Critical Thinking - Bug Bounty Podcast

Episode 124: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph cover some news from around the community, hitting on Joseph’s Anthropic safety testing, Justin’s guest appearance on For Crying Out Cloud, and several fascinating tweets. Then they have a quick Full-time Bug Bounty check-in. Follow us on twitter at: https://x.com/ctbbpodcast [https://x.com/ctbbpodcast] Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io [info@criticalthinkingpodcast.io] Shoutout to YTCracker [https://twitter.com/realytcracker] for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater [https://x.com/Rhynorater] https://x.com/rez0__ [https://x.com/rez0__] ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord [https://ctbb.show/discord]! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch [https://ctbb.show/merch]! Today’s Sponsor - ThreatLocker Web Control https://www.criticalthinkingpodcast.io/tl-webcontrol [https://www.criticalthinkingpodcast.io/tl-webcontrol] ====== This Week in Bug Bounty ====== Louis Vuitton Public Bug Bounty Program [https://yeswehack.com/programs/louis-vuitton-malletier-public-bug-bounty-program] CVE-2025-47934 was discovered on one of our Bug Bounty program : OpenPGP.js [https://nvd.nist.gov/vuln/detail/CVE-2025-47934] Stored XSS in File Upload Leads to Privilege Escalation and Full Workspace Takeover [https://hackerone.com/reports/3115705] ====== Resources ====== Jorian tweet [https://x.com/J0R1AN/status/1925164620886536703/photo/1] Clipjacking: Hacked by copying text - Clickjacking but better [https://blog.jaisal.dev/articles/cwazy-clipboardz] Crying out Cloud Appearance [https://www.youtube.com/watch?v=eW6kk-5Jn6k] Wiz Research takes 1st place in Pwn2Own AI category [https://x.com/wiz_io/status/1924463892111020363] New XSS vector with image tag [https://x.com/garethheyes/status/1922029698986455338] ====== Timestamps ====== (00:00:00) Introduction (00:10:50) Supabase (00:13:47) Tweet-research from Jorian and Wyatt Walls. (00:20:24) Anthropic safety testing challenge & Wiz Podcast guest appearance (00:27:44) New XSS vector, Google i/o, and coding agents (00:35:48) Full Time Bug Bounty

Episode 123: In this episode of Critical Thinking - Bug Bounty Podcast we’re back with part 2 of Rez0’s miniseries. Today we talk about mastering Prompt Injection, taxonomy of impact, and both triggering traditional Vulns and exploiting AI-specific features. Follow us on twitter at: https://x.com/ctbbpodcast [https://x.com/ctbbpodcast] Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io [info@criticalthinkingpodcast.io] Shoutout to YTCracker [https://twitter.com/realytcracker] for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater [https://x.com/Rhynorater] https://x.com/rez0__ [https://x.com/rez0__] ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord [https://ctbb.show/discord]! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch [https://ctbb.show/merch]! Today’s Sponsor - ThreatLocker User Store https://www.criticalthinkingpodcast.io [https://www.criticalthinkingpodcast.io] /tl-userstore ====== This Week in Bug Bounty ====== Earning a HackerOne 2025 Live Hacking Invite https://www.hackerone.com/blog/earning-hackerone-2025-live-hacking-invite [https://www.hackerone.com/blog/earning-hackerone-2025-live-hacking-invite] HTTP header hacks: basic and advanced exploit techniques explored https://www.yeswehack.com/learn-bug-bounty/http-header-exploitation [https://www.yeswehack.com/learn-bug-bounty/http-header-exploitation] ====== Resources ====== Grep.app [http://Grep.app] https://vercel.com/blog/migrating-grep-from-create-react-app-to-next-js [https://vercel.com/blog/migrating-grep-from-create-react-app-to-next-js] Gemini 2.5 Pro prompt leak https://x.com/elder_plinius/status/1913734789544214841 [https://x.com/elder_plinius/status/1913734789544214841] Pliny's CL4R1T4S https://github.com/elder-plinius/CL4R1T4S [https://github.com/elder-plinius/CL4R1T4S] O3 https://x.com/pdstat/status/1913701997141803329 [https://x.com/pdstat/status/1913701997141803329] ====== Timestamps ====== (00:00:00) Introduction (00:05:25) Grep.app [http://Grep.app], O3, and Gemini 2.5 Pro prompt leak (00:11:09) Delivery and impactful action (00:20:44) Mastering Prompt Injection (00:30:36) Traditional vulns in Tool Calls, and AI Apps (00:37:32) Exploiting AI specific features

