Critical Thinking - Bug Bounty Podcast

• Episode 127: Drama, PDF as JS Chaos, Bounty Profile Apps, And More

  Episode 127: In this episode of Critical Thinking - Bug Bounty Podcast we address some recent bug bounty controversy before jumping into a slew of news itemsFollow us on XShoutout to YTCracker for the awesome intro music!Today's Sponsor: Adobe====== This Week In Bug Bounty ======Hackers Guide to Google dorkingYesWeCaidoNew Dojo ChallengeSmart Contract BB tipsRed Team AAS====== Resources ======DisclosedPDF csp bypassBypassing File Upload Restrictions To Exploit Client-Side Path TraversalOBS WebSocket to RCETime in a bottle (or knapsack)How to Differentiate Yourself as a Bug Bounty HunterDisclosed. Onlinehacked-in‘EchoLeak’Piloting Edge CopilotNewtownerTips for agent promptingFirefox XSS vectorsTweet from Masato KinugawaChrome debug() function

  --------  

  1:07:25
• Episode 126: Hacking AI Series: Vulnus ex Machina - Part 3

  Episode 126: In this episode of Critical Thinking - Bug Bounty Podcast we wrap up Rez0’s AI miniseries ‘Vulnus Ex Machina’. Part 3 includes a showcase of AI Vulns that Rez0 himself has found, and how much they paid out.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today’s Sponsor - ThreatLocker Web Controlhttps://www.criticalthinkingpodcast.io/tl-webcontrol====== Resources ======Claude Code System PromptAttacking AI AgentsProbability of HacksNew Gemini for Workspace Vulnerability Enabling Phishing & Content ManipulationHow to Hack AI Agents and Applications====== Timestamps ======(00:00:00) Introduction(00:02:53) NahamCon Recap, Claude news, and wunderwuzzi writeups (00:08:57) Probability of Hacks(00:11:27) First AI Vulnerabilities(00:18:57) AI Vulns on Google (00:25:11) Invisible prompt Injection

  --------  

  38:32
• Episode 125: How to Win Live Hacking Events

  Episode 125: In this episode of Critical Thinking - Bug Bounty Podcast Justin shares insights on how to succeed at live hacking events. We cover pre-event preparations, challenges of collaboration, on-site strategies, and the importance of maintaining a healthy mindset throughout the entire process.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!====== This Week in Bug Bounty ======Decathlon Public Bug Bounty Program on YesWeHack====== Resources ======The Ultimate Double-Clickjacking PoCGrafana Full read SSRF and Account Takeover: CVE-2025-4123Grafana CVE-2025-4123 ExploitWhat I learned from my first 100 HackerOne ReportsRoot for your friends====== Timestamps ======(00:00:00) Introduction(00:02:30) The Ultimate Double-Clickjacking PoC, Grafana CVE, & Evan Connelly's first 100 bugs(00:10:23) How to win at Live Hacking Events(00:11:53) Pre-event(00:11:45) Scope Call(00:33:11) Dupe window Ends(00:36:00) Onsite & and Day of Event(00:42:46) Don't define your identity on the outcome

  --------  

  47:04
• Episode 124: Bug Bounty Lifestyle = Less Hacking Time?

  Episode 124: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph cover some news from around the community, hitting on Joseph’s Anthropic safety testing, Justin’s guest appearance on For Crying Out Cloud, and several fascinating tweets. Then they have a quick Full-time Bug Bounty check-in.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today’s Sponsor - ThreatLocker Web Controlhttps://www.criticalthinkingpodcast.io/tl-webcontrol====== This Week in Bug Bounty ======Louis Vuitton Public Bug Bounty ProgramCVE-2025-47934 was discovered on one of our Bug Bounty program : OpenPGP.jsStored XSS in File Upload Leads to Privilege Escalation and Full Workspace Takeover====== Resources ======Jorian tweetClipjacking: Hacked by copying text - Clickjacking but betterCrying out Cloud AppearanceWiz Research takes 1st place in Pwn2Own AI categoryNew XSS vector with image tag====== Timestamps ======(00:00:00) Introduction(00:10:50) Supabase(00:13:47) Tweet-research from Jorian and Wyatt Walls.(00:20:24) Anthropic safety testing challenge & Wiz Podcast guest appearance(00:27:44) New XSS vector, Google i/o, and coding agents(00:35:48) Full Time Bug Bounty

  --------  

  45:26
• Episode 123: Hacking AI Series: Vulnus ex Machina - Part 2

  Episode 123: In this episode of Critical Thinking - Bug Bounty Podcast we’re back with part 2 of Rez0’s miniseries. Today we talk about mastering Prompt Injection, taxonomy of impact, and both triggering traditional Vulns and exploiting AI-specific features.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter:https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today’s Sponsor - ThreatLocker User Storehttps://www.criticalthinkingpodcast.io/tl-userstore====== This Week in Bug Bounty ======Earning a HackerOne 2025 Live Hacking Invitehttps://www.hackerone.com/blog/earning-hackerone-2025-live-hacking-inviteHTTP header hacks: basic and advanced exploit techniques exploredhttps://www.yeswehack.com/learn-bug-bounty/http-header-exploitation====== Resources ======Grep.apphttps://vercel.com/blog/migrating-grep-from-create-react-app-to-next-jsGemini 2.5 Pro prompt leakhttps://x.com/elder_plinius/status/1913734789544214841Pliny's CL4R1T4Shttps://github.com/elder-plinius/CL4R1T4SO3https://x.com/pdstat/status/1913701997141803329====== Timestamps ======(00:00:00) Introduction(00:05:25) Grep.app, O3, and Gemini 2.5 Pro prompt leak(00:11:09) Delivery and impactful action(00:20:44) Mastering Prompt Injection(00:30:36) Traditional vulns in Tool Calls, and AI Apps(00:37:32) Exploiting AI specific features

  --------  

  44:12

Weitere Technologie Podcasts

Trending Technologie Podcasts

Über Critical Thinking - Bug Bounty Podcast