Episode 60: In this episode of Critical Thinking Bug Bounty Podcast Justin and Joel review the Portswigger Research list of top 10 web hacking techniques of 2023.
Follow us on twitter at: / ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: [email protected]
Shoutout to / realytcracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater & Teknogeek on twitter:
/ 0xteknogeek
/ rhynorater
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, $5 premium subscribers get access to private masterclasses, exploits, tools, scripts, unredacted bug reports, etc.
Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.
Resources:
Top 10 web hacking techniques of 2023
https://portswigger.net/research/top...
1: Smashing the state machine
https://portswigger.net/research/smas...
8: From Akamai to F5 to NTLM
https://blog.malicious.group/fromaka...
3: SMTP Smuggling
https://secconsult.com/blog/detail/s...
4: PHP filter chains
https://www.synacktiv.com/publication...
(Bonus Read)
https://www.synacktiv.com/publication...
5: HTTP Parsers Inconsistencies
https://rafa.hashnode.dev/exploiting...
6: HTTP Request Splitting
https://offzone.moscow/upload/iblock/...
7: How I Hacked Microsoft Teams
https://speakerdeck.com/masatokinugaw...
9: Cookie Crumbles
https://www.usenix.org/conference/use...
(Bonus Read)
https://blog.ankursundara.com/cookie...
10: Hacking root EPP servers to take control of zones
https://hackcompute.com/hackingepps...
Timestamps:
(00:00:00) Introduction
(00:04:26) 1: Smashing the state machine
(00:11:56) 8: From Akamai to F5 to NTLM... with love
(00:17:11) 3: SMTP Smuggling
(00:26:27) 4: PHP filter chains
(00:36:40) 5: HTTP Parsers Inconsistencies
(00:44:56) 6: HTTP Request Splitting
(00:53:43) 7: How I Hacked Microsoft Teams
(01:02:25) 9: Cookie Crumbles
(01:11:36) 10: EPP Server Takeover
(01:15:21) Summary