Episode 122: In this episode of Critical Thinking - Bug Bounty Podcast your boys are MVH winners! First we’re joined by Zak, to discuss the Google LHE as well as surprising us with a bug of his own! Then, we sit down with Lupin and Monke for a winners roundtable and retrospective of the event. Follow us on twitter at: https://x.com/ctbbpodcast [https://x.com/ctbbpodcast] Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io [info@criticalthinkingpodcast.io] Shoutout to YTCracker [https://twitter.com/realytcracker] for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater [https://x.com/Rhynorater] https://x.com/rez0__ [https://x.com/rez0__] ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord [https://ctbb.show/discord]! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch [https://ctbb.show/merch]! Check out the CTBB Job Board: https://jobs.ctbb.show/ [https://jobs.ctbb.show/] Today’s Guests: Zak Bennett : https://www.linkedin.com/in/zak-bennett/ [https://www.linkedin.com/in/zak-bennett/] Ciarán Cotter: https://x.com/monkehack [https://x.com/monkehack] Roni Carta: https://x.com/0xLupin [https://x.com/0xLupin] ====== Resources ====== We hacked Google’s A.I Gemini and leaked its source code https://www.landh.tech/blog/20250327-we-hacked-gemini-source-code [https://www.landh.tech/blog/20250327-we-hacked-gemini-source-code] ====== Timestamps ====== (00:00:00) Introduction (00:03:02) An RCE via memory corruption (00:07:45) Zak's role at Google and Google's AI LHE (00:15:25) Different Components of AI Vulnerabilities (00:24:58) MHV Winner Debrief (01:08:47) Technical Takeaways And Team Strategies (01:28:49) LHE Experience and Google VRP & Abuse VRP

Episode 121: In this episode of Critical Thinking - Bug Bounty Podcast we cover so much news and research that we ran out of room in the description... Follow us on X [https://x.com/ctbbpodcast] Shoutout to YTCracker [https://twitter.com/realytcracker] for the awesome intro music! ====== Links ====== Follow Rhynorater [https://x.com/Rhynorater]and Rez0 [https://x.com/rez0__]on X: ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord! [https://ctbb.show/discord] We also have hacker swag [https://ctbb.show/merch]! ====== This Week in Bug Bounty ====== Hacker spotlight: Rhynorater [https://www.bugcrowd.com/blog/hacker-spotlight-rhynorater/] Ultra Mobile BB Program - Mobile Apps [https://bugcrowd.com/engagements/ultramobile-mbb-og2] Ultra Mobile BB Program - (Public) [https://bugcrowd.com/engagements/ultramobile] John Deere Program [https://hackerone.com/john-deere?type=team] JD's's BB Program Boosts Cybersecurity [https://www.deere.com/en/stories/featured/hacker-heroes/] Dojo #41 - Ruby treasure [https://dojo-yeswehack.com/challenge/play/5509cc2e-bd6c-4606-8cbb-f3ca1d25c732] ====== Resources ====== slonser 0-day in chrome [https://x.com/slonser_/status/1919439373986107814] CT Additional useful primitives [https://x.com/ctbbpodcast/status/1919501924862214577] How I made $64k from deleted files [https://medium.com/@sharon.brizinov/how-i-made-64k-from-deleted-files-a-bug-bounty-story-c5bd3a6f5f9b] CTBB episode with Sharon Brizinov [http://ctbb.show/98] Rez0's Subdomain Link Launcher [https://josephthacker.com/subdomain_link_launcher] Qwen3 Local Model [https://x.com/simonw/status/1918451927207325774] May Cause Pwnage [https://blog.jaisal.dev/articles/mcp] import WAF bypass [https://x.com/KN0X55/status/1916180381742551238] Caido Drop [https://github.com/caido-community/drop] Andre's tweet about encoded word [https://x.com/0xacb/status/1915334267522912742] Nahamcon [https://www.nahamcon.com/] Gemini prompt leak [https://x.com/elder_plinius/status/1913734789544214841] SVG Onload Handlers [https://x.com/garethheyes/status/1915488202405593136]

Episode 120: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner welcomes Eugene to talk (aka fanboy) about his new book, 'From Day Zero to Zero Day.' We walk through what to expect in each chapter, including Binary Analysis, Source and Sink Discovery, and Fuzzing everything.Then we give listeners a special deal on the book. Follow us on twitter at: https://x.com/ctbbpodcast [https://x.com/ctbbpodcast] Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io [info@criticalthinkingpodcast.io] Shoutout to YTCracker [https://twitter.com/realytcracker] for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater [https://x.com/Rhynorater] https://x.com/rez0__ [https://x.com/rez0__] ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord [https://ctbb.show/discord]! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch [https://ctbb.show/merch]! Today’s Sponsor - ThreatLocker User Store https://www.criticalthinkingpodcast.io [https://www.criticalthinkingpodcast.io] /tl-userstore Today’s guest: https://x.com/spaceraccoonsec [https://x.com/spaceraccoonsec] ====== Resources ====== Buy SpaceRaccoon's Book: From Day Zero to Zero Day https://nostarch.com/zero-day [https://nostarch.com/zero-day] USE CODE 'ZERODAYDEAL' for 30% OFF Pwning Millions of Smart Weighing Machines with API and Hardware Hacking https://spaceraccoon.dev/pwning-millions-smart-weighing-machines-api-hardware-hacking/ [https://spaceraccoon.dev/pwning-millions-smart-weighing-machines-api-hardware-hacking/] ====== Timestamps ====== (00:00:00) Introduction (00:04:58) From Day Zero to Zero Day (00:12:06) Mapping Code to Attack Surface (00:17:59) Day Zero and Taint Analysis (00:22:43) Automated Variant Analysis & Binary Taxonomy (00:31:35) Source and Sink Discovery (00:40:22) Hybrid Binary Analysis & Quick and Dirty Fuzzing (00:56:00) Coverage-Guided Fuzzing, Fuzzing Everything, & Beyond Day Zero (01:02:16) Bug bounty, Vuln research, & Governmental work (01:10:23) Source Code Review & Pwning Millions of Smart Weighing Machines