Critical Thinking - Bug Bounty Podcast

• Episode 149: DEFCON Debrief: AI Vulns, Unicode Weirdness, and Wild Vulnerability Chains

  Episode 149: In this episode of Critical Thinking - Bug Bounty Podcast The DEFCON videos are up, and Justin and Joseph talk through some of their favorites.Follow us on XGot any ideas and suggestions? Feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!====== Resources ======Unicode surrogates conversionPrompt. Scan. ExploitBreaking into thousands of cloud based VPNs with 1 bugExamining Access Control Vulnerabilities in GraphQLSmart Bus Smart HackingPasskeys PwnedBypassing Intent Destination ChecksGemini Agents in Google CalendarExploitation of DOM Clobbering Vuln at ScaleTheHulkSmart Devices, Dumb ResetsMac PRT Cookie Theft====== Timestamps ======(00:00:00) Introduction(00:10:10) Prompt. Scan. Exploit(00:23:52) Breaking into thousands of cloud based VPNs with 1 bug(00:33:25) Access Control Vulns in GraphQL, Smart Bus Hacking, & Passkeys Pwned(00:44:10) Bypassing Intent Destination Checks & Invoking Gemini Agents(00:57:08) DOM Clobbering, Mac PRT Cookie Theft, & Smart Devices, Dumb Resets

  --------  

  1:02:33

  --------

  1:02:33
• Episode 148: MCP Hacking Guide

  Episode 148: In this episode of Critical Thinking - Bug Bounty Podcast Justin gives us a crash course on Model Context Protocol.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pme====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!====== Timestamps ======(00:00:00) Introduction(00:02:51) MCP Architecture & Authentication(00:13:08) Roots, Sampling, & Elicitation(00:19:15) Tools and Resources

  --------  

  32:26

  --------

  32:26
• Episode 147: Stupid Simple Hacking Workflow Tips

  Episode 147: In this episode of Critical Thinking - Bug Bounty Podcast we're talking tips and tricks that help us in hacking that we really should’ve learned sooner.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pme====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor: ThreatLocker. Check out ThreatLocker Network Controlhttps://www.criticalthinkingpodcast.io/tl-nc====== This Week in Bug Bounty ======Netscaler's new programhttps://hackerone.com/netscaler_public_program?type=teamThe ultimate Bug Bounty guide to HTTP request smuggling vulnerabilitieshttps://www.yeswehack.com/learn-bug-bounty/http-request-smuggling-guide-vulnerabilitiesHackers now have 2 Request-a-Responsehttps://docs.bugcrowd.com/changelog/researchers/request-a-response-researcher/Evan Connelly Spotlighthttps://www.bugcrowd.com/blog/hacker-spotlight-evan-connelly/Epic Games Jobs OpeningsJobs.ctbb.show====== Timestamps ======(00:00:00) Introduction(00:09:23) Command Palette, Auto-decoding, & Evenbetter(00:17:28) Chrome Devtools Edit as html & Raycast(00:33:23) ffuf -request flag(00:41:33) JXScout(00:48:55) Conditional Breakpoints in Devtools & Lightning round tips

  --------  

  58:48

  --------

  58:48
• Episode 146: Hacking Horror Stories

  Episode 146: In this episode of Critical Thinking - Bug Bounty Podcast Justin, Joseph, and Brandyn all sit down to celebrate the spooky season by swapping their scariest bug stories. From frightening fails and firings to hacks with chilling and critical consequences. Grab your flashlight and a blanket for this one!Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pme====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor: ThreatLocker. Check out ThreatLocker Network Controlhttps://www.criticalthinkingpodcast.io/tl-nc====== This Week in Bug Bounty ======Methodology tips from top Bug Bounty huntersYesWeHack marks first year of partnership with Singapore’s GovernmentHackerOne Hacker-Powered Security Report====== Resources ======Critical Research LabHacking the World Poker Tour: Inside ClubWPT Gold’s Back OfficeFile Creation via SQLite Injection====== Timestamps ======(00:00:00) Introduction(00:10:11) Crit Research Lab News(00:21:31) Hacking the World Poker Tour & File Creation via SQLite Injection(00:30:40) Brandyn's Spooky Bug(00:38:02) Joseph's Spooky Bug(00:44:18) Justin's Spooky Bug(00:54:44) Banking Bugs, LHE Scares, and Workday weirdness.(01:14:52) Firings and failures(01:22:49) Bank Bug Redux(01:35:55) Wedding planning/registry app & Amazon Rufus bugs(01:40:52) New Relic bug

  --------  

  1:50:38

  --------

  1:50:38
• Episode 145: Gr3pme's Secret: Bug Bounty Note Taking Methodology

  Episode 145: In this episode of Critical Thinking - Bug Bounty Podcast Brandyn lets us in on some of his notetaking tips, including his Templates, Threat Modeling, and ways he uses notes to help with collaboration.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, Rez0, & gr3pme on Twitter:https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pme====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor: ThreatLocker. Check out ThreatLocker Network Controlhttps://www.criticalthinkingpodcast.io/tl-nc====== This Week in Bug Bounty ======The minefield between syntaxeshttps://www.yeswehack.com/learn-bug-bounty/syntax-confusion-ambiguous-parsing-exploits====== Resources ======Brandyn's Notion Templatehttps://terrific-dart-70e.notion.site/Example-Target-CTBB-294f4ca0f42481cca0b0ca6ac0a7c81d====== Timestamps ======(00:00:00) Introduction(00:07:25) Templates, Target, and Tech Stack(00:13:33) Threat Modeling and Attack Vectors

  --------  

  28:17

  --------

  28:17

More Technology podcasts

Trending Technology podcasts

About Critical Thinking - Bug Bounty Podcast