Episode 70: NahamCon and CSP Bypasses Everywhere

Episode 70: In this episode of Critical Thinking - Bug Bounty Podcast we’re once again joined by Ben Sadeghipour to talk about some Nahamcon news, as well as discuss a couple other LHE’s taking place. Then they cover CI/CD and drop some cool CSP Bypasses.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Today's Sponsor - Project Discovery: https://nux.gg/podcastToday’s Guest: https://twitter.com/NahamSechttps://www.nahamcon.com/Resources:Depihttps://www.landh.tech/depiYoutube CSP:https://www.youtube.com/oembed?callback=alert()Maps CSP:https://maps.googleapis.com/maps/api/js?callback=alert()-printGoogle APIs CSPhttps://www.googleapis.com/customsearch/v1?callback=alert(1)Google CSPhttps://www.google.com/complete/search?client=chrome&q=123&jsonp=alert(1)//CSP Bypass for opener.child.child.child.click()https://octagon.net/blog/2022/05/29/bypass-csp-using-wordpress-by-abusing-same-origin-method-execution/Timestamps:(00:00:00) Introduction(00:02:55) BSides Takeaways and hacking on Meta(00:12:12) NahamCon News(00:23:45) CI/CD and the launch of Depi(00:33:29) CSP Bypasses