247 - Hacking Google AI and SAML [Bug Bounty Podcast]

A shorter episode this week, featuring some vulnerabilities impacting Google's AI and a SAML auth bypass.

Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/247.html

[00:00:00] Introduction
[00:00:31] We Hacked Google A.I. for $50,000
[00:17:26] SAML authentication bypass vulnerability in RobotsAndPencils/go-saml [CVE-2023-48703]
[00:22:17] Exploiting CSP Wildcards for Google Domains
[00:26:11] ReqsMiner: Automated Discovery of CDN Forwarding Request Inconsistencies and DoS Attacks with Grammar-based Fuzzing

The DAY[0] Podcast episodes are streamed live on Twitch twice a week:
-- Mondays …

auth authentication authentication bypass automated bounty bug bug bounty bypass bypass vulnerability cdn csp cve discovery domains exploiting forwarding google google ai hacked hacking hacking google introduction podcast request saml vulnerabilities vulnerability week wildcards