Critical Thinking - Bug Bounty Podcast cover image

Critical Thinking - Bug Bounty Podcast

Latest episodes

undefined
Dec 26, 2024 • 1h 1min

Episode 103: Getting ANSI about Unicode Normalization

Dive into the potential vulnerabilities of ANSI codes and the world of large language models as the hosts uncover innovative hacking techniques. Explore the intricacies of Unicode normalization and its impact on web security, especially concerning command injections. Delve into cookie manipulation challenges and learn about the balance between hackbots and cybersecurity. The discussion also highlights success stories within the community, showcasing the importance of collaboration and sharing knowledge in the ever-evolving tech landscape.
undefined
Dec 19, 2024 • 1h 3min

Episode 102: Building Web Hacking Micro Agents with Jason Haddix

In this discussion, Jason Haddix, an expert in AI and offensive security, shares his insights into the innovative world of AI micro-agents in hacking. They explore how these tools can enhance web fuzzing and WAF bypass techniques. Jason emphasizes the importance of contextual knowledge and prompt engineering for optimally utilizing large language models. The dialogue also touches on ethical concerns in bug bounty programs and the significant role of automation in vulnerability assessment, shedding light on both innovations and challenges in the field.
undefined
Dec 12, 2024 • 51min

Episode 101: CTBB Hijacked: Rez0__ on AI Attack Vectors with Johann Rehberger

Johann Rehberger, a leading AI security researcher, shares his insights on AI application vulnerabilities. He discusses prompt injection and obfuscation techniques used to exploit AI systems. The conversation highlights innovative data exfiltration methods, including video generation and image rendering. They examine the reactions of major tech firms to bug bounty challenges and stress the importance of robust security measures. Rehberger also emphasizes the need for standardized guidelines to safeguard against AI vulnerabilities in an evolving landscape.
undefined
6 snips
Dec 5, 2024 • 1h 42min

Ep 100 - 8 Fav Bugs of 2024, Farewell Joel, Hello Shift - Cursor of Hacking

Join bug bounty experts Nagli, Shubs, Douglas Day, Alex Chapman, Nahamsec, and Rez0 as they share their favorite bugs of 2024. Nagli dives into a complex Azure DevOps vulnerability, while Shubs discusses pre-authentication exploits. Douglas reveals an account takeover lapse in a streaming service, and Alex describes a tricky XSS issue. Nahamsec highlights teamwork in a collaborative bug event, and Rez0 explains a server-side template injection in Shift AI. Celebrate a milestone while gaining insights into the wild world of ethical hacking!
undefined
15 snips
Nov 28, 2024 • 1h 43min

Episode 99: Back to the Basics - Web Fundamental to 100k a Year in Bug Bounty

Delve into the essentials of bug bounty hunting, where mastering web fundamentals is key. The hosts discuss critical vulnerabilities like mutation XSS and SSRF, stressing the need for a strong foundation in web security. Explore advanced methodologies in hacking and the significance of personalized solutions. Discover the importance of motivation and goal-setting on the journey to making $100k in your first year. Unique metaphors highlight the nuances of targeting companies and the evolving motivations behind bug bounty participation.
undefined
Nov 21, 2024 • 1h 44min

Episode 98: Team 82 Sharon Brizinov - The Live Hacking Polymath

Sharon Brizinov, a leading IoT/ICS security researcher at Claroty, shares his captivating journey from iOS development to cybersecurity. He dives into the contrasting worlds of Pwn2Own and HackerOne, revealing their unique exploit ecosystems. The discussion explores the challenges of SCADA protocols and hacking vulnerabilities in critical infrastructure systems. Sharon also touches on the intricacies of IoT firmware and the importance of security in device communication, all while emphasizing the creativity essential for mastering the bug bounty landscape.
undefined
Nov 14, 2024 • 53min

Episode 97: Bcrypt Hash Input Truncation & Mobile Device Threat Modeling

Dive into the world of cybersecurity as experts dissect recent vulnerabilities in bcrypt, revealing insights into multi-factor authentication risks. Explore the layered security challenges in mobile environments and learn about clever techniques for concealing payloads in URLs. The introduction of the Lightyear tool for PHP exploits highlights the importance of evolving security measures, while discussions on advanced XSS exploitation techniques underscore the need for robust web application defenses. It's a treasure trove of information for security enthusiasts!
undefined
Nov 7, 2024 • 49min

Episode 96: Cookies & Caching with MatanBer

Explore advanced cookie parsing techniques and the unique quirks of Safari's cookie handling. Dive into the complexities of cookie exploitation and how cookie order impacts security. Discover insights on Capture the Flag challenges, particularly around caching vulnerabilities. Learn about the risks of cache poisoning and the implications of XSS vulnerabilities, emphasizing the importance of effective cookie management. Uncover practical strategies for manipulating cookies and safeguarding web applications against these threats.
undefined
Oct 31, 2024 • 1h 56min

Episode 95: Attacking Chrome Extensions with MatanBer - Big Impact on the Client-Side

In this enlightening discussion, MatanBer, an expert in browser extension security, shares his insights on the intricate architecture of Chrome extensions. They dive into threat models, focusing on content scripts and service workers, highlighting vulnerabilities in isolated environments. Key topics include the nuances of message passing and the security risks posed by poorly secured implementations. MatanBer also unpacks clickjacking and phishing scenarios, stressing the critical need for robust security measures to prevent exploitation.
undefined
Oct 24, 2024 • 49min

Episode 94: Zendesk Fiasco & the CTBB Naughty List

Dive into the chaos of the Zendesk incident and its ethical implications. Discover innovative AI tools reshaping cybersecurity practices and their real-world applications. The hosts also discuss the significance of vulnerability reporting and the complexities it involves. With a focus on transparency and communication in the bug bounty community, they ponder the idea of a 'naughty list' for companies mishandling disclosures. Plus, enjoy some light-hearted moments celebrating creativity within hacker culture!

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.
App store bannerPlay store banner

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode