Critical Thinking - Bug Bounty Podcast

Discussing PDF.JS XSS and NextJS SSRF, improving bug bounty statistics, concealing data in IPv6 addresses, navigating RFC compliance, business logic vulnerabilities, bug hunting strategies, JavaScript in software development, and transitioning to a new tool efficiently.

Cybersecurity expert Keith Hoodlet discusses VDPs and AI bias bounties, highlighting challenges in securing large organizations and the importance of understanding human biases when hacking AI. They also touch on bug bounty programs, government grants for VDPs, and testing scenarios with chatbots.

Cybersecurity researcher Ben Sadeghipour discusses NahamCon news, LHEs, CI/CD, and drops cool CSP Bypasses. Topics include WordPress hacking, bug bounty rewards, sponsorships, maximizing bonuses, anticipation for NahamCon, Deppie tool, CSP bypass techniques, and bypassing Google CSP.

Johan Carlsson, a dedicated bug bounty hunter, shares his journey transitioning to full-time bug hunting. He discusses the thrill of discovering vulnerabilities like a CSP bypass in GitHub and a critical flaw in GitLab. Johan highlights his focus on complex bug types like ReDoS and OAuth, emphasizing the unpredictability that accompanies bug hunting. He also offers insights into balancing personal life with his bug bounty career, navigating financial challenges, and the importance of community support in this unique profession.

Security researcher Mathias discusses HTMX vulnerabilities and bug bounty challenges like CSP bypass, XSS conversions, and HTMX disable bypasses. They also explore CDN-CGI functionality, CTF Challenge results, and the use of HTMX in larger applications with performance trade-offs.

Exploring the benefits of Vulnerability Disclosure Programs (VDPs) and the ongoing Program VS Hacker debate. Touching on leaderboard accuracy and financial support for talented individuals. Delving into bug bounty hunting challenges and governance of bug fixes and hacker compensation. Valuing research in bug bounty programs and the importance of immediate response in securing systems.

In this podcast, they discuss YesWeHack Louis Vuitton LHE, importance of failure in bug bounty, CDN CGI research, benefits of cold showers, Louis Vuitton live hacking event, bug bounty dominance, browser market share insights, OAuth flow vulnerabilities, Kaido workflows, Blink's features, DOM secrets, data attributes in frameworks.

Sam Curry, an ethical hacker, discusses pushing boundaries in bug bounty hunting, hacking Tesla, casinos, Starbucks, and getting detained at the airport. Topics include hacking ethics, bug bounty efficacy, collaboration, and secondary context bugs.

.NET Remoting exploitation, Dom Purify bypass, Cloudflare CDN-CGI endpoint, JavaScript deobfuscation, bug bounty collaboration, impactful POCs, hiding XSS payloads with URL updates

JHaddix, bug bounty hunting expert, discusses updates to The Bug Hunter's Methodology, threat intelligence, buying credentials from the dark web, new recon techniques, and integrating AI into workflows. The podcast touches on red teaming, FIS hunting, and personal hacking journey insights.