Bug Bounty Reports Discussed Grzegorz Niedziela

In this episode of the podcast, I interview Justin Gardner, the host of the Critical Thinking Bug Bounty Podcast who's been a full-time hunter for about 4 years. We talk about his methodology, tooling and many more!

📧 Subscribe to BBRE Premium: https://bbre.dev/premium
📖 Check out AppSecEngineer, the sponsor of today's video: https://www.appsecengineer.com
📣 Follow GUEST on Twitter: https://twitter.com/@rez0
✉️ Sign up for the mailing list: https://bbre.dev/nl
📣 Follow me on Twitter: https://bbre.dev/tw
In this interview we are discussing with rez0 a range of topics around AI - the new vulnerability opportunities it created, how can I help us in hacking and if it will replace us in the future.
Resources and people mentioned in the podcast:
https://olickel.com/everything-i-know-about-prompting-llms
https://www.anthropic.com/index/prompting-long-context
https://simonwillison.net
https://llm-attacks.org/zou2023universal.pdf
http://llm-attacks.org
BBRD podcast is also available on most popular podcast platforms:
https://open.spotify.com/show/6tLoJ5foOoZPPELwrHPBO4
https://podcasts.google.com/feed/aHR0cHM6Ly93d3cuc3ByZWFrZXIuY29tL3Nob3cvNTA3Mzc4MS9lcGlzb2Rlcy9mZWVk
https://podcasts.apple.com/us/podcast/bug-bounty-reports-discussed/id1583400215?uo=4

Timestamps:
00:00 Intro
00:32 Check out AppSecEngineer, the sponsor of this podcast
01:36 rez0's regular bug bounty hacking style
22:39 AI and hacking

In this episode, I interview Michał Bentkowski who specializes in crazy XSS bugs and now works on improving security of the browsers at Google.

In this episode with @NahamSec we are talking about bug bounty. Ben has a unique insight into mistakes beginners make since he's the biggest content creator in the bug bounty space and gets asked a lot of questions. We are talking about his methodology, the role of recon and much more.

In this podcast, I interview Yassine Aboukir - the winner of Most Valuable Hacker award at H1-303 Live hacking event. We talk about his bug bounty methodology, bounty vs pentesting as well as travelling, digital nomad lifestyle and doing sports.

In this podcast episode, I interview Shubham Shah - one of my biggest authorities in bug bounty space and expert in source code review who regularly finds 0days.

📧 Subscribe to BBRE Premium: https://bbre.dev/premium
✉️ Sign up for the mailing list: https://bbre.dev/nl
📣Follow me on Twitter: https://bbre.dev/tw
📣 Follow Shubs on Twitter: http://twitter.com/infosec_au/


Timestamps:
00:00 Intro
00:18 Shubs' background
13:04 Choosing good targets for finding 0days
20:41 How to audit the source code?
33:34 Who should consider a career as a full-time bug bounty hunter?
38:04 Sharing knowledge and disclosing 0days
45:54 What skills does Shubs pay attention to when recruiting security researchers?
48:48 AI in security research