Episode 158: 10hr Marathon Hack-Along Recap + $300k Client-side Bugs cover art

Episode 158: 10hr Marathon Hack-Along Recap + $300k Client-side Bugs

Episode 158: 10hr Marathon Hack-Along Recap + $300k Client-side Bugs

Listen for free

View show details

About this listen

Episode 158: In this episode of Critical Thinking - Bug Bounty Podcast we talk about our personal takeaways from the CTBB Charity Hackalong, and then break down some InsertScript POCs, what a $55,000 bug can look like, and if Smart People Ever Say They’re Smart.


Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!



====== Links ======

Follow your hosts Rhynorater, rez0 and gr3pme on X:

https://x.com/Rhynorater

https://x.com/rez0__

https://x.com/gr3pme


Critical Research Lab:

https://lab.ctbb.show/


====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!


We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.


You can also find some hacker swag at https://ctbb.show/merch!


Today's Sponsor: Join Justin at Zero Trust World in March and get $200 off registration with Code ZTWCTBB26

https://ztw.com/


====== Resources ======

InsertScript - XSS Challenge Solution

https://insert-script.blogspot.com/2020/03/xss-challenge-solution-refresh-header.html


InsertScript - Redirect AuthHeader

https://www.insert-script.com/examples/redirectAuthHeader/send.html


CRLF injection on a 302 redirect

https://x.com/0xdef1ant/status/2009040359482118500


Multiple XSS in Meta Conversion API Gateway Leading to Zero-Click Account Takeover

https://ysamm.com/uncategorized/2025/01/13/capig-xss.html


Arcanum Hack Tips

https://github.com/Arcanum-Sec/hack_tips


Trail of Bits Releases Claude Skills

https://x.com/dguido/status/2011541318229533063


what a $55,000 bug can look like

https://x.com/the_IDORminator/status/2007480636244697237


Pwning Claude Code in 8 Different Ways

https://flatt.tech/research/posts/pwning-claude-code-in-8-different-ways/


Do Smart People Ever Say They’re Smart?

https://labs.watchtowr.com/do-smart-people-ever-say-theyre-smart-smartertools-smartermail-pre-auth-rce-cve-2025-52691/



====== Timestamps ======

(00:00:00) Introduction

(00:04:18) Technical takeaways from CT Charity Hackalong

(00:22:21) InsertScript POCs & Rez0 and teknogeek's IOT Adventures

(00:32:16) CRLF injection on a 302 redirect & Multiple XSS in Meta

(00:41:00) Trail of Bits, what a $55,000 bug can look like, & Pwning Claude Code

(00:54:16) Do Smart People Ever Say They’re Smart?
No reviews yet
In the spirit of reconciliation, Audible acknowledges the Traditional Custodians of country throughout Australia and their connections to land, sea and community. We pay our respect to their elders past and present and extend that respect to all Aboriginal and Torres Strait Islander peoples today.