Critical Thinking - Bug Bounty Podcast

Dive into the future of bug bounties as human hackers collaborate with AI, revolutionizing vulnerability discovery. Explore the intricate challenges of tokenization and its implications for effective hacking mentorship. Unpack the complexities of language models and the intriguing phenomenon of AI 'hallucinations.' Discover the vital role of context engineering in ensuring accurate validations, making sense of how AI is reshaping the cybersecurity landscape. It's an engaging discussion on the evolution of hacking in the age of artificial intelligence!

Delve into the vulnerabilities of self-XSS and the complexities of blind SSRF attacks, unveiling the latest research on HTTP redirect techniques. Explore the innovative applications of AI in reversing minified JavaScript and improving code security. Hear about exciting new tools like Lumintus for better bug bounty documentation and the implications of URL spoofing linked to Google font ligatures. This engaging discussion combines technical insights with the evolving landscape of web security.

The discussion kicks off with recent controversies in the bug bounty world and the advocacy for hackers. Key highlights include innovative hacking techniques around file formats and insights into compensation for zero-click vulnerabilities. There's a deep dive into the role of AI in cybersecurity, including novel exploits like 'Echo Leak.' The hosts celebrate community achievements while introducing tools like Newtowner for cloud security. Finally, they explore advanced tactics, including monetizing social media interactions and enhancing strategies with Chrome's dev tools.

Dive into the fascinating world of AI vulnerabilities, where personal experiences illuminate the challenges of hacking AI systems. Discover unique exploits like prompt injection that can manipulate AI interactions, exposing sensitive data. Hear about innovative tactics for uncovering AI flaws, including how hidden text can influence AI behavior. The conversation also emphasizes the necessity for creative approaches in identifying vulnerabilities and the importance of corporate support for AI bug bounty programs.

Discover strategies for succeeding at live hacking events! Learn about vital pre-event preparations and techniques for focus during the event. The discussion goes into post-event collaboration and maintaining a positive mindset throughout the process. Plus, hear about personal experiences and the importance of engaging with the bug bounty community. Get ready to optimize your approach and connect with fellow hackers.

Join the hosts as they tackle the latest in bug bounty news, including Louis Vuitton's new program and a serious OpenPGP.js vulnerability. They share insights on balancing the flexibility of bug hunting with structured approaches for success. Discover the art of mentoring novices, advanced exploitation techniques, and the significance of automating cybersecurity efforts. Plus, hear about the transition to full-time bug bounty hunting and the joys it brings, along with reflections on personal achievements in the hacking journey.

The discussion dives into mastering prompt injection, showcasing how emotional tactics can manipulate AI models. Key AI vulnerabilities are explored, with insights into bug hunting tools and recent leaks. The comparison between Google's AI technologies highlights advanced exploitation techniques. Emphasizing meticulous testing, the hosts share strategies for recognizing and categorizing vulnerabilities. The episode wraps up with a sneak peek into future content on emerging risks within AI exploitation, encouraging listeners to engage on social media.

Episode 122: In this episode of Critical Thinking - Bug Bounty Podcast your boys are MVH winners! First we’re joined by Zak, to discuss the Google LHE as well as surprising us with a bug of his own! Then, we sit down with Lupin and Monke for a winners roundtable and retrospective of the event.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter:https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Check out the CTBB Job Board: https://jobs.ctbb.show/Today’s Guests:Zak Bennett : https://www.linkedin.com/in/zak-bennett/Ciarán Cotter: https://x.com/monkehackRoni Carta: https://x.com/0xLupin====== Resources ======We hacked Google’s A.I Gemini and leaked its source codehttps://www.landh.tech/blog/20250327-we-hacked-gemini-source-code====== Timestamps ======(00:00:00) Introduction(00:03:02) An RCE via memory corruption(00:07:45) Zak's role at Google and Google's AI LHE(00:15:25) Different Components of AI Vulnerabilities(00:24:58) MHV Winner Debrief(01:08:47) Technical Takeaways And Team Strategies(01:28:49) LHE Experience and Google VRP & Abuse VRP

Episode 121: In this episode of Critical Thinking - Bug Bounty Podcast we cover so much news and research that we ran out of room in the description...Follow us on XShoutout to YTCracker for the awesome intro music!====== Links ======Follow Rhynorater and Rez0 on X:====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord!We also have hacker swag!====== This Week in Bug Bounty ======Hacker spotlight: RhynoraterUltra Mobile BB Program - Mobile AppsUltra Mobile BB Program - (Public)John Deere ProgramJD's's BB Program Boosts CybersecurityDojo #41 - Ruby treasure====== Resources ======slonser 0-day in chromeCT Additional useful primitivesHow I made $64k from deleted filesCTBB episode with Sharon BrizinovRez0's Subdomain Link LauncherQwen3 Local ModelMay Cause Pwnageimport WAF bypassCaido DropAndre's tweet about encoded wordNahamconGemini prompt leakSVG Onload Handlers

In this engaging discussion, Eugene Lim, aka SpaceRaccoon, a vulnerability research expert and author of 'From Day Zero to Zero Day', tackles fascinating topics like binary analysis and fuzzing techniques. He highlights the crucial relationship between code interconnectedness and security vulnerabilities. The conversation also delves into dynamic analysis methods and the evolving landscape of IoT security, using unique case studies. Eugene's personal anecdotes and practical insights make the complex world of cybersecurity accessible and exciting for listeners.