Episode 110: Oauth Gadget Correlation and Common Attacks

Critical Thinking - Bug Bounty Podcast

Feb 13, 2025•50 min•Season 1Ep. 110

--:--

Listen in podcast apps:

Listen to this episode in Metacast mobile app

Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

Episode 110: In this episode of Critical Thinking - Bug Bounty Podcast we hit some quick news items including a DOMPurify 3.2.3 Bypass, O3 mini updates, and a cool postLogger Chrome Extension. Then, we hone in on OAuth vulnerabilities, API keys, and innovative techniques hackers use to exploit these systems.

Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]

Shoutout to https://x.com/realytcracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater and Rez0 on Twitter:

https://x.com/Rhynorater

https://x.com/rez0__

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

====== Resources ======

DOMPurify 3.2.3 Bypass

Jason Zhou's post about O3 mini

Live Chat Blog #2: Cisco Webex Connect

postLogger Chrome Extension

postLogger Webstore Link

Common OAuth Vulnerabilities

nOAuth: How Microsoft OAuth Misconfiguration Can Lead to Full Account Takeover

Account Takeover using SSO Logins

Kai Greshake

====== Timestamps ======