Critical Thinking - Bug Bounty Podcast Episode 149: DEFCON Debrief: AI Vulns, Unicode Weirdness, and Wild Vulnerability Chains
12 snips
Nov 20, 2025 This week, hosts dive into highlights from DEFCON, discussing groundbreaking research on exploiting cloud VPNs and the security pitfalls of smart devices. They explore the curious world of Unicode surrogates and their impact on database queries. The conversation moves to the risks associated with passkeys and potential vulnerabilities in GraphQL access controls. Not to be missed, they dissect innovative techniques for DOM clobbering and the clever use of calendar invites for security breaches. Tune in for insights on hacking and cutting-edge tools!
AI Snips
Chapters
Transcript
Episode notes
Probe SAML With Your Own Tenant And Signed Requests
- Test SAML by creating your own tenant and signed requests to see if signature validation ties to tenant fields rather than values.
- Manipulate signed fields and test cross-tenant signatures to detect common SAML implementation flaws.
Property-Level Auth Is A GraphQL Blindspot
- GraphQL bugs often appear at property-level authorization: object access may be allowed while specific fields should be hidden.
- Testing must check both object-level and property-level auth to find subtle exposures.
From Free Wi‑Fi To Full Bus Control
- A researcher remotely took control of an entire bus fleet by chaining open Wi‑Fi, default creds, and exposed admin panels.
- The talk showed fast pivots from free Wi‑Fi to admin access, recordings, and global controls for buses in the city.