Critical Thinking - Bug Bounty Podcast

Justin Gardner (Rhynorater) & Joel Margolis (teknogeek)
Critical Thinking - Bug Bounty Podcast

A "by Hackers for Hackers" podcast focused on technical content ranging from bug bounty tips, to write-up explanations, to the latest hacking techniques.

  1. 4 NGÀY TRƯỚC

    Episode 101: CTBB Hijacked: Rez0__ on AI Attack Vectors with Johann Rehberger

    Episode 101: In this episode of Critical Thinking - Bug Bounty Podcast we’ve been hijacked! Rez0 takes control of this episode, and sits down with Johann Rehberger to discuss the intricacies of AI application vulnerabilities. They talk through the importance of understanding system prompts, and various obfuscation techniques used to bypass security measures, the best AI platforms, and the evolving landscape of AI security. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s Sponsor - ThreatLocker. Check out their Elevation Control! https://www.criticalthinkingpodcast.io/tl-ec Today’s Guest: https://x.com/wunderwuzzi23 Resources Johann's blog https://embracethered.com/blog/ zombais https://embracethered.com/blog/posts/2024/claude-computer-use-c2-the-zombais-are-coming/ Copirate https://embracethered.com/blog/posts/2024/m365-copilot-prompt-injection-tool-invocation-and-data-exfil-using-ascii-smuggling/ Timestamps (00:00:00) Introduction (00:01:59) Biggest things to look for in AI hacking (00:11:58) Best AI companies to hack on (00:15:59) URL Redirects and Obfuscation Techniques (00:24:05) Copirate (00:35:50) prompt injection guardrails and threats

    51 phút

  2. 5 THG 12

    Ep 100 - 8 Fav Bugs of 2024, Farewell Joel, Hello Shift - Cursor of Hacking

    Episode 100: In this episode of Critical Thinking - Bug Bounty Podcast we have a mixed bag. We celebrate 100 episodes of Critical Thinking, but also bid farewell to Joel, who will be leaving the show as a co-host, but returning as guest. Then we hear from a bunch of friends about their 'best bug of the year', before capping the episode with the announcement of a new AI tool we've been working on! Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Resources Delorean https://github.com/jselvi/Delorean Shift shiftwaitlist.com Timestamps (00:00:00) Introduction (00:07:32) Nagli (00:19:09) Shubs (00:35:00) Matt Brown (00:39:42) Matanber (00:57:52) Douglas Day (01:05:18) Alex Chapman (01:15:02) Nahamsec (01:25:45) Rez0 (01:28:20) Shift Announcement

    1 giờ 42 phút

  3. 28 THG 11

    Episode 99: Back to the Basics - Web Fundamental to 100k a Year in Bug Bounty

    Episode 99: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Roni dissect an old thread of Justin's talking about how best to start bug bounty with the goal of making $100k in the first year. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s Sponsor - AssetNote: Check out their ASMR board (no not that kind!) https://assetnote.io/asmr Today’s Guest - https://x.com/0xLupin Resources Justin's Twitter Thread https://x.com/Rhynorater/status/1699395452481769867 Timestamps (00:00:00) Introduction (00:03:00) Web Fundamentals Education (00:46:01) Threat Modeling and Hacking Goals (01:18:58) Vuln Types and finding Specialization

    1 giờ 43 phút

  4. 21 THG 11

    Episode 98: Team 82 Sharon Brizinov - The Live Hacking Polymath

    Episode 98: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner sits down with Sharon,to discuss his journey from early iOS development to leading a research team at Claroty. They address the differences between HackerOne and Pwn2Own, and talk through some intricacies of IoT security, and some less common IoT attack surfaces. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s Sponsor - ThreatLocker: Check out Network Control! https://www.criticalthinkingpodcast.io/tl-nc And AssetNote: Check out their ASMR board (no not that kind!) https://assetnote.io/asmr Today’s Guest: https://sharonbrizinov.com/ Resources The Claroty Research Team https://claroty.com/team82 Pwntools https://github.com/Gallopsled/pwntools Scan My SMS http://scanmysms.com Gotta Catch 'Em All: Phishing, Smishing, and the birth of ScanMySMS https://www.youtube.com/watch?v=EhNsXXbDp3U Timestamps (00:00:00) Introduction (00:03:31) Sharon's Origin Story (00:21:58) Transition to Bug Bounty and Pwn2Own vs HackerOne (00:47:05) IoT/ICS Hacking Methodology (01:10:13) Cloud to Device Communication (01:18:15) Bug replication and uncommon attack surfaces (01:30:58) Documentation tracker, reCaptcha bypass, and ScanMySMS

    1 giờ 44 phút

  5. 14 THG 11

    Episode 97: Bcrypt Hash Input Truncation & Mobile Device Threat Modeling

    Episode 97: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel jump into some cool news items, including a recent Okta Bcrypt vulnerability, insights into crypto bugs, and some intricacies of Android and Chrome security. They also explore the latest research from Portswigger on payload concealment techniques, and the introduction of the Lightyear tool for PHP exploits. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s Sponsor - ThreatLocker: Check out Network Control! https://www.criticalthinkingpodcast.io/tl-nc And AssetNote: Check out their ASMR board (no not that kind!) https://assetnote.io/asmr Resources Okta bcrypt Android Web Attack Surface Writeups Concealing payloads in URL credentials Dumping PHP files with Lightyear Limit maximum number of filter chains Dom-Explorer tool launched MultiHTMLParse JSON Crack Caido/Burp notes plugin Timestamps (00:00:00) Introduction (00:02:43) Okta Release and bcrypt (00:10:26) Android Web Attack Surface Writeups (00:20:21) More Portswigger Research (00:28:29) Lightyear and PHP filter chains (00:35:09) Dom-Explorer (00:45:24) The JSON Debate (00:49:59) Notes plugin for Burp and Caido

