Episode 75: In this episode of Critical Thinking - Bug Bounty Podcast, Justin and Joel are sick, So instead of a new full episode, we're going back 30 episodes to review. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: [email protected] Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord! Today's Guest: https://twitter.com/fransrosen Detectify Discovering s3 subdomain takeovers https://labs.detectify.com/writeups/hostile-subdomain-takeover-using-heroku-github-desk-more/ bucket-disclose.sh https://gist.github.com/fransr/a155e5bd7ab11c93923ec8ce788e3368 A deep dive into AWS S3 access controls Attacking Modern Web Technologies Live Hacking like a MVH Account hijacking using Dirty Dancing in sign-in OAuth flows Timestamps: (00:00:00) Introduction (00:11:41) Franz Rosen's Bug Bounty Journey and Detectify (00:20:21) Pseudo-code, typing, and thinking like a dev (00:27:11) Hunter Methodologies and automationists (00:42:31) Time on targets, Iteration vs. Ideation (00:58:01) S3 subdomain takeovers (01:11:53) Blog posting and hosting motivations (01:20:21) Detectify and entrepreneurial endeavors (01:36:41) Attacking Modern Web Technologies (01:52:51) postMessage and MessagePort (02:05:00) Live Hacking and Collaboration (02:20:41) Account Hijacking and OAuth Flows (02:35:39) Hacking + Parenthood