.NET Remoting, CDN Attack Surface, and Recon vs Main App (Ep. 64)

Episode 64: In this episode of Critical Thinking - Bug Bounty Podcast we talk about Justin and Joel delve into .NET remoting and how it can be exploited, a recent bypass in the Dom Purify library and some interesting functionality in the Cloudflare CDN-CGI endpoint. They also touch on the importance of collaboration and knowledge sharing, JavaScript Deobfuscation, the value of impactful POCs, hiding XSS payloads with URL path updates. ====== Links ====== Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Check out Project Discovery’s nuclei 3.2 release blog at nux.gg/podcast Resources: .NET Remoting https://code-white.com/blog/leaking-objrefs-to-exploit-http-dotnet-remoting/ https://github.com/codewhitesec/HttpRemotingObjRefLeak DOM Purify Bug https://blog.slonser.info/posts/dompurify-node-type-confusion/ Cloudflare /cdn-cgi/ https://developers.cloudflare.com/fundamentals/reference/cdn-cgi-endpoint/ https://portswigger.net/research/when-security-features-collide https://twitter.com/kinugawamasato/status/893404078365069312 https://twitter.com/m4ll0k/status/1770153059496108231 XSSDoctor's writeup on Javascript deobfuscation https://medium.com/@jad2121/javascript-deobfuscation-the-easy-way-637d7e9b2952 renniepak's tweet https://x.com/renniepak/status/1772262686761332893?s=20 Naffy's tweet https://twitter.com/nnwakelam/status/1769990551850377254 Timestamps: (00:00:00) Introduction (00:07:15) .Net Remoting (00:17:29) DOM Purify Bug (00:25:56) Cloudflare /cdn-cgi/ (00:37:11) Javascript deobfuscation (00:47:26) renniepak's tweet (00:55:20) Naffy's tweet