Justin Gardner
@rhynorater.bsky.social
Christian | Full-time Bug Bounty Hunter | Host @ctbbpodcast.bsky.social | Advisor @caido.io | 3x LHE MVH | 🗣️ English, 日本語
Reposted by Justin Gardner
🚀 This week's UL is live!
Featuring:
🌐 Launching 2025
📂 US soldier data leak
🤖 AI agents begin to emerge
🇨🇳 China’s global spy network revealed
🚕 Robotaxis now safer than human drivers
newsletter.danielmiessler.com/p/ul-463
Featuring:
🌐 Launching 2025
📂 US soldier data leak
🤖 AI agents begin to emerge
🇨🇳 China’s global spy network revealed
🚕 Robotaxis now safer than human drivers
newsletter.danielmiessler.com/p/ul-463
UL NO. 463 | Launching 2025, US Soldier Data Leak, AI Agents Emerge, China's Global Spy Network, Robotaxis Now Safer Than Humans
Navigating AI's impact on work, the rise of transnational threats, a grim new reality in air travel, and how to harness the chaos of 2025 for personal and professional growth
newsletter.danielmiessler.com
January 7, 2025 at 7:52 PM
🚀 This week's UL is live!
Featuring:
🌐 Launching 2025
📂 US soldier data leak
🤖 AI agents begin to emerge
🇨🇳 China’s global spy network revealed
🚕 Robotaxis now safer than human drivers
newsletter.danielmiessler.com/p/ul-463
Featuring:
🌐 Launching 2025
📂 US soldier data leak
🤖 AI agents begin to emerge
🇨🇳 China’s global spy network revealed
🚕 Robotaxis now safer than human drivers
newsletter.danielmiessler.com/p/ul-463
Reposted by Justin Gardner
TIL: Array.fromAsync([1],alert)
December 19, 2024 at 3:54 PM
TIL: Array.fromAsync([1],alert)
We released our 100th episode of
@ctbbpodcast.bsky.social yesterday - really proud of the whole CTBB team! We're sad to be losing @teknogeek.io, but very hopeful for future of the pod!
We're going to lean more into the discord community and keep producing HQ technical content in 2025.
@ctbbpodcast.bsky.social yesterday - really proud of the whole CTBB team! We're sad to be losing @teknogeek.io, but very hopeful for future of the pod!
We're going to lean more into the discord community and keep producing HQ technical content in 2025.
December 6, 2024 at 4:11 PM
We released our 100th episode of
@ctbbpodcast.bsky.social yesterday - really proud of the whole CTBB team! We're sad to be losing @teknogeek.io, but very hopeful for future of the pod!
We're going to lean more into the discord community and keep producing HQ technical content in 2025.
@ctbbpodcast.bsky.social yesterday - really proud of the whole CTBB team! We're sad to be losing @teknogeek.io, but very hopeful for future of the pod!
We're going to lean more into the discord community and keep producing HQ technical content in 2025.
Yo, new big thing: Shift.
AI seamlessly integrated into your HTTP proxy.
Use cases:
"Take this JS and build the JSON request body"
"Fill in these IDs from my notes - UserA"
"Create a match and replace rule to turn on this feature flag"
"Generate a wordlist with all HTTP Verbs"
AI seamlessly integrated into your HTTP proxy.
Use cases:
"Take this JS and build the JSON request body"
"Fill in these IDs from my notes - UserA"
"Create a match and replace rule to turn on this feature flag"
"Generate a wordlist with all HTTP Verbs"
December 6, 2024 at 3:39 PM
Yo, new big thing: Shift.
AI seamlessly integrated into your HTTP proxy.
Use cases:
"Take this JS and build the JSON request body"
"Fill in these IDs from my notes - UserA"
"Create a match and replace rule to turn on this feature flag"
"Generate a wordlist with all HTTP Verbs"
AI seamlessly integrated into your HTTP proxy.
Use cases:
"Take this JS and build the JSON request body"
"Fill in these IDs from my notes - UserA"
"Create a match and replace rule to turn on this feature flag"
"Generate a wordlist with all HTTP Verbs"
Reposted by Justin Gardner
We spend a lot of time talking to the hackers, but today, we're dropping a goodie for the program managers!
Here are our top tips for running a kickass bug bounty program.
See the matrix at the end for high impact to hackers, low effort changes.
blog.criticalthinkingpodcast.io/p/program-ma...
Here are our top tips for running a kickass bug bounty program.
See the matrix at the end for high impact to hackers, low effort changes.
blog.criticalthinkingpodcast.io/p/program-ma...
Program Manager’s Guide To Running a Successful Bug Bounty Program
How to run a bug bounty program hackers will love to hack on.
blog.criticalthinkingpodcast.io
December 4, 2024 at 4:16 PM
We spend a lot of time talking to the hackers, but today, we're dropping a goodie for the program managers!
Here are our top tips for running a kickass bug bounty program.
See the matrix at the end for high impact to hackers, low effort changes.
blog.criticalthinkingpodcast.io/p/program-ma...
Here are our top tips for running a kickass bug bounty program.
See the matrix at the end for high impact to hackers, low effort changes.
blog.criticalthinkingpodcast.io/p/program-ma...
