Critical Thinking - Bug Bounty Podcast

Episode 106: Announcing our new cohost...

Jan 16, 2025

The podcast introduces a new co-host, Joseph Thacker, who shares his journey into full-time bug bounty hunting. Highlights include discussions on double-click jacking and its implications for web security. The hosts delve into the significance of automation in bug hunting, showcasing various tools and techniques. They also explore character set attacks and SVG XSS vulnerabilities, while emphasizing the need for robust defenses. Finally, a look ahead reveals plans for enhanced community engagement and original research initiatives in the coming years.

58:10

Creator website

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Joseph Thacker, also known as Rez0, highlights his transition to full-time bug bounty hunting, illustrating an evolving career path in cybersecurity.

The podcast emphasizes the value of community collaboration and mentorship in bug bounty hunting, enhancing learning through shared experiences.

Discussion revolves around modern tools and methodologies in bug hunting, stressing the integration of automation to improve workflow and efficiency.

Deep dives

Transition to Full-Time Bug Bounty Hunting

One of the main highlights is the transition of Rezo to full-time bug bounty hunting, which signifies a major career shift. This change reflects a growing trend of cybersecurity professionals pursuing bug bounty programs as viable full-time careers. Rezo shares his journey, emphasizing how critical participation in communities and events, such as live hacking events, helped shape his skills and networking. He encourages newcomers to bug bounty hunting to appreciate the unique opportunity it provides to learn while potentially monetizing their skills.

Intro

2min

Credibility in Bug Bounty Hunting

6min

Automating Bug Hunting: Tools and Strategies

12min

Understanding Double Click Jacking and Security Challenges

10min

Exploring Bug Hunting and Web Security Vulnerabilities

19min

Accelerated Learning in AI Hacking

4min

Future Directions: Enhancing Research and Community Engagement in 2025

4min

Episode 106: In this episode of Critical Thinking - Bug Bounty Podcast we are pleased to announce our new co-host of the podcast: Joseph Thacker Aka Rez0! We discuss Joseph's transition to full-time bug bounty hunting, his goals, and what he’s looking forward to bringing to the pod. We also cover some news items including doubleclickjacking, character set attacks, SVG XSS, and more.

Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Rez0 on twitter:

https://x.com/Rhynorater

https://x.com/rez0__

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Check out our new SWAG store at https://ctbb.show/swag!

Resources

DoubleClickjacking: A New Era of UI Redressing

https://www.paulosyibelo.com/2024/12/doubleclickjacking-what.html

XBOW Validation Benchmarks

https://github.com/xbow-engineering/validation-benchmarks

Jorian tweet

https://x.com/J0R1AN/status/1871586792455163975

Simplified Payload

https://portswigger-labs.net/xss/charset.php?x=%1b$B%1b(B%3Ca%20href=javas%1B(Jcript:alert(1)%3Etest%3C/a%3E&charset=

SVG XSS Payload

https://x.com/garethheyes/status/1876953751245783534