Critical Thinking - Bug Bounty Podcast

Episode 121: In this episode of Critical Thinking - Bug Bounty Podcast we cover so much news and research that we ran out of room in the description... Follow us on X [https://x.com/ctbbpodcast] Shoutout to YTCracker [https://twitter.com/realytcracker] for the awesome intro music! ====== Links ====== Follow Rhynorater [https://x.com/Rhynorater]and Rez0 [https://x.com/rez0__]on X: ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord! [https://ctbb.show/discord] We also have hacker swag [https://ctbb.show/merch]! ====== This Week in Bug Bounty ====== Hacker spotlight: Rhynorater [https://www.bugcrowd.com/blog/hacker-spotlight-rhynorater/] Ultra Mobile BB Program - Mobile Apps [https://bugcrowd.com/engagements/ultramobile-mbb-og2] Ultra Mobile BB Program - (Public) [https://bugcrowd.com/engagements/ultramobile] John Deere Program [https://hackerone.com/john-deere?type=team] JD's's BB Program Boosts Cybersecurity [https://www.deere.com/en/stories/featured/hacker-heroes/] Dojo #41 - Ruby treasure [https://dojo-yeswehack.com/challenge/play/5509cc2e-bd6c-4606-8cbb-f3ca1d25c732] ====== Resources ====== slonser 0-day in chrome [https://x.com/slonser_/status/1919439373986107814] CT Additional useful primitives [https://x.com/ctbbpodcast/status/1919501924862214577] How I made $64k from deleted files [https://medium.com/@sharon.brizinov/how-i-made-64k-from-deleted-files-a-bug-bounty-story-c5bd3a6f5f9b] CTBB episode with Sharon Brizinov [http://ctbb.show/98] Rez0's Subdomain Link Launcher [https://josephthacker.com/subdomain_link_launcher] Qwen3 Local Model [https://x.com/simonw/status/1918451927207325774] May Cause Pwnage [https://blog.jaisal.dev/articles/mcp] import WAF bypass [https://x.com/KN0X55/status/1916180381742551238] Caido Drop [https://github.com/caido-community/drop] Andre's tweet about encoded word [https://x.com/0xacb/status/1915334267522912742] Nahamcon [https://www.nahamcon.com/] Gemini prompt leak [https://x.com/elder_plinius/status/1913734789544214841] SVG Onload Handlers [https://x.com/garethheyes/status/1915488202405593136]

Episode 120: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner welcomes Eugene to talk (aka fanboy) about his new book, 'From Day Zero to Zero Day.' We walk through what to expect in each chapter, including Binary Analysis, Source and Sink Discovery, and Fuzzing everything.Then we give listeners a special deal on the book. Follow us on twitter at: https://x.com/ctbbpodcast [https://x.com/ctbbpodcast] Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io [info@criticalthinkingpodcast.io] Shoutout to YTCracker [https://twitter.com/realytcracker] for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater [https://x.com/Rhynorater] https://x.com/rez0__ [https://x.com/rez0__] ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord [https://ctbb.show/discord]! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch [https://ctbb.show/merch]! Today’s Sponsor - ThreatLocker User Store https://www.criticalthinkingpodcast.io [https://www.criticalthinkingpodcast.io] /tl-userstore Today’s guest: https://x.com/spaceraccoonsec [https://x.com/spaceraccoonsec] ====== Resources ====== Buy SpaceRaccoon's Book: From Day Zero to Zero Day https://nostarch.com/zero-day [https://nostarch.com/zero-day] USE CODE 'ZERODAYDEAL' for 30% OFF Pwning Millions of Smart Weighing Machines with API and Hardware Hacking https://spaceraccoon.dev/pwning-millions-smart-weighing-machines-api-hardware-hacking/ [https://spaceraccoon.dev/pwning-millions-smart-weighing-machines-api-hardware-hacking/] ====== Timestamps ====== (00:00:00) Introduction (00:04:58) From Day Zero to Zero Day (00:12:06) Mapping Code to Attack Surface (00:17:59) Day Zero and Taint Analysis (00:22:43) Automated Variant Analysis & Binary Taxonomy (00:31:35) Source and Sink Discovery (00:40:22) Hybrid Binary Analysis & Quick and Dirty Fuzzing (00:56:00) Coverage-Guided Fuzzing, Fuzzing Everything, & Beyond Day Zero (01:02:16) Bug bounty, Vuln research, & Governmental work (01:10:23) Source Code Review & Pwning Millions of Smart Weighing Machines

