Critical Thinking - Bug Bounty Podcast

Episode 122: In this episode of Critical Thinking - Bug Bounty Podcast your boys are MVH winners! First we’re joined by Zak, to discuss the Google LHE as well as surprising us with a bug of his own! Then, we sit down with Lupin and Monke for a winners roundtable and retrospective of the event.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Check out the CTBB Job Board: https://jobs.ctbb.show/Today’s Guests:Zak Bennett : https://www.linkedin.com/in/zak-bennett/Ciarán Cotter: https://x.com/monkehackRoni Carta: https://x.com/0xLupin====== Resources ======We hacked Google’s A.I Gemini and leaked its source codehttps://www.landh.tech/blog/20250327-we-hacked-gemini-source-code====== Timestamps ======(00:00:00) Introduction(00:03:02) An RCE via memory corruption (00:07:45) Zach's role at Google and Google's AI LHE(00:15:25) Different Components of AI Vulnerabilities (00:24:58) MHV Winner Debrief(01:08:47) Technical Takeaways And Team Strategies(01:28:49) LHE Experience and Google VRP & Abuse VRP

Episode 121: In this episode of Critical Thinking - Bug Bounty Podcast we cover so much news and research that we ran out of room in the description...Follow us on XShoutout to YTCracker for the awesome intro music!====== Links ======Follow Rhynorater and Rez0 on X:====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord!We also have hacker swag!====== This Week in Bug Bounty ======Hacker spotlight: RhynoraterUltra Mobile BB Program - Mobile AppsUltra Mobile BB Program - (Public)John Deere ProgramJD's's BB Program Boosts CybersecurityDojo #41 - Ruby treasure====== Resources ======slonser 0-day in chromeCT Additional useful primitivesHow I made $64k from deleted filesCTBB episode with Sharon BrizinovRez0's Subdomain Link LauncherQwen3 Local ModelMay Cause Pwnageimport WAF bypassCaido DropAndre's tweet about encoded wordNahamconGemini prompt leakSVG Onload Handlers

In this engaging discussion, Eugene Lim, aka SpaceRaccoon, a vulnerability research expert and author of 'From Day Zero to Zero Day', tackles fascinating topics like binary analysis and fuzzing techniques. He highlights the crucial relationship between code interconnectedness and security vulnerabilities. The conversation also delves into dynamic analysis methods and the evolving landscape of IoT security, using unique case studies. Eugene's personal anecdotes and practical insights make the complex world of cybersecurity accessible and exciting for listeners.

Dive into the intriguing world of iframes and discover their hidden significance in web security. Learn about the vulnerabilities they pose and how attackers can exploit them through tactics like clickjacking. The discussion highlights essential attributes of iframes, along with fun facts that might surprise even seasoned security researchers. Join the conversation and uncover strategies for identifying and mitigating these risks in the ever-evolving landscape of cybersecurity.

Dive into the world of cybersecurity as the hosts explore high-risk vulnerabilities in IT management software and highlight the importance of robust source code reviews. Discover the dangers of SQL injection in .NET applications, share in the excitement over a hacker reaching $1 million in bug bounties, and unravel a significant Next.js authentication bypass. The conversation extends to the complexities of AI vulnerabilities and the evolving landscape of MCP security, showcasing tech innovations and community camaraderie in the bug bounty realm.

Dive into the world of AI hacking with insights on reconnaissance techniques and feature exploitation. Explore the latest AI advancements like Gemini 2.5 Pro and uncover security vulnerabilities posed by automated coding. Learn about trust issues in large language models and how they impact vulnerability detection. Discover methodologies for hacking AI chatbots and strategies for identifying potential weaknesses in AI features during bug bounty hunts.

Episode 116: In this episode of Critical Thinking - Bug Bounty Podcast Justin gives a quick rundown of Portswigger’s SAML Roulette writeup, as well as some Google VRP reports, and a Next.js middleware exploit.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today’s Sponsor: ThreatLocker Cloud Control - https://www.threatlocker.com/platform/cloud-control====== Resources ======SAML roulette: the hacker always winshttps://portswigger.net/research/saml-roulette-the-hacker-always-winsLoophole of getting Google Form associated with Google Spreadsheet with no editor/owner accesshttps://bughunters.google.com/reports/vrp/yBeFmSrJiLoophole to see the editors of a Google Document with no granted access(owner/editor) with just the fileid (can be obtained from publicly shared links with 0 access)https://bughunters.google.com/reports/vrp/7EhAw2hurCloud Tools for Eclipse - Chaining misconfigured OAuth callback redirection with open redirect vulnerability to leak Google OAuth Tokens with full GCP Permissionshttps://bughunters.google.com/reports/vrp/F8GFYGv4gNext.js, cache, and chains: the stale elixirhttps://zhero-web-sec.github.io/research-and-things/nextjs-cache-and-chains-the-stale-elixirNext.js and the corrupt middleware: the authorizing artifacthttps://zhero-web-sec.github.io/research-and-things/nextjs-and-the-corrupt-middleware====== Timestamps ======(00:00:00) Introduction(00:02:59) SAML roulette(00:13:08) Google bugs(00:20:16) Next.js and the corrupt middleware

Episode 115: In this episode of Critical Thinking - Bug Bounty Podcast Justin and So Sakaguchi sit down to walk through some recent bugs, before having a live mentorship session. They also talk about Reflector, and finish up by doing a bonus podcast segment in Japanese!Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to https://x.com/realytcracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today’s Sponsor: ThreatLocker Cloud Control - https://www.threatlocker.com/platform/cloud-controlToday’s Guest: https://x.com/Mokusou4====== Resources ======So's last appearance in episode 40ctbb.show/40====== Timestamps ======(00:00:00) Introduction(00:04:11) So's Facebook Bug(00:14:37) So and Justin's Google Bug(00:33:39) Live Mentorship Session(00:56:29) Reflector(01:13:22) Bonus - Podcast in Japanese

Dive into the world of hacking Single Page Applications (SPAs) as the hosts unravel techniques and tools like Shadow Repeater. Explore security vulnerabilities, including cross-site scripting and JWT exploitation, while uncovering the importance of understanding API endpoints. Discover how the integration of AI can enhance testing processes and learn about recent cybersecurity news, such as the launch of Hackadvisor, a platform for bug bounty ratings. Tune in for insights that merge fitness with cybersecurity in a unique twist!

Explore the fascinating world of web vulnerabilities as the hosts dive into the Portswigger Top 10 for 2024! Learn about OAuth hijacking and cookie tossing exploits that compromise security. They also unravel the vulnerabilities in PDF.js and the significant role of AI in application security. Discover the latest trends in bug hunting, including SQL injection, confusion attacks, and innovative techniques like the 'worst fit' algorithm for vulnerability discovery. The mix of personal stories and technical insights keeps the discussion engaging!