Justin Gardner (Rhynorater) & Joseph Thacker (Rez0)
Episode 114: Single Page Application Hacking Playbook
MAR 13, 202582 MIN
Episode 114: Single Page Application Hacking Playbook
MAR 13, 202582 MIN
Description
<p>Episode 114: In this episode of Critical Thinking - Bug Bounty Podcast we’re diving into SPA and how to attack them.We also cover a host of news items, including some bug write-ups, AI updates, and a new tool called Hackadvisor.</p><p>Follow us on twitter at: <a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/ctbbpodcast">https://x.com/ctbbpodcast</a></p><p>Got any ideas and suggestions? Feel free to send us any feedback here: <a target="_blank" rel="noopener noreferrer nofollow" href="mailto:info@criticalthinkingpodcast.io">info@criticalthinkingpodcast.io</a></p><p>Shoutout to<a target="_blank" rel="noopener noreferrer nofollow" href="https://twitter.com/realytcracker"> YTCracker</a> for the awesome intro music!</p><p><strong>====== Links ======</strong></p><p>Follow your hosts Rhynorater and Rez0 on Twitter: </p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/Rhynorater"><strong>https://x.com/Rhynorater</strong></a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/rez0__"><strong>https://x.com/rez0__</strong></a></p><p><strong>====== Ways to Support CTBBPodcast ======</strong></p><p>Hop on the CTBB Discord at <a target="_blank" rel="noopener noreferrer nofollow" href="https://ctbb.show/discord">https://ctbb.show/discord</a>!</p><p>We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.</p><p>You can also find some hacker swag at <a target="_blank" rel="noopener noreferrer nofollow" href="https://ctbb.show/merch">https://ctbb.show/merch</a>!</p><p>Today’s Sponsor: <a target="_blank" rel="noopener noreferrer nofollow" href="https://www.threatlocker.com/platform/cloud-control">ThreatLocker Cloud Control</a></p><p><strong>====== Resources ======</strong></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://vitorfalcao.com/posts/hacking-high-profile-targets/">Hacking High-Profile Bug Bounty Targets: Deep Dive into a Client-Side Chain</a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/trufflesec/status/1895170902872223752">Research finds 12,000 ‘Live’ API Keys and Passwords in DeepSeek's Training Data</a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://hackadvisor.io/programs">Hackadvisor</a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/yousukezan/status/1894703104421191835">WP Extensions</a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://notebooklm.google/">Notebook LM</a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/J0R1AN/status/1893667396658893125">Pressing Buttons with Popups</a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/RenwaX23/status/1893709501393489976">Response to @RenwaX23</a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/0xAsm0d3us/status/1896187800258830666">Prompt Injection Attacks for Dummies</a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://portswigger.net/research/shadow-repeater-ai-enhanced-manual-testing">Shadow Repeater</a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://github.com/microsoft/parallel-prettier">parallel-prettier</a></p><p><strong>====== Timestamps ======</strong></p><p>(00:00:00) Introduction</p><p>(00:02:15) Bug Write-up from @busf4ctor</p><p>(00:09:44) Scanning Common Crawl</p><p>(00:16:30) Hackadvisor and WP/Chrome Extension News</p><p>(00:24:15) Notebook LM, and Recent AI Updates</p><p>(00:31:58) Write-up from @J0R1AN and Related POC from @RenwaX23</p><p>(00:38:10) Prompt Injection Attacks for Dummies</p><p>(00:42:29) ShadowRepeater</p><p>(00:47:04) Single-page applications</p>
Sign In
Sign In