Episode 119: In this episode of Critical Thinking - Bug Bounty Podcast Justin does a mini deep dive into the world of iframes, starting with why they’re significant, their attributes, and how to attack them. CORRECTION: Some of my comments on the latest episode of the pod were woefully inaccurate about the `csp` attribute of an iframe. Def should have read the spec more thoroughly. Please see the #corrections [https://x.com/hashtag/corrections?src=hashtag_click] channel in Discord for the deets. Follow us on twitter at: https://x.com/ctbbpodcast [https://x.com/ctbbpodcast] Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io [info@criticalthinkingpodcast.io] Shoutout to YTCracker [https://twitter.com/realytcracker] for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater [https://x.com/Rhynorater] https://x.com/rez0__ [https://x.com/rez0__] ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord [https://ctbb.show/discord]! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch [https://ctbb.show/merch]! ====== Resources ====== Episode with JR0ch17 ctbb.show/61 [http://ctbb.show/61] Exacerbating Cross-Site Scripting: The Iframe Sandwich https://coopergyoung.com/exacerbating-cross-site-scripting-the-iframe-sandwich/ [https://coopergyoung.com/exacerbating-cross-site-scripting-the-iframe-sandwich/] ====== Timestamps ====== (00:00:00) Introduction (00:01:20) Why are Iframes useful (00:05:11) Attributes of Iframes (00:21:39) Iframe Attacks (00:29:53) Iframe Fun Facts

Episode 118: In this episode of Critical Thinking - Bug Bounty Podcast we cover a host of news, including clientside tidbits, “Credentialless” iframes, prototype pollution, and what constitutes a polyglot in llms.txt. Follow us on X [https://x.com/ctbbpodcast] Shoutout to YTCracker [https://twitter.com/realytcracker] for the awesome intro music! ====== Links ====== Follow Rhynorater [https://x.com/Rhynorater] and Rez0 [https://x.com/rez0__]on X ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord [https://ctbb.show/discord]! You can also find some hacker swag [https://ctbb.show/merch]! ====== Resources ====== p4fg passed 1 Million! [https://hackerone.com/p4fg] /reports/:id.json - $25K Crit [https://hackerone.com/reports/3000510] Hacking Crypto pt1 [https://www.bugcrowd.com/blog/hacking-crypto-part-i/] The art of payload obfuscation [https://www.yeswehack.com/learn-bug-bounty/payload-obfuscation-techniques-guide] Analyzing the Next.js Middleware Bypass [https://slcyber.io/assetnote-security-research-center/doing-the-due-diligence-analysing-the-next-js-middleware-bypass-cve-2025-29927/] Nahamsec's Merch store [https://merch.nahamsec.com/] llms.txt polyglot prompt injection [https://josephthacker.com/llms.txt] React Router and the Remix’ed path [https://zhero-web-sec.github.io/research-and-things/react-router-and-the-remixed-path] Pre-Authentication SQL Injection in Halo ITSM [https://slcyber.io/assetnote-security-research-center/loose-types-sink-ships-pre-authentication-sql-injection-in-halo-itsm/] Pwning Millions of Smart Weighing Machines [https://spaceraccoon.dev/pwning-millions-smart-weighing-machines-api-hardware-hacking/] MCP Server Oauth [https://x.com/tweetsbycolin/status/1905268522357571663] Cline [https://x.com/cline/status/1907186512506306572] “Credentialless” iframes [https://developer.mozilla.org/en-US/docs/Web/Security/IFrame_credentialless] Tiny XSS Payloads [https://tinyxss.terjanq.me/] Types of Pollution [https://discord.com/channels/1110206757227216916/1174723465467662366/1354051658451259433] ====== Timestamps ====== (00:00:00) Introduction (00:05:56) Next.js Middleware bypass & Polyglots in llms.txt (00:16:35) CPDoS on React Router (00:24:26) Loose Types Sink Ships & Pwning Smart Scales (00:32:30) MCP Server Oauth & Cline (00:39:40) Clientside Tidbits & Prototype Pollutions

Episode 117: In this episode of Critical Thinking - Bug Bounty Podcast Joseph introduces Vulus Ex Machina: A 3-part mini-series on hacking AI applications. In this part, he lays the groundwork and focuses on AI reconnaissance. Follow us on twitter at: https://x.com/ctbbpodcast [https://x.com/ctbbpodcast] Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io [info@criticalthinkingpodcast.io] Shoutout to YTCracker [https://twitter.com/realytcracker] for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater [https://x.com/Rhynorater] https://x.com/rez0__ [https://x.com/rez0__] ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord [https://ctbb.show/discord]! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch [https://ctbb.show/merch]! ====== Resources ====== Building Reliable Web Agents https://x.com/pk_iv/status/1904178892723941777 [https://x.com/pk_iv/status/1904178892723941777] 17 security checks from VIBE to PRODUCTION https://x.com/Kaamiiaar/status/1902342578185630000 [https://x.com/Kaamiiaar/status/1902342578185630000] How to Hack AI Agents and Applications https://josephthacker.com/hacking/2025/02/25/how-to-hack-ai-apps.html [https://josephthacker.com/hacking/2025/02/25/how-to-hack-ai-apps.html] AI Crash Course Repo https://github.com/henrythe9th/ai-crash-course [https://github.com/henrythe9th/ai-crash-course] Deep Dive into LLMs like ChatGPT https://www.youtube.com/watch?v=7xTGNNLPyMI [https://www.youtube.com/watch?v=7xTGNNLPyMI] ====== Timestamps ====== (00:00:00) Introduction (00:01:54) AI News (00:08:09) How to Hack AI Agents and Applications (00:14:26) The Recon Process (00:25:06) Initial Probing & Steering