Critical Thinking - Bug Bounty Podcast

Episode 109: Creative Recon - Alternative Techniques

Feb 6, 2025

Dive into the latest drama surrounding DeepSeek and the implications of AI in security measures like CAPTCHA and 2FA. Discover the challenges of AI training costs and the vulnerabilities linked to an AI database. Explore innovative vulnerability reporting techniques, highlighting 'report pointers' for credibility. Get insights into alternative reconnaissance methods in bug hunting, and learn how to uncover hidden assets and vulnerabilities using modern tools and AI. An exciting blend of technology and security awaits!

01:01:42

Creator website

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Human oversight is crucial in cybersecurity despite automated systems, ensuring nuanced decision-making during active threats and incidents.

The controversy surrounding DeepSeek's AI model raises questions about the authenticity of its claims and the implications for the AI development market.

Exploring alternative recon techniques, such as passive DNS queries, reveals hidden vulnerabilities and emphasizes the value of unconventional approaches in security assessments.

Deep dives

Importance of Human Oversight in Cybersecurity

Having human oversight in cybersecurity operations is essential for effective incident response. Automated systems, like ThreatLocker's CyberHero Managed Detect and Response, offer constant monitoring, but human expertise remains invaluable in critical situations, especially when facing active threats. Past strategies that involved attacking during off-hours reveal the importance of persistence in engaging with adversaries. Human oversight not only enhances response capabilities but also ensures that nuanced decisions can be made during malicious activity.

Intro

3min

AI Training Costs and Cybersecurity Insights

9min

Innovations in AI and Web Security

19min

Innovative Vulnerability Reporting and Reconnaissance Techniques

14min

Exploring Alternative Recon Techniques in Bug Hunting

3min

Harnessing Reconnaissance Techniques in Cybersecurity

13min

Exploring Alternative Recon Techniques in Cybersecurity

2min

Episode 109: In this episode of Critical Thinking - Bug Bounty Podcast we start off with a quick recap of some of the DeepSeek Drama that’s been going down, and discuss AI in CAPTCHA and 2FA as well. Then we switch to cover some other news before settling in to talk about Alternative Recon Techniques

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to https://x.com/realytcracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater and Rez0 on Twitter:

https://x.com/Rhynorater

https://x.com/rez0__

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today’s Sponsor - ThreatLocker. Check out their Managed Detection and Response!

====== Resources ======

Resources

Wiz Research Uncovers Exposed DeepSeek Database

Bypass Bot Detection

Tweet from sw33tLie

rsc 2fa

Stealing HttpOnly cookies with the cookie sandwich technique

Report Pointers for Collaborative Chains

Clone2Leak: Your Git Credentials Belong To Us

Deanonymization via cache