Episode 140: Crit Research Lab Update & Client-Side Tricks Galore
Episode description
Episode 140: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph give an update from The Crit Research Lab, as well as some writeups on postMessage vulnerabilities, Cookie Chaos, and more.
Follow us on X at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Send us feedback at info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater and Rez0
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord!
Get some hacker swag here!
====== This Week in Bug Bounty ======
HackerOne New Milestone Program
Email santerra.holler@bugcrowd.com for media opportunities
====== Resources ======
Exploiting Web Worker XSS with Blobs
CVE-2022-21703: cross-origin request forgery against Grafana
Conversation about Forcing Quirks Mode
AI Busniess Logic & POC or GTFO
Hunting postMessage Vulnerabilities – Part 1
Hunting postMessage Vulnerabilities – Part 2
Cookie Chaos: How to bypass Host and Secure cookie prefixes
====== Timestamps ======
(00:00:00) Introduction
(00:05:48) Crit Research Update
(00:13:00) Encouragement & Collaboration
(00:19:37) Cross-origin request forgery & Anthropic's web fetch
(00:29:17) Quirks Mode, AI Business Logic & POC or GTFO
(00:44:21) Hunting postMessage & Claude Code browserbase
(00:51:25) Community story, Executive Offense, & Cookie Chaos