Episode 70: In this episode of Critical Thinking - Bug Bounty Podcast we’re once again joined by Ben Sadeghipour to talk about some Nahamcon news, as well as discuss a couple other LHE’s taking place. Then they cover CI/CD and drop some cool CSP Bypasses. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: [email protected] Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s Guest: https://twitter.com/NahamSec https://www.nahamcon.com/ Resources: Depi https://www.landh.tech/depi Youtube CSP: https://www.youtube.com/oembed?callback=alert() Maps CSP: https://maps.googleapis.com/maps/api/js?callback=alert()-print Google APIs CSP https://www.googleapis.com/customsearch/v1?callback=alert(1) Google CSP https://www.google.com/complete/search?client=chrome&q=123&jsonp=alert(1)// CSP Bypass for opener.child.child.child.click() https://octagon.net/blog/2022/05/29/bypass-csp-using-wordpress-by-abusing-same-origin-method-execution/ Timestamps: (00:00:00) Introduction (00:02:55) BSides Takeaways and hacking on Meta (00:12:12) NahamCon News (00:23:45) CI/CD and the launch of Depi (00:33:29) CSP Bypasses