Episode 149: DEFCON Debrief: AI Vulns, Unicode Weirdness, and Wild Vulnerability Chains

Episode 154: In this episode of Critical Thinking - Bug Bounty Podcast Joseph and Brandyn talk through the transition from Bug Bounty hunting to Pentesting. We cover diversifying income streams, the challenges of pricing for Pentests, legal considerations, and what Bug Hunters can bring to the Pentesting worldFollow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pme====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!====== Timestamps ======(00:00:00) Introduction(00:03:36) Starting a Pentesting Company (00:12:25) Advantages of Pentesting as a Bug Bounty Hunter(00:29:03) Pricing, Sales, and knowing your Market/Worth(00:36:21) Compliance in Pentests & Rapid-Fire Takaways

Episode 153: In this episode of Critical Thinking - Bug Bounty Podcast Matt Brown returns to talk with us about hacking robots, IOT hackbots, and his Zero-to-Hero Hardware Hacking Guide.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pme====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today’s Guest: Matt Brownhttps://x.com/nmatt0https://github.com/BrownFineSecurity/iothackbot====== Resources ======KeeYees USB Logic Analyzer DeviceSaleae logic analyzerXGecuHardware Hacking Tutorial by Make Me HackUART and SPI firmware extractionUART Root Shell on Linux RouterUART Shell Jail and Unlocked BootloaderChinese IP Camera Firmware ExtractionChip-Off Firmware Extraction====== Timestamps ======(00:00:00) Introduction(00:01:22) Incremental Session Token Story and Matt Brown Intro (00:10:42) Hardware Bug Bounty Scene & AI on Devices(00:24:30) Hacking Human Robot(00:41:33) Zero-to-Hero Hardware Hacking Guide(01:01:47) IOT Hackbot

Episode 152: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Sasi Levi from Noma Security to talk about AI and Agentic Security. We also talk about ForcedLeak, a Google Vertex Bug, and debate if Prompt Injection is a real Vuln.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pme====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.CHeck out our New Christmas Swag at https://ctbb.show/merch!Today's Sponsor: ThreatLocker. Check out ThreatLocker Elevation Controlhttps://ctbb.show/tl-ecAnd Noma Security! https://noma.security/Today’s Guest: https://x.com/sasi2103====== This Week in Bug Bounty ======Vercel Platform ProtectionDedicated HackerOne program for Vercel WAFYesWeHack Open Source ProgramsAndroid recon for Bug Bounty hunters====== Resources ======Sasi's Tweet from 2015ForcedLeak: AI Agent risks exposed in Salesforce AgentForceIs Prompt Injection a Vulnerability?====== Timestamps ======(00:00:00) Introduction(00:09:16) Google Vertex AI Bug(00:29:28) Sasi's Background and Bug Bounty Journey(00:38:55) Resources for AI and Agentic Security Methodology(00:50:34) ForcedLeak(01:02:06) Is Prompt Injection a Vuln?

Episode 151: In this episode of Critical Thinking - Bug Bounty Podcast we’re covering Client-side advanced topics. Justin talks Joseph (and us) through Third-Party Cookie Nuances, Iframe Tricks, URL Parsing, and more.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X:https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pme====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor: ThreatLocker. Check out ThreatLocker Elevation Controlhttps://ctbb.show/tl-ec====== Resources ======Nowasky's Tweet #1https://x.com/nowaskyjr/status/1993421017381744974Nowasky's Tweet #2https://x.com/nowaskyjr/status/1992717862398800081rep+ in Chrome DevToolshttps://x.com/BourAbdelhadi/status/1992622964077179229Terjanq Post from 2021https://x.com/terjanq/status/1421093136022048775====== Timestamps ======(00:00:00) Introduction(00:02:58) Client-side news & AI Updates(00:12:02) Third-Party Cookie Nuances & PostMessages(00:30:09) Iframe Tricks(00:47:43) URL Parsing, CSPTS, and Client-side Routes

Episode 150: In this episode of Critical Thinking - Bug Bounty Podcast we're highlighting some cool news and research, but not before expressing our gratitude to the Hacker community. We are so thankful for you all!Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pme====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor: ThreatLocker. Check out ThreatLocker Elevation Controlhttps://ctbb.show/tl-ec====== This Week in Bug Bounty ======Cache Overflow on Cloudflare====== Resources ======Breaking Oracle’s Identity ManagerWho Needs a Blind XSS?ASP.NET MVC View Engine Search PatternsHereticLesser known techniques for large-scale subdomain enumAntigravity – Known IssuesBug Bounty DailyCaido version of AssetNote Surf====== Timestamps ======(00:00:00) Introduction(00:09:47) Breaking Oracle’s Identity Manager & Who Needs a Blind XSS?(00:20:37) ASP.NET MVC View Engine Search Patterns & Heretic(00:29:04) Lesser known techniques for large-scale subdomain enum(00:35:29) Gemini 3 & Antigravity.(00:45:57) Bug Bounty Daily (00:52:42) Surf for Caido

