Jhaddix returns on the pod covering: The Bug Hunters Methodology, target hunts, recon techniques, going deep on apps and more.
Justin and Joel are back with some additional research resources that didn’t make the Portswigger Top-Ten: HTML quirks, CSS injection, XSS, and JS analysis.
Justin is joined by Jasmin Landry to share some cool exploit chains, OAuth bugs and unexpected configuration file injection.
This episode is all about the Portswigger top 10 research of 2023. We’ve done our own spin on this, the HackerNotes top 5.
The guys drop some useful gadgets they look for when hunting, along with gadgets that get their hacker intuition firing.
Youssef and the guys sit down during the LHE to discuss all things ATO and client-side madness.
Justin and Joel Drop the Pod While Attending Capital One's LHE and Have Some Valuable Takeaways from the Event.
Using Data Science to Win Bug Bounty With Mayonaise (aka Jon Colston)
Popping WordPress Plugins: Ram Deep Dives His Research, Common Plugin Flaws, Code Review Methodology and Creative Escalation Vectors
HackerNotes Goes Live, Joel scrapes H1 Bounty Data, Critical Gitlab CVE Leads to ATO, LLM Attacks and Code Review Tips
Novel BXSS techniques, a 40k desktop RCE writeup, and NahamSec's tips for bug bounty success
Never run out of ideas for attack vectors again.