Gå frakoblet med Player FM -appen!
Episode 70: NahamCon and CSP Bypasses Everywhere
Manage episode 417304496 series 3435922
Episode 70: In this episode of Critical Thinking - Bug Bounty Podcast we’re once again joined by Ben Sadeghipour to talk about some Nahamcon news, as well as discuss a couple other LHE’s taking place. Then they cover CI/CD and drop some cool CSP Bypasses.
Follow us on twitter at: @ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
------ Ways to Support CTBBPodcast ------
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Today’s Guest: https://twitter.com/NahamSec
Resources:
Depi
Youtube CSP:
https://www.youtube.com/oembed?callback=alert()
Maps CSP:
https://maps.googleapis.com/maps/api/js?callback=alert()-print
Google APIs CSP
https://www.googleapis.com/customsearch/v1?callback=alert(1)
Google CSP
https://www.google.com/complete/search?client=chrome&q=123&jsonp=alert(1)//
CSP Bypass for opener.child.child.child.click()
Timestamps:
(00:00:00) Introduction
(00:02:55) BSides Takeaways and hacking on Meta
(00:12:12) NahamCon News
(00:23:45) CI/CD and the launch of Depi
(00:33:29) CSP Bypasses
73 episoder
Manage episode 417304496 series 3435922
Episode 70: In this episode of Critical Thinking - Bug Bounty Podcast we’re once again joined by Ben Sadeghipour to talk about some Nahamcon news, as well as discuss a couple other LHE’s taking place. Then they cover CI/CD and drop some cool CSP Bypasses.
Follow us on twitter at: @ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
------ Ways to Support CTBBPodcast ------
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Today’s Guest: https://twitter.com/NahamSec
Resources:
Depi
Youtube CSP:
https://www.youtube.com/oembed?callback=alert()
Maps CSP:
https://maps.googleapis.com/maps/api/js?callback=alert()-print
Google APIs CSP
https://www.googleapis.com/customsearch/v1?callback=alert(1)
Google CSP
https://www.google.com/complete/search?client=chrome&q=123&jsonp=alert(1)//
CSP Bypass for opener.child.child.child.click()
Timestamps:
(00:00:00) Introduction
(00:02:55) BSides Takeaways and hacking on Meta
(00:12:12) NahamCon News
(00:23:45) CI/CD and the launch of Depi
(00:33:29) CSP Bypasses
73 episoder
Alle episoder
×Velkommen til Player FM!
Player FM scanner netter for høykvalitets podcaster som du kan nyte nå. Det er den beste podcastappen og fungerer på Android, iPhone og internett. Registrer deg for å synkronisere abonnement på flere enheter.