Episode 107: Bypassing Cross-Origin Browser Headers

Critical Thinking - Bug Bounty Podcast

Jan 23, 2025•1 hr 6 min•Season 1Ep. 107

--:--

Listen in podcast apps:

Listen to this episode in Metacast mobile app

Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

Episode 107: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph are tackling the subject of cross-origin security headers. They also cover some news items including Google’s OAuth login flaw, RAINK, and gift card hacking.

Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]

Shoutout to https://x.com/realytcracker for the awesome intro music!

====== Links ======

Follow your hosts on Twitter:

https://x.com/Rhynorater

https://x.com/rez0__

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today’s Sponsor - ThreatLocker. Check out their Managed Detection and Response! https://www.criticalthinkingpodcast.io/tl-mdr

====== Resources ======

A Proud Dad's Tale of Two Bug Hunting Daughters and Their Responsible Disclosures

Google’s OAuth login flaw

Rez0's Ai tweet

Rez0's Follow-up

Raink from BishopFox

Gift cards security research

Top 10 web hacking techniques of 2024

Cross-Origin-Opener-Policy: preventing attacks from popups

====== Timestamps ======