Episode 94: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel give their perspectives on the recent Zendesk fiasco and the ethical considerations surrounding it. They also highlight the launch of AuthzAI and some research from Ophion Security
Follow us on twitter at: @ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
------ Ways to Support CTBBPodcast ------
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Today’s Sponsor - AssetNote. Listen to their podcast https://www.criticalthinkingpodcast.io/sspod
Resources:
New music drop from our Boi YT
https://x.com/realytcracker/status/1847599657569956099
AuthzAI
https://authzai.com/
Ron Chan
https://x.com/ngalongc
Misconfigured User Auth Leads to Customer Messages
https://www.ophionsecurity.com/post/live-chat-blog-1-misconfigured-user-auth-leads-to-customer-messages
Zendesk Write-up
https://gist.github.com/hackermondev/68ec8ed145fcee49d2f5e2b9d2cf2e52
Response from Zendesk
https://gist.github.com/hackermondev/68ec8ed145fcee49d2f5e2b9d2cf2e52?permalink_comment_id=5232589#gistcomment-5232589
Timestamps
(00:00:00) Introduction
(00:05:29) AuthzAI and the return of Ron Chan
(00:13:50) Ophion Security Research
(00:18:12) Zendesk Drama