Critical Thinking - Bug Bounty Podcast

Dive into the intriguing world of Model Context Protocol (MCP) and its significance for AI pentesting. Discover the architecture and authentication quirks that hackers need to be aware of, including risks like dynamic client registration. Learn how sampling and elicitation can unveil dangerous vulnerabilities. Plus, explore the implications of using Git resources and templated URIs for potential exploits. Packed with insights on how to approach security research practically, this discussion is a must-listen for cybersecurity enthusiasts!

Episode 147: In this episode of Critical Thinking - Bug Bounty Podcast we're talking tips and tricks that help us in hacking that we really should’ve learned sooner.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pme====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor: ThreatLocker. Check out ThreatLocker Network Controlhttps://www.criticalthinkingpodcast.io/tl-nc====== This Week in Bug Bounty ======Netscaler's new programhttps://hackerone.com/netscaler_public_program?type=teamThe ultimate Bug Bounty guide to HTTP request smuggling vulnerabilitieshttps://www.yeswehack.com/learn-bug-bounty/http-request-smuggling-guide-vulnerabilitiesHackers now have 2 Request-a-Responsehttps://docs.bugcrowd.com/changelog/researchers/request-a-response-researcher/Evan Connelly Spotlighthttps://www.bugcrowd.com/blog/hacker-spotlight-evan-connelly/Epic Games Jobs OpeningsJobs.ctbb.show====== Timestamps ======(00:00:00) Introduction(00:09:23) Command Palette, Auto-decoding, & Evenbetter(00:17:28) Chrome Devtools Edit as html & Raycast(00:33:23) ffuf -request flag(00:41:33) JXScout(00:48:55) Conditional Breakpoints in Devtools & Lightning round tips

Get ready for a spooky ride as hosts share chilling bug bounty horror stories! From a browser extension leaking employee tokens to a live hacking event gone wrong with a massive zip file, the tales are gripping. Hear about accidental disruptions, like sysprepping a hypervisor and getting fired over a disruptive XSS tool. They explore the risks of weak credentials in guest Wi-Fi and how an open banking hack led to account takeovers. It's a mix of thrills and tech as they unveil the scariest sides of hacking!

Dive into innovative note-taking strategies that can elevate your bug bounty game! Learn how structured notes can boost collaboration and long-term success. Explore threat modeling techniques and essential attack vectors to watch for. Brandyn shares a Notion template and practical tips for monitoring JavaScript artifacts and other high-signal indicators. Plus, discover the benefits of turning past reports into valuable insights. Unlock the secrets to effective teamwork and streamlined investigations!

In this discussion, Vitor Falcão, a full-time bug bounty hunter known for his client-side exploits, and Ciarán Cotter, a seasoned researcher focused on AI vulnerabilities, dive into their recent successes at the Mexico Live Hacking event. They share insights on transitioning from front-end to AI targets, strategies for submitting bugs, and the challenges faced in full-time hacking careers. Vitor highlights the balance needed to avoid isolation in the industry, while both explore the complexities of exploiting AI-related vulnerabilities.

A new co-host joins the discussion as they dive into the excitement of live hacking events and the strategic dynamics of report writing. Recent news highlights YesWeHack's major EU contract win. The hosts tackle tackling deep pentesting scopes and the advantages of non-chained gadgets. They explore the intricacies of exploiting backend implementations and share clever techniques like client-side attribute smuggling. Insights on the Entra actor token flaw reveal critical vulnerabilities, while practical discussion on tools like Flareprox enhances the technical insights.

Brandon, known as gr3pme, is an accomplished bug bounty hunter and AI security researcher who recently transitioned to full-time work and founded Murtasec. He shares insights on what going full-time means for his career and the unexpected opportunities it has presented. The conversation covers web vulnerabilities, including a notable $111,750 payout for a path traversal to RCE. They also delve into AI security tools, discussing the accuracy challenges with existing hackbots, and introduce innovative concepts like CVE Genie and PROMISQROUTE.

Nick Copi, known as 7urb0, is a security researcher who specializes in client-side web hacking. He delves into an inefficient regex that crashed Google Docs and explores triggering modals in the application. Nick shares insights on React createElement exploitation, revealing how XSS can persist in Electron clients. He also discusses exploiting CSS injection vulnerabilities with FontLeak techniques. Throughout, he emphasizes the importance of community collaboration in advancing research and sharing effective hacking strategies.

Discover the latest from the Crit Research Lab as experts unpack postMessage vulnerabilities and the intricacies of Cookie Chaos. Dive into the nuances of cross-origin request forgery, and learn about the latest AI-driven business logic bugs. The hosts share valuable insights for beginners in live hacking, covering everything from teamwork strategies to solo approaches at events. Plus, hear community stories that highlight innovative exploits and practical hunting techniques for effective web security.

James Kettle, Head of Research at PortSwigger and expert in web security, shares insights on critical vulnerabilities and innovations in the field. He discusses the complexities of HTTP, expressing why he believes HTTP/1.1 should be phased out. Kettle explores strategies to prevent burnout in research, emphasizing the balance between autonomy and team dynamics. The conversation also highlights the evolving role of AI in web security and the importance of clear objectives for effective vulnerability research.