Episode 135: Akamai's Ryan Barnett On WAFs, Unicode Confusables, And Triage Stories Critical Thinking

Episode 135: Akamai's Ryan Barnett on WAFs, Unicode Confusables, and Triage Stories

45 subscribers

published 3M ago

Content provided by Justin Gardner (Rhynorater) & Joseph Thacker (Rez0), Justin Gardner (Rhynorater), and Joseph Thacker (Rez0). All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Justin Gardner (Rhynorater) & Joseph Thacker (Rez0), Justin Gardner (Rhynorater), and Joseph Thacker (Rez0) or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://staging.podcastplayer.com/legal.

Episode 135: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Ryan Barnett for a deep dive on WAFs. We also recap his Exploiting Unicode Normalization talk from DEFCON, and get his perspective on bug hunting from his time at Akamai.

Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater and Rez0 on Twitter:

https://x.com/Rhynorater

https://x.com/rez0__

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today’s Sponsor - ThreatLocker. Checkout ThreatLocker Detect! https://www.criticalthinkingpodcast.io/tl-detect

Today’s Guest: https://x.com/ryancbarnett

====== Resources ======

Accidental Stored XSS Flaw in Zemanta 'Related Posts' Plugin for TypePad

https://webappdefender.blogspot.com/2013/04/accidental-stored-xss-flaw-in-zemanta.html

XSS Street-Fight

https://media.blackhat.com/bh-dc-11/Barnett/BlackHat_DC_2011_Barnett_XSS%20Streetfight-Slides.pdf

Blackhat USA 2025 - Lost in Translation: Exploiting Unicode Normalization

https://www.blackhat.com/us-25/briefings/schedule/#lost-in-translation-exploiting-unicode-normalization-44923

====== Timestamps ======

(00:00:00) Introduction

(00:02:49) Accidental Stored XSS in Typepad Plugin

(00:06:34) Chatscatter & Abusing third party Analytics

(00:11:42) Ryan Barnett Introduction

(00:21:11) Virtual Patching & WAF Challenges

(00:40:39) AWS API Gateways & Whitelisting Bug Hunter Traffic

(00:49:59) Lost in Translation: Exploiting Unicode Normalization

(01:11:29) CSPs at the WAF level & 'Bounties for Bypass'

146 episodes

#Tech #Justin Gardner (Rhynorater

All episodes

Top Podcasts

1
The Bill Simmons Podcast

The Ringer

112k

Unsubscribe

5h ago5h ago

Unsubscribe

Weekly+

HBO and The Ringer's Bill Simmons hosts the most downloaded sports podcast of all time, with a rotating crew of celebrities, athletes, and media staples, as well as mainstays like Cousin Sal, Joe House, and a slew of other friends and family members who always happen to be suspiciously available.

1
PTI

ESPN, Tony Kornheiser, Michael Wilbon

104k

200

Unsubscribe

3d ago3d ago

Unsubscribe

Weekly+

Tony Kornheiser and Michael Wilbon face off in the nation's capital on the day's hottest topics.

1
The Herd with Colin Cowherd

iHeartPodcasts and The Volume

11k

Unsubscribe

1h ago1h ago

Unsubscribe

Daily+

The Herd with Colin Cowherd is a thought-provoking, opinionated, and topic-driven journey through the top sports stories of the day.

1
Planet Money

NPR

189k

355

Unsubscribe

3d ago3d ago

Unsubscribe

Weekly+

Wanna see a trick? Give us any topic and we can tie it back to the economy. At Planet Money, we explore the forces that shape our lives and bring you along for the ride. Don't just understand the economy – understand the world. Wanna go deeper? Subscribe to Planet Money+ and get sponsor-free episodes of Planet Money, The Indicator, and Planet Money Summer School. Plus access to bonus content. It's a new way to support the show you love. Learn more at plus.npr.org/planetmoney

1
Comedy of the Week

BBC Radio 4

164k

Unsubscribe

15h ago15h ago

Unsubscribe

Weekly

Brighten your week with the latest BBC Radio 4 comedy.

1
The Bugle

The Bugle

123k

673

Unsubscribe

6d ago6d ago

Unsubscribe

Weekly

It's the trans-global satiricast that leaves no hot potato unbuttered. Andy Zaltzman breaks down the news with comedians from across the world including Alice Fraser, Hari Kondabolu, Chris Addison, John Oliver, Nish Kumar, Tiff Stevenson and Helen Zaltzman. Go to TheBuglePodcast.com to become a premium subscriber and get exclusive shows. Follow us on YouTube. Hosted on Acast. See acast.com/privacy for more information.

1
How Did This Get Made?

Earwolf and Paul Scheer, June Diane Raphael, Jason Mantzoukas

198k

305

Unsubscribe

3d ago3d ago

Unsubscribe

Weekly+

The award-winning comedy podcast that celebrates bad movies. Comedians and actors Paul Scheer (The League), June Diane Raphael (Grace and Frankie), and Jason Mantzoukas (Big Mouth) break down the very best of the worst films ever made—we’re talkin’ blockbuster flops, cheesy 80s action movies, Lifetime thrillers, obscure cult classics, and if we’re honest… most Nic Cage and Jason Statham movies. Plus, sometimes they’re even joined by hilarious guests like Seth Rogen, Conan O’Brien, Amy Schume ...

1
Slate Culture

Slate Podcasts

158k

Unsubscribe

16h ago16h ago

Unsubscribe

Daily

Get the Culture Gabfest and all of Slate's culture coverage here.

