• Episode 97: Bcrypt Hash Input Truncation & Mobile Device Threat Modeling

  • Nov 14 2024
  • Length: 53 mins
  • Podcast

Episode 97: Bcrypt Hash Input Truncation & Mobile Device Threat Modeling

  • Summary

  • Episode 97: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel jump into some cool news items, including a recent Okta Bcrypt vulnerability, insights into crypto bugs, and some intricacies of Android and Chrome security. They also explore the latest research from Portswigger on payload concealment techniques, and the introduction of the Lightyear tool for PHP exploits.

    Follow us on twitter at: @ctbbpodcast

    We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

    Shoutout to YTCracker for the awesome intro music!

    ------ Links ------

    Follow your hosts Rhynorater & Teknogeek on twitter:

    https://twitter.com/0xteknogeek

    https://twitter.com/rhynorater

    ------ Ways to Support CTBBPodcast ------

    Hop on the CTBB Discord at https://ctbb.show/discord!

    We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

    Today’s Sponsor - ThreatLocker: Check out Network Control!

    https://www.criticalthinkingpodcast.io/tl-nc

    And AssetNote: Check out their ASMR board (no not that kind!)

    https://assetnote.io/asmr

    Resources

    Okta bcrypt

    Android Web Attack Surface Writeups

    Concealing payloads in URL credentials

    Dumping PHP files with Lightyear

    Limit maximum number of filter chains

    Dom-Explorer tool launched

    MultiHTMLParse

    JSON Crack

    Caido/Burp notes plugin

    Timestamps

    (00:00:00) Introduction

    (00:02:43) Okta Release and bcrypt

    (00:10:26) Android Web Attack Surface Writeups

    (00:20:21) More Portswigger Research

    (00:28:29) Lightyear and PHP filter chains

    (00:35:09) Dom-Explorer

    (00:45:24) The JSON Debate

    (00:49:59) Notes plugin for Burp and Caido

    Show More Show Less
activate_Holiday_promo_in_buybox_DT_T2

What listeners say about Episode 97: Bcrypt Hash Input Truncation & Mobile Device Threat Modeling

Average customer ratings

Reviews - Please select the tabs below to change the source of reviews.