Critical Thinking - Bug Bounty Podcast

Justin Gardner (Rhynorater) & Joel Margolis (teknogeek)
Critical Thinking - Bug Bounty Podcast

A "by Hackers for Hackers" podcast focused on technical content ranging from bug bounty tips, to write-up explanations, to the latest hacking techniques.

  1. HÁ 2 DIAS

    Episode 98: Team 82 Sharon Brizinov - The Live Hacking Polymath

    Episode 98: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner sits down with Sharon,to discuss his journey from early iOS development to leading a research team at Claroty. They address the differences between HackerOne and Pwn2Own, and talk through some intricacies of IoT security, and some less common IoT attack surfaces. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s Sponsor - ThreatLocker: Check out Network Control! https://www.criticalthinkingpodcast.io/tl-nc And AssetNote: Check out their ASMR board (no not that kind!) https://assetnote.io/asmr Today’s Guest: https://sharonbrizinov.com/ Resources The Claroty Research Team https://claroty.com/team82 Pwntools https://github.com/Gallopsled/pwntools Scan My SMS http://scanmysms.com Gotta Catch 'Em All: Phishing, Smishing, and the birth of ScanMySMS https://www.youtube.com/watch?v=EhNsXXbDp3U Timestamps (00:00:00) Introduction (00:03:31) Sharon's Origin Story (00:21:58) Transition to Bug Bounty and Pwn2Own vs HackerOne (00:47:05) IoT/ICS Hacking Methodology (01:10:13) Cloud to Device Communication (01:18:15) Bug replication and uncommon attack surfaces (01:30:58) Documentation tracker, reCaptcha bypass, and ScanMySMS

    1h44min
  2. 14 DE NOV.

    Episode 97: Bcrypt Hash Input Truncation & Mobile Device Threat Modeling

    Episode 97: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel jump into some cool news items, including a recent Okta Bcrypt vulnerability, insights into crypto bugs, and some intricacies of Android and Chrome security. They also explore the latest research from Portswigger on payload concealment techniques, and the introduction of the Lightyear tool for PHP exploits. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s Sponsor - ThreatLocker: Check out Network Control! https://www.criticalthinkingpodcast.io/tl-nc And AssetNote: Check out their ASMR board (no not that kind!) https://assetnote.io/asmr Resources Okta bcrypt Android Web Attack Surface Writeups Concealing payloads in URL credentials Dumping PHP files with Lightyear Limit maximum number of filter chains Dom-Explorer tool launched MultiHTMLParse JSON Crack Caido/Burp notes plugin Timestamps (00:00:00) Introduction (00:02:43) Okta Release and bcrypt (00:10:26) Android Web Attack Surface Writeups (00:20:21) More Portswigger Research (00:28:29) Lightyear and PHP filter chains (00:35:09) Dom-Explorer (00:45:24) The JSON Debate (00:49:59) Notes plugin for Burp and Caido

    53min
  3. 31 DE OUT.

    Episode 95: Attacking Chrome Extensions with MatanBer - Big Impact on the Client-Side

    Episode 95: In this episode of Critical Thinking - Bug Bounty Podcast In this episode, Justin is joined by MatanBer to delve into the intricacies of browser extensions. We talk about the structure and threat models, and cover things like service workers, extension pages, and isolated worlds. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s Sponsor - AssetNote. Listen to their podcast https://www.criticalthinkingpodcast.io/sspod Today’s Guest: https://x.com/MtnBer Resources Universal Code Execution by Chaining Messages in Browser Extensions https://spaceraccoon.dev/universal-code-execution-browser-extensions/ DOMLogger++ https://github.com/kevin-mizu/domloggerpp BBRE Metamask bug https://youtu.be/HnI0w156rtw?si=QixP8SX6JuRFz6PA Bench Press: Leaking Text Nodes with CSS https://blog.pspaul.de/posts/bench-press-leaking-text-nodes-with-css/ Timestamps: (00:00:00) Introduction (00:03:08) Structure & Threat Model for Browser Extension (00:28:28) Extension Attack scenarios (01:01:26) Attacking Extension Pages (01:26:35) Attacking Service Workers (01:46:23) Getting source code and dynamic debugging

    1h56min
  4. 24 DE OUT.

    Episode 94: Zendesk Fiasco & the CTBB Naughty List

    Episode 94: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel give their perspectives on the recent Zendesk fiasco and the ethical considerations surrounding it. They also highlight the launch of AuthzAI and some research from Ophion Security Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s Sponsor - AssetNote. Listen to their podcast https://www.criticalthinkingpodcast.io/sspod Resources: New music drop from our Boi YT https://x.com/realytcracker/status/1847599657569956099 AuthzAI https://authzai.com/ Ron Chan https://x.com/ngalongc Misconfigured User Auth Leads to Customer Messages https://www.ophionsecurity.com/post/live-chat-blog-1-misconfigured-user-auth-leads-to-customer-messages Zendesk Write-up https://gist.github.com/hackermondev/68ec8ed145fcee49d2f5e2b9d2cf2e52 Response from Zendesk https://gist.github.com/hackermondev/68ec8ed145fcee49d2f5e2b9d2cf2e52?permalink_comment_id=5232589#gistcomment-5232589 Timestamps (00:00:00) Introduction (00:05:29) AuthzAI and the return of Ron Chan (00:13:50) Ophion Security Research (00:18:12) Zendesk Drama

    49min
  5. 17 DE OUT.

