Search a title or topic

Over 20 million podcasts, powered by 

Player FM logo
Artwork

Content provided by Justin Gardner (Rhynorater) & Joseph Thacker (Rez0), Justin Gardner (Rhynorater), and Joseph Thacker (Rez0). All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Justin Gardner (Rhynorater) & Joseph Thacker (Rez0), Justin Gardner (Rhynorater), and Joseph Thacker (Rez0) or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://staging.podcastplayer.com/legal.
Player FM - Podcast App
Go offline with the Player FM app!

Episode 107: Bypassing Cross-Origin Browser Headers

1:06:17
 
Share
 

Manage episode 462674806 series 3435922
Content provided by Justin Gardner (Rhynorater) & Joseph Thacker (Rez0), Justin Gardner (Rhynorater), and Joseph Thacker (Rez0). All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Justin Gardner (Rhynorater) & Joseph Thacker (Rez0), Justin Gardner (Rhynorater), and Joseph Thacker (Rez0) or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://staging.podcastplayer.com/legal.

Episode 107: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph are tackling the subject of cross-origin security headers. They also cover some news items including Google’s OAuth login flaw, RAINK, and gift card hacking.

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]

Shoutout to https://x.com/realytcracker for the awesome intro music!

====== Links ======

Follow your hosts on Twitter:

https://x.com/Rhynorater

https://x.com/rez0__

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today’s Sponsor - ThreatLocker. Check out their Managed Detection and Response! https://www.criticalthinkingpodcast.io/tl-mdr

====== Resources ======

A Proud Dad's Tale of Two Bug Hunting Daughters and Their Responsible Disclosures

Google’s OAuth login flaw

Rez0's Ai tweet

Rez0's Follow-up

Raink from BishopFox

Gift cards security research

Top 10 web hacking techniques of 2024

Cross-Origin-Opener-Policy: preventing attacks from popups

====== Timestamps ======

(00:00:00) Introduction

(00:05:13) Hacking with your kids

(00:09:46) H1/bc pentests

(00:12:23) Google’s OAuth login flaw

(00:18:01) Raink & Rez0's AI tweets

(00:28:46) Giftcard hacking & Portswigger top 10 voting

(00:34:23) Cross Origin Web Headers

  continue reading

126 episodes

Artwork
iconShare
 
Manage episode 462674806 series 3435922
Content provided by Justin Gardner (Rhynorater) & Joseph Thacker (Rez0), Justin Gardner (Rhynorater), and Joseph Thacker (Rez0). All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Justin Gardner (Rhynorater) & Joseph Thacker (Rez0), Justin Gardner (Rhynorater), and Joseph Thacker (Rez0) or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://staging.podcastplayer.com/legal.

Episode 107: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph are tackling the subject of cross-origin security headers. They also cover some news items including Google’s OAuth login flaw, RAINK, and gift card hacking.

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]

Shoutout to https://x.com/realytcracker for the awesome intro music!

====== Links ======

Follow your hosts on Twitter:

https://x.com/Rhynorater

https://x.com/rez0__

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today’s Sponsor - ThreatLocker. Check out their Managed Detection and Response! https://www.criticalthinkingpodcast.io/tl-mdr

====== Resources ======

A Proud Dad's Tale of Two Bug Hunting Daughters and Their Responsible Disclosures

Google’s OAuth login flaw

Rez0's Ai tweet

Rez0's Follow-up

Raink from BishopFox

Gift cards security research

Top 10 web hacking techniques of 2024

Cross-Origin-Opener-Policy: preventing attacks from popups

====== Timestamps ======

(00:00:00) Introduction

(00:05:13) Hacking with your kids

(00:09:46) H1/bc pentests

(00:12:23) Google’s OAuth login flaw

(00:18:01) Raink & Rez0's AI tweets

(00:28:46) Giftcard hacking & Portswigger top 10 voting

(00:34:23) Cross Origin Web Headers

  continue reading

126 episodes

All episodes

×
 
Loading …

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Copyright 2025 | Privacy Policy | Terms of Service | | Copyright
Listen to this show while you explore
Play