Aaron Costello, a SaaS security expert known for his insights on misconfigurations, dives into the complexities of hacking Salesforce, ServiceNow, and Power Pages. He humorously contrasts hacker stereotypes with dedicated bug bounty hunters. Discussion includes the dangers of file upload vulnerabilities and the significance of proper access controls. Notably, he explores Sockle injection vulnerabilities and the intricacies of Salesforce Apex classes, while emphasizing collaboration in identifying security flaws across various SaaS platforms. Tune in for practical techniques and insider insights!

Dive into the world of cybersecurity as the hosts discuss the intricacies of cross-origin security headers and share insights from their experiences. Discover vulnerabilities in Google's OAuth system and learn about gift card hacking exploits. Explore the importance of teaching kids about tech through fun anecdotes and the role of community in supporting innovative research. With a new co-host and engaging discussions on AI in security, this episode is packed with information for both tech lovers and aspiring hackers alike!

The podcast introduces a new co-host, Joseph Thacker, who shares his journey into full-time bug bounty hunting. Highlights include discussions on double-click jacking and its implications for web security. The hosts delve into the significance of automation in bug hunting, showcasing various tools and techniques. They also explore character set attacks and SVG XSS vulnerabilities, while emphasizing the need for robust defenses. Finally, a look ahead reveals plans for enhanced community engagement and original research initiatives in the coming years.

This week features Sam Curry, a renowned bug bounty hunter known for secondary context bugs, and Johan Carlson, an expert in highly CSP environments. They discuss captivating topics like Blind XSS vulnerabilities, web exploits, and debugging techniques for IoT devices. Matan Bear shares insights on client-side attacks using DevTools, while Mariah Gardner highlights the balance between bug bounty hunting and personal relationships. Together, they explore the dynamic nature of cybersecurity and the importance of continuous learning in the field.

Reflecting on the highs and lows of 2024, the host dives into personal achievements and outlines ambitious goals for 2025. They introduce exciting community initiatives like the Bug Bounty Hunters Guild and Critical Research Lab. Insights into personal inventory reveal valuable lessons learned, emphasizing the importance of community and accountability in the bug bounty world. It's a thoughtful mix of reflection and forward-thinking that promises to inspire fellow hackers.

Dive into the potential vulnerabilities of ANSI codes and the world of large language models as the hosts uncover innovative hacking techniques. Explore the intricacies of Unicode normalization and its impact on web security, especially concerning command injections. Delve into cookie manipulation challenges and learn about the balance between hackbots and cybersecurity. The discussion also highlights success stories within the community, showcasing the importance of collaboration and sharing knowledge in the ever-evolving tech landscape.

In this discussion, Jason Haddix, an expert in AI and offensive security, shares his insights into the innovative world of AI micro-agents in hacking. They explore how these tools can enhance web fuzzing and WAF bypass techniques. Jason emphasizes the importance of contextual knowledge and prompt engineering for optimally utilizing large language models. The dialogue also touches on ethical concerns in bug bounty programs and the significant role of automation in vulnerability assessment, shedding light on both innovations and challenges in the field.

Johann Rehberger, a leading AI security researcher, shares his insights on AI application vulnerabilities. He discusses prompt injection and obfuscation techniques used to exploit AI systems. The conversation highlights innovative data exfiltration methods, including video generation and image rendering. They examine the reactions of major tech firms to bug bounty challenges and stress the importance of robust security measures. Rehberger also emphasizes the need for standardized guidelines to safeguard against AI vulnerabilities in an evolving landscape.

Join bug bounty experts Nagli, Shubs, Douglas Day, Alex Chapman, Nahamsec, and Rez0 as they share their favorite bugs of 2024. Nagli dives into a complex Azure DevOps vulnerability, while Shubs discusses pre-authentication exploits. Douglas reveals an account takeover lapse in a streaming service, and Alex describes a tricky XSS issue. Nahamsec highlights teamwork in a collaborative bug event, and Rez0 explains a server-side template injection in Shift AI. Celebrate a milestone while gaining insights into the wild world of ethical hacking!

Delve into the essentials of bug bounty hunting, where mastering web fundamentals is key. The hosts discuss critical vulnerabilities like mutation XSS and SSRF, stressing the need for a strong foundation in web security. Explore advanced methodologies in hacking and the significance of personalized solutions. Discover the importance of motivation and goal-setting on the journey to making $100k in your first year. Unique metaphors highlight the nuances of targeting companies and the evolving motivations behind bug bounty participation.