Episode 131: SL Cyber Writeups, Bug Bounty Metastrategy, and Orphaned Github Commits
Episode 131: In this episode of Critical Thinking - Bug Bounty Podcast we're covering Christmas in July with several banger articles from Searchlight Cyber, as well as covering things like Raycast for Windows, Third-Person prompting, and touch on the recent McDonalds LeakFollow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here:
[email protected] to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today’s Sponsor is Adobe. Use code CTBBP0907 in your first report on Adobe Behance, Portfolio, Fonts or Acrobat Web, and earn a one-time 10% bonus reward!====== Resources ======v1 Instance Metadata Service protections bypassWould you like an IDOR with that? Leaking 64 million McDonald’s job applicationsHow we got persistent XSS on every AEM cloud site, thriceGoogle docs now supports export as markdownAbusing Windows, .NET quirks, and Unicode Normalization to exploit DNN (DotNetNuke)How I Scanned all of GitHub’s “Oops Commits” for Leaked SecretsBug bounty, feedback, strategy and alchemy====== Timestamps ======(00:00:00) Introduction(00:05:39) Metadata Service protections bypass & Mcdonalds Leak(00:12:30) Christmas in July with Searchlight Cyber Pt 1(00:19:43) Export as Markdown, Raycast for Windows, & Third-Person prompting(00:23:56) Christmas in July with Searchlight Cyber Pt 2(00:27:39) GitHub’s “Oops Commits” for Leaked Secrets(00:36:53) Bug bounty, feedback, strategy and alchemy