Powered by RND
PodcastsTechnologiesCritical Thinking - Bug Bounty Podcast

Critical Thinking - Bug Bounty Podcast

Justin Gardner (Rhynorater) & Joseph Thacker (Rez0)
Critical Thinking - Bug Bounty Podcast
Dernier épisode

Épisodes disponibles

5 sur 139
  • Episode 139: James Kettle - Pwning in Prod & How to do Web Security Research
    Episode 139: In this episode of Critical Thinking - Bug Bounty Podcast Justin finally sits down with the great James Kettle to talk about HTTP Proxys, metagaming research, avoiding burnout, and why HTTP/1.1 must die!Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today’s Guest: https://x.com/albinowaxhttps://jameskettle.com====== This Week in Bug Bounty ======Building an Android Bug Bounty labMobile Hacking Toolkit====== Resources ======CVE-2022-22720So you want to be a web security researcher?Hunting Evasive Vulnerabilities: Finding Flaws That Others Miss by James KettleHTTP/1.1 Must Die! The Desync EndgamePractical HTTP Host header attacks====== Timestamps ======(00:00:00) Introduction(00:05:01) Apache MITM-powered pause-based client-side desync(00:15:33) HTTP Proxys and Burp Suite HTTP/2 in Repeater(00:24:52) AI intagrations, life structure, and avoiding burnout(00:35:23) Client-side to server-side progression(00:47:39) The 'metagame' of security research(01:29:43) Host Header Attacks & HTTP/1.1 Must Die! (02:02:34) Is HTTP/2 the solution?
    --------  
    2:21:51
  • Episode 138: Caido Tools and Workflows
    Episode 138: In this episode of Critical Thinking - Bug Bounty Podcast We’re talking Caido tools and workflows. Justin gives us a list of some of the Caido tools that have caught his interest, as well as how he’s using them.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!====== This Week in Bug Bounty ======Meet YesWeHack at ROOTCON 2025https://www.yeswehack.com/page/meet-yeswehack-at-rootcon-2025New Dojo challenge featuring a Local File Inclusion in a Ruby applicationhttps://dojo-yeswehack.com/challenge-of-the-month/dojo-44?utm_source=sponsor&utm_medium=challenge&utm_campaign=dojo-44AI Red Teaming CTFhttps://ctf.hackthebox.com/event/details/ai-red-teaming-ctf-ai-gon3-rogu3-2604====== Resources ======Web Security Labshttp://caido.rhynorater.com====== Timestamps ======(00:00:00) Introduction(00:02:32) Common filters & command palette in EvenBetter(00:06:49) Notes++(00:09:28) Shift Agents and Drop(00:15:34) Workflows
    --------  
    22:39
  • Episode 137: How We Do AI-Assisted Whitebox Review, New CSPT Gadgets, and Tools from SLCyber
    Episode 137: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner and Joseph Thacker reunite to talk about AI Hacking Assistants, CSPT and cache deception, and a bunch of tools like ch.at, Slice, Ebka, and more.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter:https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!====== This Week in Bug Bounty ======Vulnerability vectors: SQL injection for Bug Bounty huntersMozilla VPN Clients: RCE via file write and path traversal====== Resources ======Cache Deception + CSPT:dig @ch.atSearchlight Cyber ToolsSliceEbka-Caido-AIpostMessage targetOrigin bypass====== Timestamps ======(00:00:00) Introduction(00:01:26) Claude, Gemini, and Hacking Assistants(00:11:08) AI Safety(00:18:09) CSPT(00:23:26) ch.at, Slice, Ebka, & Searchlight Cyber Tools(00:45:19) postMessage targetOrigin bypass
    --------  
    49:09
  • Episode 136: Hacking Cluely, AI Prod Sec, and How To Not Get Sued with Jack Cable
    Episode 136: In this episode of Critical Thinking - Bug Bounty Podcast, Joseph Thacker sits down with Jack Cable to get the scoop on a significant bug in Cluely’s desktop application, as well as the resulting drama. They also talk about Jack’s background in government cybersecurity initiatives, and the legal risks faced by security researchers.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter:https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today’s Sponsor - ThreatLocker. Checkout ThreatLocker Detect! https://www.criticalthinkingpodcast.io/tl-detectToday’s Guest: https://x.com/jackhcable?lang=en====== This Week in Bug Bounty ======Nullcon Berlinhttps://www.yeswehack.com/page/yeswehack-live-hacking-nullcon-berlin-2025?utm_source=sponsor&utm_medium=blog&utm_campaign=lhe-nullcon-berlinBB Bulletin #15https://www.linkedin.com/pulse/bug-bounty-bulletin-15-yes-we-hack-dntue/2x Bounty on Grabhttps://hackerone.com/grab?type=team====== Resources ======Corridorhttps://corridor.dev/disclose.iohttps://disclose.io/====== Timestamps ======(00:00:00) Introduction(00:03:33) Cluely Bug, Government involvement, & Disclosed.io(00:12:33) AI in security & Corridor.dev(00:29:23) Cluely Bug Fallout & Ethics of hacking outside of Programs(00:41:20) Shift Agents
    --------  
    50:53
  • Episode 135: Akamai's Ryan Barnett on WAFs, Unicode Confusables, and Triage Stories
    Episode 135: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Ryan Barnett for a deep dive on WAFs. We also recap his Exploiting Unicode Normalization talk from DEFCON, and get his perspective on bug hunting from his time at Akamai. Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today’s Sponsor - ThreatLocker. Checkout ThreatLocker Detect! https://www.criticalthinkingpodcast.io/tl-detectToday’s Guest: https://x.com/ryancbarnett====== Resources ======Accidental Stored XSS Flaw in Zemanta 'Related Posts' Plugin for TypePadhttps://webappdefender.blogspot.com/2013/04/accidental-stored-xss-flaw-in-zemanta.htmlXSS Street-Fighthttps://media.blackhat.com/bh-dc-11/Barnett/BlackHat_DC_2011_Barnett_XSS%20Streetfight-Slides.pdfBlackhat USA 2025 - Lost in Translation: Exploiting Unicode Normalizationhttps://www.blackhat.com/us-25/briefings/schedule/#lost-in-translation-exploiting-unicode-normalization-44923====== Timestamps ======(00:00:00) Introduction(00:02:49) Accidental Stored XSS in Typepad Plugin (00:06:34) Chatscatter & Abusing third party Analytics(00:11:42) Ryan Barnett Introduction(00:21:11) Virtual Patching & WAF Challenges(00:40:39) AWS API Gateways & Whitelisting Bug Hunter Traffic(00:49:59) Lost in Translation: Exploiting Unicode Normalization(01:11:29) CSPs at the WAF level & 'Bounties for Bypass'
    --------  
    1:26:21

Plus de podcasts Technologies

À propos de Critical Thinking - Bug Bounty Podcast

A "by Hackers for Hackers" podcast focused on technical content ranging from bug bounty tips, to write-up explanations, to the latest hacking techniques.
Site web du podcast

Écoutez Critical Thinking - Bug Bounty Podcast, Micode - Underscore_ ou d'autres podcasts du monde entier - avec l'app de radio.fr

Obtenez l’app radio.fr
 gratuite

  • Ajout de radios et podcasts en favoris
  • Diffusion via Wi-Fi ou Bluetooth
  • Carplay & Android Auto compatibles
  • Et encore plus de fonctionnalités
Applications
Réseaux sociaux
v7.23.8 | © 2007-2025 radio.de GmbH
Generated: 9/16/2025 - 7:12:45 AM