About this episode
Episode 135: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Ryan Barnett for a deep dive on WAFs. We also recap his Exploiting Unicode Normalization talk from DEFCON, and get his perspective on bug hunting from his time at Akamai. Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today’s Sponsor - ThreatLocker. Checkout ThreatLocker Detect! https://www.criticalthinkingpodcast.io/tl-detectToday’s Guest: https://x.com/ryancbarnett====== Resources ======Accidental Stored XSS Flaw in Zemanta 'Related Posts' Plugin for TypePadhttps://webappdefender.blogspot.com/2013/04/accidental-stored-xss-flaw-in-zemanta.htmlXSS Street-Fighthttps://media.blackhat.com/bh-dc-11/Barnett/BlackHat_DC_2011_Barnett_XSS%20Streetfight-Slides.pdfBlackhat USA 2025 - Lost in Translation: Exploiting Unicode Normalizationhttps://www.blackhat.com/us-25/briefings/schedule/#lost-in-translation-exploiting-unicode-normalization-
