Episode 60: In this episode of Critical Thinking Bug Bounty Podcast Justin and Joel review the Portswigger Research list of top 10 web hacking techniques of 2023.

Follow us on twitter at:   / ctbbpodcast  

We're new to this podcasting thing, so feel free to send us any feedback here: [email protected]
Shoutout to   / realytcracker   for the awesome intro music!

====== Links ======
Follow your hosts Rhynorater & Teknogeek on twitter:
  / 0xteknogeek  
  / rhynorater  

====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, $5 premium subscribers get access to private masterclasses, exploits, tools, scripts, unredacted bug reports, etc.

Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.

Resources:

Top 10 web hacking techniques of 2023
https://portswigger.net/research/top...

1: Smashing the state machine
https://portswigger.net/research/smas...

8: From Akamai to F5 to NTLM
https://blog.malicious.group/fromaka...

3: SMTP Smuggling
https://secconsult.com/blog/detail/s...

4: PHP filter chains
https://www.synacktiv.com/publication...

(Bonus Read)
https://www.synacktiv.com/publication...

5: HTTP Parsers Inconsistencies
https://rafa.hashnode.dev/exploiting...

6: HTTP Request Splitting
https://offzone.moscow/upload/iblock/...

7: How I Hacked Microsoft Teams
https://speakerdeck.com/masatokinugaw...

9: Cookie Crumbles
https://www.usenix.org/conference/use...

(Bonus Read)
https://blog.ankursundara.com/cookie...

10: Hacking root EPP servers to take control of zones
https://hackcompute.com/hackingepps...

Timestamps:
(00:00:00) Introduction
(00:04:26) 1: Smashing the state machine
(00:11:56) 8: From Akamai to F5 to NTLM... with love
(00:17:11) 3: SMTP Smuggling
(00:26:27) 4: PHP filter chains
(00:36:40) 5: HTTP Parsers Inconsistencies
(00:44:56) 6: HTTP Request Splitting
(00:53:43) 7: How I Hacked Microsoft Teams
(01:02:25) 9: Cookie Crumbles
(01:11:36) 10: EPP Server Takeover
(01:15:21) Summary