Episode 149: In this episode of Critical Thinking - Bug Bounty Podcast The DEFCON videos are up, and Justin and Joseph talk through some of their favorites.Follow us on XGot any ideas and suggestions? Feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!====== Resources ======Unicode surrogates conversionPrompt. Scan. ExploitBreaking into thousands of cloud based VPNs with 1 bugExamining Access Control Vulnerabilities in GraphQLSmart Bus Smart HackingPasskeys PwnedBypassing Intent Destination ChecksGemini Agents in Google CalendarExploitation of DOM Clobbering Vuln at ScaleTheHulkSmart Devices, Dumb ResetsMac PRT Cookie Theft====== Timestamps ======(00:00:00) Introduction(00:10:10) Prompt. Scan. Exploit(00:23:52) Breaking into thousands of cloud based VPNs with 1 bug(00:33:25) Access Control Vulns in GraphQL, Smart Bus Hacking, & Passkeys Pwned(00:44:10) Bypassing Intent Destination Checks & Invoking Gemini Agents(00:57:08) DOM Clobbering, Mac PRT Cookie Theft, & Smart Devices, Dumb Resets

Episode 148: In this episode of Critical Thinking - Bug Bounty Podcast Justin gives us a crash course on Model Context Protocol.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pme====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!====== Timestamps ======(00:00:00) Introduction(00:02:51) MCP Architecture & Authentication(00:13:08) Roots, Sampling, & Elicitation(00:19:15) Tools and Resources

Episode 147: In this episode of Critical Thinking - Bug Bounty Podcast we're talking tips and tricks that help us in hacking that we really should’ve learned sooner.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pme====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor: ThreatLocker. Check out ThreatLocker Network Controlhttps://www.criticalthinkingpodcast.io/tl-nc====== This Week in Bug Bounty ======Netscaler's new programhttps://hackerone.com/netscaler_public_program?type=teamThe ultimate Bug Bounty guide to HTTP request smuggling vulnerabilitieshttps://www.yeswehack.com/learn-bug-bounty/http-request-smuggling-guide-vulnerabilitiesHackers now have 2 Request-a-Responsehttps://docs.bugcrowd.com/changelog/researchers/request-a-response-researcher/Evan Connelly Spotlighthttps://www.bugcrowd.com/blog/hacker-spotlight-evan-connelly/Epic Games Jobs OpeningsJobs.ctbb.show====== Timestamps ======(00:00:00) Introduction(00:09:23) Command Palette, Auto-decoding, & Evenbetter(00:17:28) Chrome Devtools Edit as html & Raycast(00:33:23) ffuf -request flag(00:41:33) JXScout(00:48:55) Conditional Breakpoints in Devtools & Lightning round tips

Episode 146: In this episode of Critical Thinking - Bug Bounty Podcast Justin, Joseph, and Brandyn all sit down to celebrate the spooky season by swapping their scariest bug stories. From frightening fails and firings to hacks with chilling and critical consequences. Grab your flashlight and a blanket for this one!Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pme====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor: ThreatLocker. Check out ThreatLocker Network Controlhttps://www.criticalthinkingpodcast.io/tl-nc====== This Week in Bug Bounty ======Methodology tips from top Bug Bounty huntersYesWeHack marks first year of partnership with Singapore’s GovernmentHackerOne Hacker-Powered Security Report====== Resources ======Critical Research LabHacking the World Poker Tour: Inside ClubWPT Gold’s Back OfficeFile Creation via SQLite Injection====== Timestamps ======(00:00:00) Introduction(00:10:11) Crit Research Lab News(00:21:31) Hacking the World Poker Tour & File Creation via SQLite Injection(00:30:40) Brandyn's Spooky Bug(00:38:02) Joseph's Spooky Bug(00:44:18) Justin's Spooky Bug(00:54:44) Banking Bugs, LHE Scares, and Workday weirdness.(01:14:52) Firings and failures(01:22:49) Bank Bug Redux(01:35:55) Wedding planning/registry app & Amazon Rufus bugs(01:40:52) New Relic bug

Episode 145: In this episode of Critical Thinking - Bug Bounty Podcast Brandyn lets us in on some of his notetaking tips, including his Templates, Threat Modeling, and ways he uses notes to help with collaboration.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, Rez0, & gr3pme on Twitter:https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pme====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor: ThreatLocker. Check out ThreatLocker Network Controlhttps://www.criticalthinkingpodcast.io/tl-nc====== This Week in Bug Bounty ======The minefield between syntaxeshttps://www.yeswehack.com/learn-bug-bounty/syntax-confusion-ambiguous-parsing-exploits====== Resources ======Brandyn's Notion Templatehttps://terrific-dart-70e.notion.site/Example-Target-CTBB-294f4ca0f42481cca0b0ca6ac0a7c81d====== Timestamps ======(00:00:00) Introduction(00:07:25) Templates, Target, and Tech Stack(00:13:33) Threat Modeling and Attack Vectors