Critical Thinking - Bug Bounty Podcast

In this podcast, they discuss new updates from Chrome, GPT-4 and SAML presentations. They also talk about using blind trust in web architecture, different web architectures, and the possibility of a secure storage API. Additionally, they share their experiences with Macs and non-Apple laptops for audio production, and discuss hacking Google Flights.

Renowned mobile hacking maestro Sergey Toshin shares his unexpected journey into mobile security and his rise to becoming the top hacker in Google Play Security and Samsung Bug Bounty programs. They discuss evolving perception of mobile bugs, new attack vectors, and creation of mobile security company Oversecured.

In this episode, 0xLupin, a security researcher and bug bounty enthusiast, joins the show. They discuss the Tokyo LHE, their journey into security research, and the benefits of collaboration. They also touch on pair hacking, joining a team, and starting a business together. The podcast covers some great tools for collaboration and offers valuable insights into the world of bug bounty hunting.

On this episode, the hosts discuss bug bounty ethics, including going out of scope. They also share a suspenseful story of Justin getting shot at. Other topics covered include setting up a mobile intercept proxy, Google open redirects, recent XSS exploitation, and bug reports from both hosts.

Renowned bug bounty hunter, Douglas Day, shares his unique methodologies and collaborative spirit. Topics discussed include finding new endpoints, exploiting Intercom widgets, collaboration preferences at live hacking events, justifying hobbies, and finding enjoyment in the bug hunting process.

In this episode of a bug bounty podcast, the hosts have a debate representing hackers and program managers. They discuss topics such as Disclosures, Dupes, Zero-Day Policy, payouts, budgets, Triage, and Retesting. They also touch on domains, transparency, bug severity ratings, budget allocation, retesting vulnerabilities, bug fix verification, bug report handling process, promoting security, changing contracting models, and live hacking events.

Episode 33: In this episode of Critical Thinking - Bug Bounty Podcast, we welcome Inti De Ceukelaire, a seasoned bug hunter known for his creative storytelling and impactful show-and-tell bugs…and let us tell you, his stories do not disappoint! From his bug bounty journey to some pretty wild hacks, Inti captivates us as only Inti can. We discuss the potential life-saving impact of bug bounty reports, especially in areas such as transportation and medical devices. We also cover hacker mentality, the benefits of objective-based challenges, and the need for collaboration and alignment within the bug bounty community. It’s a mesmerizing episode, so sit back and be swept away by Inti’s tales.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterToday’s Guest:https://twitter.com/securintiInti's Shopify Show-and-Tellhttps://hackerone.com/reports/1086108Hakluke's article on Bug Bounty Standardshttps://github.com/hakluke/bug-bounty-standardsResearching MissingNo Glitch in Pokemonhttps://youtu.be/p8OBktd42GIIntigritihttps://www.intigriti.com/Timestamps:(00:00:00) Introduction(00:03:01) Show-and-Tells and Storytelling in Live Hacking Events(00:08:30) Impact Assessment and the potential real-life significance of reporting vulnerabilities.(00:13:50) Ethical dilemmas, gaming the systems, and safe harbor.(00:23:30) Inti’s Hacking Journey(00:27:26) Hacker mentality, brainstorming, and goal-setting.(00:46:28) The benefit of mental resets, fresh perspectives, and ‘surprise collaboration’(00:52:55) Inti’s Story 1: CSS Injection bugs(01:06:20) Inti’s Story 2: The Ticket Trick(01:14:00) Inti’s Story 3: The Gotcha PasswordBug(01:18:30) Upcoming Intigriti Live Hacking Event

Topics discussed in this podcast include web race conditions, exploiting sub states in state machines, mismatched confirmation codes, a tool for enumerating Windows short names, hacking rewards programs, Mac-based authentication challenges, the sandwich attack for password reset endpoints, tight security measures, and finishing a real estate venture to focus on the podcast and bug bounty hunting.

Alex Chapman, a seasoned InfoSec hacker and bug bounty hunter, shares his hacking journey, the power of collaboration in bug bounty hunting, challenges of balancing hacking with other responsibilities, and the necessity of flexibility and taking breaks. They also discuss the distinction between full exploitation and proof of concept for RCE and crashes, managing time and notes in bug bounties, and exploring Perforce and testing with Python.

Renowned bug bounty hunter Shubs shares his journey from burgers to bugs and his love of collaboration. The podcast covers topics such as the art of debugging, ethics and economics of bug bounty hunting, the transition to Entrepreneur, and the evolution of Assetnote from a reconnaissance tool to enterprise security software suite.