BBJP_Podcast #14

https://is1-ssl.mzstatic.com/image/thumb/Podcasts221/v4/f4/44/d0/f444d075-42d3-2dc8-5a6b-973c014d5f9a/mza_12836601340933338004.jpg/600x600bb.jpg

Bug Bounty JP Podcast

morioka12

16 episodes

1 week ago

Bug Bounty JP Podcast (BBJP_Podcast) バグバウンティなどを対象にバグハントすることが趣味なメンバーによるセキュリティ雑談のポッドキャスト (ハッシュタグ: #BBJP_Podcast )

Technology

RSS

All content for Bug Bounty JP Podcast is the property of morioka12 and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Technology

https://d3t3ozftmdmh3i.cloudfront.net/staging/podcast_uploaded_nologo/40512729/40512729-1708590391393-4585713e9d324.jpg

BBJP_Podcast #14

Bug Bounty JP Podcast

1 hour 20 minutes 43 seconds

7 months ago

BBJP_Podcast #14

【Episode 14】

Speakers

Summary (Linkのみ)

[大テーマ] 最近の取り組みについて

Burp Suite Extension "Autorize"
- https://github.com/Quitten/Autorize/
Web Security Auditing Toolkit "Caido"
- https://caido.io/
Caido Plugin "CaidoReflector"
- https://github.com/bebiksior/CaidoReflector
Caido Plugin "ui-kit"
- https://x.com/caidoio/status/1904542918641160441
Caido Plugin "devtools"
- https://github.com/caido-community/devtools
Caido Plugin "ParamFinder"
- https://github.com/bebiksior/ParamFinder
Caido Plugin "Shift"
- https://shiftplugin.com/
HTTPS Proxy "mitmproxy"
- https://mitmproxy.org/
- https://github.com/mitmproxy/mitmproxy
SECCON CTF 13 Finals "not-that-short Challenge": creator RyotaK
- https://x.com/ryotkak/status/1897299540598006249
Critical Thinking - Bug Bounty Podcast "Ep 115": guest mokusou
- https://youtu.be/zELFGXP6oeA
P3NFST 2025 Winter "開催レポート"
- https://issuehunt.jp/events/2025/winter/news/thanks
P3NFEST 2025 Winte "コードから探す脆弱性": by RyotaK
- https://ryotak.net/slides/?id=1
セキュリティ診断AIエージェント "Takumi"
- https://flatt.tech/takumi
CVE-2025-29768 "potential data loss with zip.vim and special crafted zip files"
- https://github.com/vim/vim/security/advisories/GHSA-693p-m996-3rmf
CVE-2025-27423 "potential code execution with tar.vim and special crafted tar files"
- https://github.com/vim/vim/security/advisories/GHSA-wfmf-8626-q3r3
語学アプリ "Duolingo"
- https://www.duolingo.com/
P3NFEST 2025 Winte "実践的なバグバウンティ入門(2025年版)"
- https://speakerdeck.com/scgajge12/shi-jian-de-nabagubaunteiru-men-2025nian-ban
セキュリティ若手の会 "第2回 LT&交流会開催記ブログ"
- https://zenn.dev/sec_wakate/articles/3891a59ab0b4fb

[中テーマ] トレンドの出来事や脆弱性についてなど

CVE-2025-29927 "Authorization Bypass in Next.js Middleware"
- https://github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw
Next.js and the corrupt middleware: the authorizing artifact
- https://zhero-web-sec.github.io/research-and-things/nextjs-and-the-corrupt-middleware
One PUT Request to Own Tomcat: CVE-2025-24813 RCE is in the Wild
- https://lab.wallarm.com/one-put-request-to-own-tomcat-cve-2025-24813-rce-is-in-the-wild/
IngressNightmare: 9.8 Critical Unauthenticated Remote Code Execution Vulnerabilities in Ingress NGINX
- https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities
HackerOne "Hai"
- https://x.com/jobertabma/status/1904947501649830366
Bug Bounty Village CFP
- https://x.com/BugBountyDEFCON/status/1902853396257710489

[Q&A] なし

Web Page

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://bugbountyjppodcast.notion.site/Bug-Bounty-JP-Podcast-8bf1080383a54c4a8848f10bfeb874b3?pvs=4⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Survery

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://forms.gle/wkr2jkc3m9o8NhPk7⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

BBJP_Podcast で話して欲しいテーマや聞きたいことなどを Google Form で募集しています。

感想も X(Twitter)でハッシュタグ「#BBJP_Podcast」や Google Formでいただけると嬉しいです。