The OG Bug Bounty King - Frans Rosen (Ep. 45)

Рет қаралды 6,574

Critical Thinking - Bug Bounty Podcast

Күн бұрын

In this episode of Critical Thinking - Bug Bounty Podcast, we're thrilled to welcome Frans Rosén, an OG bug bounty hunter and co-founder of Detectify. We kick off with Frans sharing his journey bug bounty and security startups, before diving headfirst into a host of his blog posts. We also cover the value of pseudo-code for bug exploitation, understanding developer terminology, the challenges of collaboration and delegating tasks, and balancing hacking with parenting. If you're interested in bug bounty or entrepreneurship, you won't want to miss it!
Follow us on twitter at: / ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
====== Ways to Support CTBB Podcast ======
Follow us on twitter: / ctbbpodcast
Follow your hosts Rhynorater & Teknogeek on twitter:
- / rhynorater
- / 0xteknogeek
Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.
Join our Discord! ctbb.show/discord
====== Links ======
Today's Guest: / fransrosen
Detectify: labs.detectify.com/
Discovering s3 subdomain takeovers: labs.detectify.com/writeups/h...
Bucket Disclose: gist.github.com/fransr/a155e5...
A deep dive into AWS S3 access controls: labs.detectify.com/writeups/a...
Attacking Modern Web Technologies: www.slideshare.net/OWASP_Pola...
Live Hacking like a MVH: speakerdeck.com/fransrosen/li...
Account hijacking using Dirty Dancing in sign-in OAuth flows: labs.detectify.com/2022/07/06...
====== Timestamps ======
(00:00:00) Introduction
(00:04:50) Franz Rosen's Bug Bounty Journey and the creation of Detectify
(00:13:30) Benefits of pseudo-code, typing, and thinking like a developer
(00:20:20) Hunter Methodologies
(00:35:40) Time on targets, Iteration vs. Ideation, and tips for standing out
(00:51:10) S3 subdomain takeovers
(01:05:02) Blog posting and hosting motivations
(01:13:30) Detectify and entrepreneurial endeavors
(01:29:50) Attacking Modern Web Technologies
(01:46:00) postMessage and MessagePort
(01:58:09) Live Hacking and Collaboration
(02:13:50) Account Hijacking and OAuth Flows
(02:28:48) Hacking/Parenting

Пікірлер: 15

@ioanthomas7258 7 ай бұрын

I haven't listened to this yet, but I already know it's going to be a good episode

@abdulmoizsiddiqui6865 7 ай бұрын

most awaited podcast! thanks guys, learned alot :)

@hanzgumapac8815 7 ай бұрын

Can you invite santiago lopez next. where is he now?

@MFoster392 7 ай бұрын

Just a noob so a lot of your info is over my head but it's more to look up and learn so thank you fellas, you're all legends in my opinion :-)

@user-lk6rk8hb3d 7 ай бұрын

Super interesting and valuable. Thank you guys

@mohammadrezaabbasi4841 6 ай бұрын

Pure Gold, Thanks for such awesome tips, WOW

@souraldandothi5681 4 ай бұрын

1:46:00 Bro pulling a big brain move!! Legend!!

@TheLakeJake3 7 ай бұрын

Joel give us a rig rundown of your guitar setup!

@Free.Education786 5 ай бұрын

Please, if possible, cover these advanced topics like How to bypass Drupal CMS or other secured CMS? How to bypass HARD WAF protection that stops HTML, SQL, and XSS injection payloads? Payload single-double-triple encoding using Cyber-Chef? How to find the real origin IP of secured websites behind Cloudflare, Akamai, ModSecurity, AWS CDN, etc.,? How to bypass Hard WAF using SQLMAP or Burpsuite? How to find hidden vulnerable parameters and endpoints inside the .js and .jason files? How to find hidden admin pages, cPanel pages, and WHM pages ? Please cover these important topics. Thanks