Episode 24: In this episode of Critical Thinking - Bug Bounty Podcast, we chat with Daniel Miessler and Rez0 about the emergence and potential of AI in hacking. We cover AI shortcuts and command line tools, AI in code analysis and the use of AI agents, and even brainstorm about the possible opportunities that integrating AI into hacking tools like Caido and Burp might present. Don't miss this episode packed with valuable insights and cutting-edge strategies for both beginners and seasoned bug bounty hunters alike.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterToday’s Guests:https://twitter.com/rez0__https://twitter.com/DanielMiesslerDaniel Miessler’s Unsupervised Learninghttps://danielmiessler.com/Simon Willison's Python Function Search Toolhttps://simonwillison.net/2023/Jun/18/symbex/oobabooga - web interface for modelshttps://github.com/oobabooga/text-generation-webuiState of GPThttps://karpathy.ai/stateofgpt.pdf AI Canarieshttps://danielmiessler.com/p/ai-agents-canaries GPT3.5https://community.openai.com/t/gpt-3-5-turbo-0613-function-calling-16k-context-window-and-lower-prices/263263 GPT Engineerhttps://github.com/AntonOsika/gpt-engineerTimestamps:(00:00:00) Introduction(00:05:40) Using AI for hacking: Developing hacking tools and workflow shortcuts(00:11:40) GPT Engineer and Small Developer for Security Vulnerability Mapping(00:22:40) The potential dangers of centralized vs. decentralized finance(00:24:10) Ethical hacking and circumventing ChatGPT restrictions(00:26:09) AI Agents, Reverse API, and Encoding/Decoding Tools(00:31:45) Limitations of AI in context window and processing large JavaScript files(00:36:50) Meta-prompter: Enhancing prompts for accurate responses from GPT(00:41:00) GPT-35 and the new 616K context model(45:08) Creating a loader for Burp Suite files or Caido instances(00:54:02) Hacking AI Features: Best Practices(01:00:00) AI plugin takeover and the need for verification of third-party plugins and tools

Join bug bounty experts Nagli, Shubs, Douglas Day, Alex Chapman, Nahamsec, and Rez0 as they share their favorite bugs of 2024. Nagli dives into a complex Azure DevOps vulnerability, while Shubs discusses pre-authentication exploits. Douglas reveals an account takeover lapse in a streaming service, and Alex describes a tricky XSS issue. Nahamsec highlights teamwork in a collaborative bug event, and Rez0 explains a server-side template injection in Shift AI. Celebrate a milestone while gaining insights into the wild world of ethical hacking!