Reposted by Justin Gardner
Bash tip: hit ctrl+x then ctrl+e to edit your current command in $EDITOR, write and quit to run it
December 3, 2024 at 6:15 PM
Bash tip: hit ctrl+x then ctrl+e to edit your current command in $EDITOR, write and quit to run it
Reposted by Justin Gardner
If you are interested in client-side hacking and browser quirks I strongly recommend going through this writeup by @maitai.bsky.social!
It was also cool to collab w/ him on the second chall 🤜🏿🤛🏻
blig.one/2024/11/29/f...
It was also cool to collab w/ him on the second chall 🤜🏿🤛🏻
blig.one/2024/11/29/f...
Flatt Security XSS Challenge - Writeup | maitai's blog
blig.one
November 30, 2024 at 6:20 AM
If you are interested in client-side hacking and browser quirks I strongly recommend going through this writeup by @maitai.bsky.social!
It was also cool to collab w/ him on the second chall 🤜🏿🤛🏻
blig.one/2024/11/29/f...
It was also cool to collab w/ him on the second chall 🤜🏿🤛🏻
blig.one/2024/11/29/f...
Reposted by Justin Gardner
November 29, 2024 at 11:29 PM
Reposted by Justin Gardner
This week we've got a rare episode that is also a bit more beginner friendly!
0xLupin (of Lupin and Holmes) and @rhynorater.bsky.social breakdown some of the hacker mentality that really caused some breakthrough in their hacker growth.
Check it out!
youtu.be/yxc2jVKE-jo
0xLupin (of Lupin and Holmes) and @rhynorater.bsky.social breakdown some of the hacker mentality that really caused some breakthrough in their hacker growth.
Check it out!
youtu.be/yxc2jVKE-jo
Back to the Basics - Web Fundamental to 100k a Year in Bug Bounty (Ep. 99)
YouTube video by Critical Thinking - Bug Bounty Podcast
youtu.be
November 28, 2024 at 3:06 PM
This week we've got a rare episode that is also a bit more beginner friendly!
0xLupin (of Lupin and Holmes) and @rhynorater.bsky.social breakdown some of the hacker mentality that really caused some breakthrough in their hacker growth.
Check it out!
youtu.be/yxc2jVKE-jo
0xLupin (of Lupin and Holmes) and @rhynorater.bsky.social breakdown some of the hacker mentality that really caused some breakthrough in their hacker growth.
Check it out!
youtu.be/yxc2jVKE-jo
I talk about this on the pod all the time, but CSRF is dead simple. You just need to know the conditions.
I'm not gonna recite them again here, but today a new condition came up:
No Content-Type header -> no CSRF restrictions
Same-site: None
POST
= CSRF
The research:
I'm not gonna recite them again here, but today a new condition came up:
No Content-Type header -> no CSRF restrictions
Same-site: None
POST
= CSRF
The research:
November 27, 2024 at 4:55 PM
I talk about this on the pod all the time, but CSRF is dead simple. You just need to know the conditions.
I'm not gonna recite them again here, but today a new condition came up:
No Content-Type header -> no CSRF restrictions
Same-site: None
POST
= CSRF
The research:
I'm not gonna recite them again here, but today a new condition came up:
No Content-Type header -> no CSRF restrictions
Same-site: None
POST
= CSRF
The research:
Alright, new platform so I'm going to start sharing some things that I'm excited about to keep the momentum flowing!
Rn, I think the 403 Bypasser Caido plugin from Bebiks is freaking amazing.
This is a tool to automate the bypassing of walled-off endpoints.
This plugin does 3 things right:
Rn, I think the 403 Bypasser Caido plugin from Bebiks is freaking amazing.
This is a tool to automate the bypassing of walled-off endpoints.
This plugin does 3 things right:
November 27, 2024 at 3:01 PM
Alright, new platform so I'm going to start sharing some things that I'm excited about to keep the momentum flowing!
Rn, I think the 403 Bypasser Caido plugin from Bebiks is freaking amazing.
This is a tool to automate the bypassing of walled-off endpoints.
This plugin does 3 things right:
Rn, I think the 403 Bypasser Caido plugin from Bebiks is freaking amazing.
This is a tool to automate the bypassing of walled-off endpoints.
This plugin does 3 things right:
Great times with these gents
November 27, 2024 at 2:43 PM
Great times with these gents
Really sick research here
Handling Cookies is a Minefield:
Inconsistencies in the HTTP cookie specification and its implementations have caused a situation where countless websites (including Facebook, Netflix, Okta, WhatsApp, Apple, etc.) are one small mistake away from locking their users out.
grayduck.mn/2024/11/21/h...
Inconsistencies in the HTTP cookie specification and its implementations have caused a situation where countless websites (including Facebook, Netflix, Okta, WhatsApp, Apple, etc.) are one small mistake away from locking their users out.
grayduck.mn/2024/11/21/h...
November 27, 2024 at 1:06 PM
Really sick research here
Kinda came kicking and screaming to this app at the thought of having another app to open and post too, but I'm gonna give it a shot to see how the community is!
November 27, 2024 at 1:01 PM
Kinda came kicking and screaming to this app at the thought of having another app to open and post too, but I'm gonna give it a shot to see how the community is!