Episode 32: The Great Write-up Low-down

Episode 32: In this episode of Critical Thinking - Bug Bounty Podcast, Joel caught a nasty bug (no, not that kind) so Justin is flying solo, and catches us up to speed on what's been happening in hacking news.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogee....khttps://twitter.com the State articlehttps://portswigger.net/research/smashing-the-state-machine?ps_source=portswiggerres&ps_medium=social&ps_campaign=race-conditionsNagles Algorithmhttps://en.wikipedia.org/wiki/Nagle%27s_algorithm HTTP/2 RFC https://httpwg.org/specs/rfc7540.html Tweet by Alex Chapmanhttps://twitter.com/ajxchapman..../status/169110367792 Duodrop IIS Auth Bypasshttps://soroush.me/blog/2023/0....8/cookieless-duodrop Xss and .Nethttps://blog.isec.pl/all-is-xs....s-that-comes-to-the- Account Takeoverhttps://ophionsecurity.com/blo....g/shopify-acount-tak Name Guesserhttps://github.com/projectmonk....e/shortnameguesserHa Points.comhttps://samcurry.net/Points-com/Hacking Starbucks https://samcurry.net/hacking-starbucks/Bug Bounty Tag Requesthttps://twitter.com/ajxchapman..../status/168889209359 Attackhttps://www.landh.tech/blog/20....230811-sandwich-atta Timestamps:(00:00:00) Introduction(00:01:25) Smashing the State(00:11:30) HTTP/2 RFC(00:17:30) Cookieless Duodrop IIS Auth Bypass(00:24:45) Takeovers and Tools(00:32:30) Sam Curry writeup(00:53:10) Community requests(00:55:10) Sandwich Attacks