NahamCon and CSP Bypasses Everywhere (Ep. 70)

Episode 70: In this episode of Critical Thinking - Bug Bounty Podcast we’re once again joined by Ben Sadeghipour to talk about some Nahamcon news, as well as discuss a couple other LHE’s taking place. Then they cover CI/CD and drop some cool CSP Bypasses.

Follow us on twitter at:   / ctbbpodcast  

We're new to this podcasting thing, so feel free to send us any feedback here: [email protected]

Shoutout to   / realytcracker   for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater & Teknogeek on twitter:

  / 0xteknogeek  

  / rhynorater  

====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Today's Sponsor - Project Discovery: https://nux.gg/podcast

Today’s Guest:   / nahamsec  
https://www.nahamcon.com/

Resources:
Depi
https://www.landh.tech/depi

Youtube CSP:
https://www.youtube.com/oembed?callba...)

Maps CSP:
https://maps.googleapis.com/maps/api/...

Google APIs CSP
https://www.googleapis.com/customsear...)

Google CSP
https://www.google.com/complete/searc...

CSP Bypass for opener.child.child.child.click()
https://octagon.net/blog/2022/05/29/b...

Timestamps:
(00:00:00) Introduction
(00:02:55) BSides Takeaways and hacking on Meta
(00:12:12) NahamCon News
(00:23:45) CI/CD and the launch of Depi
(00:33:29) CSP Bypasses