Episode 163: Best Technical Takeaways from Portswigger Top 10 2025 - podcast episode cover

Episode 163: Best Technical Takeaways from Portswigger Top 10 2025

Critical Thinking - Bug Bounty Podcast
Feb 26, 20261 hr 8 minSeason 1Ep. 163
--:--
--:--
Listen in podcast apps:
Apple Podcasts
Spotify
Download
YouTube
Overcast
Pocket Casts
Episodes.fm
Download Metacast podcast app
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

Episode 163: In this episode of Critical Thinking - Bug Bounty Podcast It’s that time of year again! We’re looking at the Portswigger Research list of top 10 web hacking techniques of 2025.


Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!



====== Links ======

Follow your hosts Rhynorater, rez0 and gr3pme on X: 

https://x.com/Rhynorater

https://x.com/rez0__

https://x.com/gr3pme


Critical Research Lab:

https://lab.ctbb.show/ 


====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!


We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.


You can also find some hacker swag at https://ctbb.show/merch!



====== Resources ======


Parser Differentials: When Interpretation Becomes a Vulnerability

https://www.youtube.com/watch?v=Dq_KVLXzxH8


XSS-Leak: Leaking Cross-Origin Redirects

https://blog.babelo.xyz/posts/cross-site-subdomain-leak/


Playing with HTTP/2 CONNECT

https://blog.flomb.net/posts/http2connect/


Next.js, cache, and chains: the stale elixir

https://zhero-web-sec.github.io/research-and-things/nextjs-cache-and-chains-the-stale-elixir


SOAPwn: Pwning .NET Framework Apps Through HTTP Client Proxies And WSDL

https://watchtowr.com/wp-content/uploads/SOAPwnwatchtowr_soappwn-research-whitepaper_10-12-2025.pdf


Cross-Site ETag Length Leak

https://blog.arkark.dev/2025/12/26/etag-length-leak


Lost in Translation: Exploiting Unicode Normalization

https://www.youtube.com/watch?v=ETB2w-f3pM4


ORM Leaking More Than You Joined For

https://www.elttam.com/blog/leaking-more-than-you-joined-for/


Novel SSRF Technique Involving HTTP Redirect Loops

https://slcyber.io/research-center/novel-ssrf-technique-involving-http-redirect-loops/


Successful Errors: New Code Injection and SSTI Techniques

https://github.com/vladko312/Research_Successful_Errors




====== Timestamps ======

(00:00:00) Introduction

(00:02:33) Parser Differentials: When Interpretation Becomes a Vulnerability

(00:11:02) XSS-Leak: Leaking Cross-Origin Redirects

(00:18:25) Playing with HTTP/2 CONNECT

(00:22:10) Next.js, cache, and chains: the stale elixir

(00:29:15) SOAPwn: Pwning .NET Framework Apps Through HTTP Client Proxies And WSDL

(00:34:27) Cross-Site ETag Length Leak

(00:41:47) Lost in Translation: Exploiting Unicode Normalization

(00:47:27) ORM Leaking More Than You Joined For

(00:54:07) Novel SSRF Technique Involving HTTP Redirect Loops

(00:58:40) Successful Errors: New Code Injection and SSTI Techniques

For the best experience, listen in Metacast app for iOS or Android