Critical Thinking - Bug Bounty Podcast

Episode 153: In this episode of Critical Thinking - Bug Bounty Podcast Matt Brown returns to talk with us about hacking robots, IOT hackbots, and his Zero-to-Hero Hardware Hacking Guide.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pme====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today’s Guest: Matt Brownhttps://x.com/nmatt0https://github.com/BrownFineSecurity/iothackbot====== Resources ======KeeYees USB Logic Analyzer DeviceSaleae logic analyzerXGecuHardware Hacking Tutorial by Make Me HackUART and SPI firmware extractionUART Root Shell on Linux RouterUART Shell Jail and Unlocked BootloaderChinese IP Camera Firmware ExtractionChip-Off Firmware Extraction====== Timestamps ======(00:00:00) Introduction(00:01:22) Incremental Session Token Story and Matt Brown Intro (00:10:42) Hardware Bug Bounty Scene & AI on Devices(00:24:30) Hacking Human Robot(00:41:33) Zero-to-Hero Hardware Hacking Guide(01:01:47) IOT Hackbot

Episode 152: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Sasi Levi from Noma Security to talk about AI and Agentic Security. We also talk about ForcedLeak, a Google Vertex Bug, and debate if Prompt Injection is a real Vuln.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pme====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.CHeck out our New Christmas Swag at https://ctbb.show/merch!Today's Sponsor: ThreatLocker. Check out ThreatLocker Elevation Controlhttps://ctbb.show/tl-ecAnd Noma Security! https://noma.security/Today’s Guest: https://x.com/sasi2103====== This Week in Bug Bounty ======Vercel Platform ProtectionDedicated HackerOne program for Vercel WAFYesWeHack Open Source ProgramsAndroid recon for Bug Bounty hunters====== Resources ======Sasi's Tweet from 2015ForcedLeak: AI Agent risks exposed in Salesforce AgentForceIs Prompt Injection a Vulnerability?====== Timestamps ======(00:00:00) Introduction(00:09:16) Google Vertex AI Bug(00:29:28) Sasi's Background and Bug Bounty Journey(00:38:55) Resources for AI and Agentic Security Methodology(00:50:34) ForcedLeak(01:02:06) Is Prompt Injection a Vuln?

Episode 151: In this episode of Critical Thinking - Bug Bounty Podcast we’re covering Client-side advanced topics. Justin talks Joseph (and us) through Third-Party Cookie Nuances, Iframe Tricks, URL Parsing, and more.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X:https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pme====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor: ThreatLocker. Check out ThreatLocker Elevation Controlhttps://ctbb.show/tl-ec====== Resources ======Nowasky's Tweet #1https://x.com/nowaskyjr/status/1993421017381744974Nowasky's Tweet #2https://x.com/nowaskyjr/status/1992717862398800081rep+ in Chrome DevToolshttps://x.com/BourAbdelhadi/status/1992622964077179229Terjanq Post from 2021https://x.com/terjanq/status/1421093136022048775====== Timestamps ======(00:00:00) Introduction(00:02:58) Client-side news & AI Updates(00:12:02) Third-Party Cookie Nuances & PostMessages(00:30:09) Iframe Tricks(00:47:43) URL Parsing, CSPTS, and Client-side Routes

Episode 150: In this episode of Critical Thinking - Bug Bounty Podcast we're highlighting some cool news and research, but not before expressing our gratitude to the Hacker community. We are so thankful for you all!Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pme====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor: ThreatLocker. Check out ThreatLocker Elevation Controlhttps://ctbb.show/tl-ec====== This Week in Bug Bounty ======Cache Overflow on Cloudflare====== Resources ======Breaking Oracle’s Identity ManagerWho Needs a Blind XSS?ASP.NET MVC View Engine Search PatternsHereticLesser known techniques for large-scale subdomain enumAntigravity – Known IssuesBug Bounty DailyCaido version of AssetNote Surf====== Timestamps ======(00:00:00) Introduction(00:09:47) Breaking Oracle’s Identity Manager & Who Needs a Blind XSS?(00:20:37) ASP.NET MVC View Engine Search Patterns & Heretic(00:29:04) Lesser known techniques for large-scale subdomain enum(00:35:29) Gemini 3 & Antigravity.(00:45:57) Bug Bounty Daily (00:52:42) Surf for Caido

Episode 149: In this episode of Critical Thinking - Bug Bounty Podcast The DEFCON videos are up, and Justin and Joseph talk through some of their favorites.Follow us on XGot any ideas and suggestions? Feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!====== Resources ======Unicode surrogates conversionPrompt. Scan. ExploitBreaking into thousands of cloud based VPNs with 1 bugExamining Access Control Vulnerabilities in GraphQLSmart Bus Smart HackingPasskeys PwnedBypassing Intent Destination ChecksGemini Agents in Google CalendarExploitation of DOM Clobbering Vuln at ScaleTheHulkSmart Devices, Dumb ResetsMac PRT Cookie Theft====== Timestamps ======(00:00:00) Introduction(00:10:10) Prompt. Scan. Exploit(00:23:52) Breaking into thousands of cloud based VPNs with 1 bug(00:33:25) Access Control Vulns in GraphQL, Smart Bus Hacking, & Passkeys Pwned(00:44:10) Bypassing Intent Destination Checks & Invoking Gemini Agents(00:57:08) DOM Clobbering, Mac PRT Cookie Theft, & Smart Devices, Dumb Resets