Episode 112: In this episode of Critical Thinking - Bug Bounty Podcast Joseph Thacker is joined by Ciarán Cotter (Monke) to share his bug hunting journey and give us the rundown on some recent client-side and server-side bugs. Then they discuss WebSockets, SaaS security, and cover some AI news including Grok 3, Nuclei -AI Flag, and some articles by Johann Rehberger.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater and Rez0 on Twitter:
https://x.com/Rhynorater
https://x.com/rez0__
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today’s Guest - Ciarán Cotter
====== Resources ======
Msty
https://msty.app/
From Day Zero to Zero Day
https://nostarch.com/zero-day
Nuclei - ai flag
https://x.com/pdiscoveryio/status/1890082913900982763
ChatGPT Operator: Prompt Injection Exploits & Defenses
https://embracethered.com/blog/posts/2025/chatgpt-operator-prompt-injection-exploits/
Hacking Gemini's Memory with Prompt Injection and Delayed Tool Invocation
https://embracethered.com/blog/posts/2025/gemini-memory-persistence-prompt-injection/
====== Timestamps ======
(00:00:00) Introduction
(00:01:04) Bug Rundowns
(00:13:05) Monke's Bug Bounty Background
(00:20:03) Websocket Research
(00:34:01) Connecting Hackers with Companies
(00:34:56) Grok 3, Msty, From Day Zero to Zero Day
(00:42:58) Full time Bug Bounty, SaaS security, and Threat Modeling while AFK
(00:54:49) Nuclei - ai flag, ChatGPT Operator, and Hacking Gemini's Memory