1
TED Talks Daily

TED

1342k

Unsubscribe

5h ago5h ago

Unsubscribe

Daily

Want TED Talks on the go? Everyday, this feed brings you our latest talks in audio format. Hear thought-provoking ideas on every subject imaginable – from Artificial Intelligence to Zoology, and everything in between – given by the world's leading thinkers and doers. This collection of talks, given at TED and TEDx conferences around the globe, is also available in video format. Interested in learning more about upcoming TED events? Follow these links: TEDNext: ted.com/futureyou Hosted on Aca ...

1
NBC Nightly News with Tom Llamas

NBC News

1199k

720

Unsubscribe

3d ago3d ago

Unsubscribe

Daily

Listen to "NBC Nightly News," providing reports and analysis of the day's most newsworthy national and international events. This audio podcast, updated each evening, brings you the day's show in its entirety. For more from "Nightly News", visit NBCNightlyNews.com.

1
CBS News Roundup

CBS News

1130k

Unsubscribe

10h ago10h ago

Unsubscribe

Daily

The CBS News team wraps up the major headlines you need to know every day on the CBS News Roundup podcast. On weekday mornings, Steve Kathan delivers the “World News Roundup” and every evening you can catch up on all the day's news with Jennifer Keiper on the “World News Roundup: Late Edition”. Then, every weekend the CBS News team in Washington goes deep into the major stories on “Weekend Roundup'' hosted by Allison Keyes. Each episode features a “Kaleidoscope” segment that takes on social ...

1
Daily Boost With Scott Smith

Scott Smith - Motivation and Coaching

379k

Unsubscribe

9h ago9h ago

Unsubscribe

Daily

The Daily Boost is where ancient wisdom meets modern action. I'm Scott Smith, and for 20 years, I've helped people like you cut through life's complexity with timeless principles that actually work. Every Monday through Friday (under 10 minutes), you get philosophy made practical — the essential rules, frameworks, and step-by-step formulas that turn confusion into clarity. This is Stoic wisdom without the theory. Life principles without the fluff. Clear steps for complicated moments. This is ...

1
Radiolab

WNYC Studios

292k

150

Unsubscribe

3d ago3d ago

Unsubscribe

Weekly

Radiolab is on a curiosity bender. We ask deep questions and use investigative journalism to get the answers. A given episode might whirl you through science, legal history, and into the home of someone halfway across the world. The show is known for innovative sound design, smashing information into music. It is hosted by Lulu Miller and Latif Nasser.

1
Science Friday

Science Friday and WNYC Studios

187k

Unsubscribe

9h ago9h ago

Unsubscribe

Daily

Covering the outer reaches of space to the tiniest microbes in our bodies, Science Friday is the source for entertaining and educational stories about science, technology, and other cool stuff.

1
This American Life

This American Life

361k

Unsubscribe

1d ago1d ago

Unsubscribe

Monthly

Each week we choose a theme. Then anything can happen. This American Life is true stories that unfold like little movies for radio. Personal stories with funny moments, big feelings, and surprising plot twists. Newsy stories that try to capture what it’s like to be alive right now. It’s the most popular weekly podcast in the world, and winner of the first ever Pulitzer Prize for a radio show or podcast. Hosted by Ira Glass and produced in collaboration with WBEZ Chicago.

1
Snap Judgment

Snap Judgment and PRX

318k

497

Unsubscribe

4d ago4d ago

Unsubscribe

Weekly

Snap Judgment mixes real stories with killer beats to produce cinematic, dramatic radio. Snap’s raw, musical brand of storytelling dares listeners to see the world through the eyes of another. It's storytelling... with a BEAT.

1
Criminal

Vox Media Podcast Network

256k

353

Unsubscribe

4d ago4d ago

Unsubscribe

Weekly

Criminal is the first of its kind. A show about people who’ve done wrong, been wronged, or gotten caught somewhere in the middle. Hosted by Phoebe Judge. Named a Best Podcast of 2023 by the New York Times. Part of the Vox Media Podcast Network.

1
Sword and Scale

Sword and Scale

60k

287

Unsubscribe

2d ago2d ago

Unsubscribe

Monthly+

Sword and Scale is a weekly true crime podcast covering the dark underworld of crime and the criminal justice system’s response to it. The first episode launched January 1st, 2014 and feature stories of murder, abduction, rape, and even more bizarre forms of crime. It’s the purest form of true-crime where the raw uncensored audio tells the story. Everything from 911 calls to court testimony, interviews with victims and sometimes with perpetrators give listeners a 360 degree look at the seedy ...

1
My Favorite Murder with Karen Kilgariff and Georgia Hardstark

Exactly Right and iHeartPodcasts

52k

Unsubscribe

5h ago5h ago

Unsubscribe

Weekly+

My Favorite Murder is a true crime comedy podcast hosted by Karen Kilgariff and Georgia Hardstark. Each week, Karen and Georgia share compelling true crimes and hometown stories from friends and listeners. Since MFM launched in January of 2016, Karen and Georgia have shared their lifelong interest in true crime and have covered stories of infamous serial killers like the Night Stalker, mysterious cold cases, captivating cults, incredible survivor stories and important events from history lik ...

Episode 135: Akamai's Ryan Barnett on WAFs, Unicode Confusables, and Triage Stories

Similar to Critical Thinking - Bug Bounty Podcast

Download the best offline podcast player

Top Podcasts