Critical Thinking - Bug Bounty Podcast

Episode 63: JHaddix Returns

Mar 21, 2024

JHaddix, bug bounty hunting expert, discusses updates to The Bug Hunter's Methodology, threat intelligence, buying credentials from the dark web, new recon techniques, and integrating AI into workflows. The podcast touches on red teaming, FIS hunting, and personal hacking journey insights.

01:21:35

Creator website

Episode guests

JHaddix

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Utilize reverse DNS lookups for subdomain discovery, WHOIS XML API for apex domain identification, and DMARC/CSP policy analysis for enhanced reconnaissance.

Invest time in manual reconnaissance for expanded target identification, AI red teaming focused on bias detection, and ethical considerations in hacking AI models.

Emphasize personalized techniques over automation, probe AI models for biases, and prioritize fairness in AI security measures to prevent discrimination and enhance prompt engineering strategies.

Deep dives

Reconnaissance Techniques for Uncovering Hidden Subdomains

One powerful recon technique involves conducting reverse DNS lookups to identify subdomains hidden within pointer records tied to specific IP addresses. Tools like HackRev DNS can assist in revealing hidden subdomains in these records, providing a valuable source of undiscovered targets.

Introduction

2min

Evolution of Bug Hunting Methodologies in JavaScript

13min

Evolution of Bug Bounty and Red Teaming Techniques

17min

Secure Credential Handling and Recon Strategies in Bug Bounty Hunting

8min

Adapting Recon Methods and Introduction to Proxy Company for Web Scraping

2min

Advanced Techniques for Proxy Service Reconnaissance

5min

Exploring Bug Bounty Strategies and Advantages through Personal Insights

2min

Exploring Recon Techniques for Subdomain Discovery

13min

Exploring SecGPT: The Future of AI in Cybersecurity

21min

Episode 63: In this episode of Critical Thinking - Bug Bounty Podcast we welcome back Jason Haddix (From Episode 12) to talk about some updates to his The Bug Hunter's Methodology, as well as his own personal life and hacking journey. We talk about the start of his new company, and then venture into topics such as using threat intelligence and buying credentials from the dark web, recon techniques, and ways to integrate AI into your workflow (or target list).

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Today’s Guest:

https://twitter.com/Jhaddix

https://www.arcanum-sec.com/

Resources:

Dehashed

https://www.dehashed.com/

Flare

https://flare.io/

CSP Recon

https://github.com/edoardottt/csprecon

Timestamps:

(00:00:00) Introduction