    53 phút

  6. 7 THG 11

    Episode 96: Cookies & Caching with MatanBer

    Episode 96: In this episode of Critical Thinking - Bug Bounty Podcast we’re back with Matanber to hit some stuff we ran out of time on last episode. We talk about advanced cookie parsing techniques and exploitation methods, Safari's unique behaviors regarding cookie handling and debugging methods, and some of the writeups from the HeroCTF v6. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s Guest: https://x.com/MtnBer Resources: Cookie Bugs - Smuggling & Injection https://blog.ankursundara.com/cookie-bugs/#:~:text=Cookie%20Smuggling iOS Webkit Debug Proxy https://github.com/google/ios-webkit-debug-proxy HeroCTF v6 Writeups https://mizu.re/post/heroctf-v6-writeups Timestamps (00:00:00) Introduction (00:01:29) Cookie exploits (00:21:32) Matan's Safari Adventure (00:29:49) HeroCTF 6 writeups

    49 phút

  7. 31 THG 10

    Episode 95: Attacking Chrome Extensions with MatanBer - Big Impact on the Client-Side

    Episode 95: In this episode of Critical Thinking - Bug Bounty Podcast In this episode, Justin is joined by MatanBer to delve into the intricacies of browser extensions. We talk about the structure and threat models, and cover things like service workers, extension pages, and isolated worlds. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s Sponsor - AssetNote. Listen to their podcast https://www.criticalthinkingpodcast.io/sspod Today’s Guest: https://x.com/MtnBer Resources Universal Code Execution by Chaining Messages in Browser Extensions https://spaceraccoon.dev/universal-code-execution-browser-extensions/ DOMLogger++ https://github.com/kevin-mizu/domloggerpp BBRE Metamask bug https://youtu.be/HnI0w156rtw?si=QixP8SX6JuRFz6PA Bench Press: Leaking Text Nodes with CSS https://blog.pspaul.de/posts/bench-press-leaking-text-nodes-with-css/ Timestamps: (00:00:00) Introduction (00:03:08) Structure & Threat Model for Browser Extension (00:28:28) Extension Attack scenarios (01:01:26) Attacking Extension Pages (01:26:35) Attacking Service Workers (01:46:23) Getting source code and dynamic debugging

    1 giờ 56 phút

  8. 24 THG 10

    Episode 94: Zendesk Fiasco & the CTBB Naughty List

    Episode 94: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel give their perspectives on the recent Zendesk fiasco and the ethical considerations surrounding it. They also highlight the launch of AuthzAI and some research from Ophion Security Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s Sponsor - AssetNote. Listen to their podcast https://www.criticalthinkingpodcast.io/sspod Resources: New music drop from our Boi YT https://x.com/realytcracker/status/1847599657569956099 AuthzAI https://authzai.com/ Ron Chan https://x.com/ngalongc Misconfigured User Auth Leads to Customer Messages https://www.ophionsecurity.com/post/live-chat-blog-1-misconfigured-user-auth-leads-to-customer-messages Zendesk Write-up https://gist.github.com/hackermondev/68ec8ed145fcee49d2f5e2b9d2cf2e52 Response from Zendesk https://gist.github.com/hackermondev/68ec8ed145fcee49d2f5e2b9d2cf2e52?permalink_comment_id=5232589#gistcomment-5232589 Timestamps (00:00:00) Introduction (00:05:29) AuthzAI and the return of Ron Chan (00:13:50) Ophion Security Research (00:18:12) Zendesk Drama

    49 phút
Xem tất cả (101)

5
/5
45 Xếp hạng

Giới Thiệu

A "by Hackers for Hackers" podcast focused on technical content ranging from bug bounty tips, to write-up explanations, to the latest hacking techniques.

Thông Tin

  • Nhà sáng tạo
    Justin Gardner (Rhynorater) & Joel Margolis (teknogeek)
  • Năm hoạt động
    2023 - 2024
  • Tập
    101
  • Xếp hạng
    Thô tục
  • Bản quyền
    © Critical Thinking Podcast
  • Trang web chương trình
    Critical Thinking - Bug Bounty Podcast

Có Thể Bạn Cũng Thích

Bạn cần đăng nhập để nghe các tập có chứa nội dung thô tục.

Luôn cập nhật thông tin về chương trình này

Đăng nhập hoặc đăng ký để theo dõi các chương trình, lưu các tập và nhận những thông tin cập nhật mới nhất.
Chọn quốc gia hoặc vùng

Châu Phi, Trung Đông và Ấn Độ

Châu Á Thái Bình Dương

Châu Âu

Châu Mỹ Latinh và Caribê

Hoa Kỳ và Canada