    Episode 93: A Chat with Dr. Bouman - Life as a Hacker and a Doctor

    Episode 93: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Dr. Jonathan Bouman to discuss his unique journey as both a Hacker and a Healthcare Professional. We talk through how he balances his dual careers, some ethical considerations of hacking in the context of healthcare, and highlight some experiences he’s had with Amazon's bug bounty program. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Find the Hackernotes: https://blog.criticalthinkingpodcast.io/ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s Sponsor - ThreatLocker. Checkout their ThreatLocker Detect! https://www.criticalthinkingpodcast.io/tl-detect Today’s Guest - https://x.com/jonathanbouman?lang=en Resources Anyone can Access Deleted and Private Repository Data on GitHub Filesender Github Remote Code execution at ws1.aholdusa .com APK-MITM Hacking Dutch healthcare system Fitness Youtube Channels https://www.youtube.com/channel/UCpQ34afVgk8cRQBjSJ1xuJQ https://www.youtube.com/@BullyJuice Timestamps (00:00:00) Introduction (00:07:28) Medicine and Hacking (00:19:36) Hacking on Amazon (00:34:33) Collaboration and consistency (00:44:13) SSTI Methodology (01:06:10) iOS Hacking Methodology (01:13:23) Hacking Healthcare (01:32:19) Health tips for hacking

    1h41min
  6. 10 DE OUT.

    Episode 92 - SAML XPath Confusion, Chinese DNS Poisoning, and AI Powered 403 Bypasser

    Episode 92: In this episode of Critical Thinking - Bug Bounty Podcast In this episode Justin and Joel tackle a host of new research and write-ups, including Ruby SAML, 0-Click exploits in MediaTek Wi-Fi, and Vulnerabilities caused by The Great Firewall Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Find the Hackernotes: https://blog.criticalthinkingpodcast.io/ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s Sponsor - ThreatLocker. Checkout their ThreatLocker Detect! https://www.criticalthinkingpodcast.io/tl-detect Resources: Insecurity through Censorship Ruby-SAML / GitLab Authentication Bypass 0-Click exploit discovered in MediaTek Wi-Fi chipsets New Caido Plugin to Generate Wordlists Bebik’s 403 Bypassor CSPBypass Arb Read & Arb write on LLaMa.cpp by SideQuest XSS WAF Bypass One payload for all Timestamps (00:00:00) Introduction (00:02:08) Vulnerabilities Caused by The Great Firewall (00:07:25) Ruby SAML Bypass (00:19:55) 0-Click exploit discovered in MediaTek Wi-Fi chipsets (00:24:36) New Caido Wordlist Plugin (00:31:00) CSPBypass.com (00:35:37) Arb Read & Arb write on LLaMa.cpp by SideQuest (00:43:10) Helpful WAF Bypass

    48min
  7. 3 DE OUT.

    Episode 91: Zero to LHE in 9 Months (feat gr3pme)

    Episode 91: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner sits down with Critical Thinking’s own HackerNotes writer Brandyn Murtagh (gr3pme) to talk about his journey with Bug Bounty. We cover mentorship, networking and LHEs, ecosystem hacking, emotional regulation, and the need for self-care. Then we wrap up with some fun bugs. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Find the Hackernotes: https://blog.criticalthinkingpodcast.io/ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Shop our new swag store at ctbb.show/swag Today’s Sponsor: Project Discovery - tldfinder: https://www.criticalthinkingpodcast.io/tldfinder Today’s guest: https://x.com/gr3pme Resources: Lessons Learned for LHEs https://x.com/Rhynorater/status/1579499221954473984 Timestamps: (00:00:00) Introduction (00:07:02) Mentorship in Bug Bounty (00:16:30) LHE lessons, takeaways, and the benefit of feedback and networking (00:41:28) Choosing Targets (00:49:03) Vuln Classes (00:58:54) Bug Reports

    1h23min
5
de 5
45 avaliações

Sobre

A "by Hackers for Hackers" podcast focused on technical content ranging from bug bounty tips, to write-up explanations, to the latest hacking techniques.

Você também pode gostar de

Para ouvir episódios explícitos, inicie sessão.

Fique por dentro deste podcast

Inicie sessão ou crie uma conta para seguir podcasts, salvar episódios e receber as atualizações mais recentes.

Selecionar um país ou região

África, Oriente Médio e Índia

Ásia‑Pacífico

Europa

América Latina e Caribe

Estados Unidos e Canadá