17:11) 3: SMTP Smuggling

(00:26:27) 4: PHP filter chains

(00:36:40) 5: HTTP Parsers Inconsistencies

(00:44:56) 6: HTTP Request Splitting

(00:53:43) 7: How I Hacked Microsoft Teams

(01:02:25) 9: Cookie Crumbles

(01:11:36) 10: EPP Server Takeover

  continue reading

78 episodes

All episodes

×
 
Loading …

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Quick Reference Guide