Critical Thinking - Bug Bounty Podcast Episode 142: gr3pme's full-time hunting journey update, insane AI research, and some light news
Oct 2, 2025
Brandon, known as gr3pme, is an accomplished bug bounty hunter and AI security researcher who recently transitioned to full-time work and founded Murtasec. He shares insights on what going full-time means for his career and the unexpected opportunities it has presented. The conversation covers web vulnerabilities, including a notable $111,750 payout for a path traversal to RCE. They also delve into AI security tools, discussing the accuracy challenges with existing hackbots, and introduce innovative concepts like CVE Genie and PROMISQROUTE.
AI Snips
Chapters
Transcript
Episode notes
Full-Time Hunting Opened New Doors
- Brandon described going full-time into bug bounty and how it unlocked unexpected professional opportunities.
- He credited flexibility for enabling speaking, events, and starting a pentest company.
Weigh Opportunity Cost Before Saying Yes
- Weigh opportunity cost before launching side projects or a company and be realistic about initial income drops.
- Prioritize what activity "fills your cup" to avoid burnout and wasted effort.
WebSocket Testing Just Got Practical
- PortSwigger's WebSocket Turbo Intruder reduces friction by letting hackers craft WebSocket messages as HTTP-like requests.
- Its threaded engine enables parallel messages to trigger WebSocket race conditions that were previously hard to test.