Critical Thinking - Bug Bounty Podcast

Episode 128: In this episode of Critical Thinking - Bug Bounty Podcast we talking Blind SSRF and Self-XSS, as well as Reversing massive minified JS with AI and a wild Google Logo Ligature Bug Follow us on twitter at: https://x.com/ctbbpodcast [https://x.com/ctbbpodcast] Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io [info@criticalthinkingpodcast.io] Shoutout to YTCracker [https://twitter.com/realytcracker] for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater [https://x.com/Rhynorater] https://x.com/rez0__ [https://x.com/rez0__] ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord [https://ctbb.show/discord]! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch [https://ctbb.show/merch]! Today's Sponsor: ThreatLocker - Patch Management [https://www.criticalthinkingpodcast.io/TL-patch-management] ====== This Week in Bug Bounty ====== BitK's "Payload plz" challenge at LeHack [https://www.yeswehack.com/page/yeswehack-at-lehack-2025] ====== Resources ====== Make Self-XSS Great Again [https://blog.slonser.info/posts/make-self-xss-great-again/] Novel SSRF Technique Involving HTTP Redirect Loops [https://x.com/infosec_au/status/1937103837334323472] Surf - Escalate your SSRF vulnerabilities on Modern Cloud Environments [https://github.com/assetnote/surf] Gecko: Intent to prototype: Framebusting Intervention [https://x.com/intenttoship/status/1937135319142293805] Conducting smarter intelligences than me: new orchestras [https://southbridge-research.notion.site/conducting-smarter-intelligences-than-me] Mandark [https://github.com/hrishioa/mandark] Lumentis [https://github.com/hrishioa/lumentis] jscollab [https://github.com/xssdoctor/jscollab] Google Logo Ligature Bug [https://www.jefftk.com/p/google-logo-ligature-bug] ====== Timestamps ====== (00:00:00) Introduction (00:03:55) Self-XSS and credentialless iframe (00:16:50) Novel SSRF Technique Involving HTTP Redirect Loops (00:25:02) Framebusting (00:29:13) Reversing massive minified JS with AI (00:53:12) Google Logo Ligature Bug

Episode 127: In this episode of Critical Thinking - Bug Bounty Podcast we address some recent bug bounty controversy before jumping into a slew of news items Follow us on X [https://x.com/ctbbpodcast] Shoutout to YTCracker [https://twitter.com/realytcracker] for the awesome intro music! Today's Sponsor: Adobe [http://hackerone.com/adobe] ====== This Week In Bug Bounty ====== Hackers Guide to Google dorking [https://www.yeswehack.com/learn-bug-bounty/recon-hackers-guide-google-dorking?utm_source=twitter&utm_medium=social&utm_campaign=guide-google-dorking] YesWeCaido [https://www.yeswehack.com/learn-bug-bounty/yeswecaido-plugin-bug-bounty-programs?utm_source=sponsor&utm_medium=blog&utm_campaign=blog-tool-yeswecaido] New Dojo Challenge [https://dojo-yeswehack.com/challenge-of-the-month/dojo-42?utm_source=twitter&utm_medium=social&utm_campaign=dojo-challenge?] Smart Contract BB tips [https://www.hackerone.com/blog/smart-contracts-common-vulnerabilities-and-real-world-cases] Red Team AAS [https://www.bugcrowd.com/blog/introducing-bugcrowd-red-team-as-a-service-rtaas/] ====== Resources ====== Disclosed [https://getdisclosed.com/] PDF csp bypass [https://x.com/xssdoctor/status/1932953259339083929] Bypassing File Upload Restrictions To Exploit Client-Side Path Traversal [https://blog.doyensec.com/2025/01/09/cspt-file-upload.html] OBS WebSocket to RCE [https://jorianwoltjer.com/blog/p/research/obs-websocket-rce] Time in a bottle (or knapsack) [https://www.sensecurity.io/time-in-a-bottle-or-knapsack/] How to Differentiate Yourself as a Bug Bounty Hunter [https://www.youtube.com/watch?v=WTH6f0R7uzo] Disclosed. Online [https://www.disclosedonline.com/] hacked-in [https://hackedin.net/] ‘EchoLeak’ [https://www.aim.security/lp/aim-labs-echoleak-blogpost] Piloting Edge Copilot [https://archive.codeblue.jp/2024/files/cb24_Piloting_Edge_Copilot_by_Jun_Kokatsu.pdf] Newtowner [https://github.com/assetnote/newtowner] Tips for agent prompting [https://x.com/Jhaddix/status/1931834748793655539] Firefox XSS vectors [https://x.com/garethheyes/status/1932066642026012716] Tweet from Masato Kinugawa [https://x.com/kinugawamasato/status/1929635990316146899] Chrome debug() function [https://x.com/J0R1AN/status/1933463155763560881]

Episode 126: In this episode of Critical Thinking - Bug Bounty Podcast we wrap up Rez0’s AI miniseries ‘Vulnus Ex Machina’. Part 3 includes a showcase of AI Vulns that Rez0 himself has found, and how much they paid out. Follow us on twitter at: https://x.com/ctbbpodcast [https://x.com/ctbbpodcast] Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io [info@criticalthinkingpodcast.io] Shoutout to YTCracker [https://twitter.com/realytcracker] for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater [https://x.com/Rhynorater] https://x.com/rez0__ [https://x.com/rez0__] ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord [https://ctbb.show/discord]! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch [https://ctbb.show/merch]! Today’s Sponsor - ThreatLocker Web Control https://www.criticalthinkingpodcast.io/tl-webcontrol [https://www.criticalthinkingpodcast.io/tl-webcontrol] ====== Resources ====== Claude Code System Prompt [https://x.com/wunderwuzzi23/status/1926867263451169116] Attacking AI Agents [https://x.com/wunderwuzzi23/status/1926430567479857460] Probability of Hacks [https://www.sensecurity.io/probability-of-hacks/] New Gemini for Workspace Vulnerability Enabling Phishing & Content Manipulation [https://hiddenlayer.com/innovation-hub/new-gemini-for-workspace-vulnerability/] How to Hack AI Agents and Applications [https://josephthacker.com/hacking/2025/02/25/how-to-hack-ai-apps.html] ====== Timestamps ====== (00:00:00) Introduction (00:02:53) NahamCon Recap, Claude news, and wunderwuzzi writeups (00:08:57) Probability of Hacks (00:11:27) First AI Vulnerabilities (00:18:57) AI Vulns on Google (00:25:11) Invisible prompt Injection

Episode 125: In this episode of Critical Thinking - Bug Bounty Podcast Justin shares insights on how to succeed at live hacking events. We cover pre-event preparations, challenges of collaboration, on-site strategies, and the importance of maintaining a healthy mindset throughout the entire process. Follow us on twitter at: https://x.com/ctbbpodcast [https://x.com/ctbbpodcast] Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io [info@criticalthinkingpodcast.io] Shoutout to YTCracker [https://twitter.com/realytcracker] for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater [https://x.com/Rhynorater] https://x.com/rez0__ [https://x.com/rez0__] ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord [https://ctbb.show/discord]! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch [https://ctbb.show/merch]! ====== This Week in Bug Bounty ====== Decathlon Public Bug Bounty Program on YesWeHack [https://yeswehack.com/programs/decathlon] ====== Resources ====== The Ultimate Double-Clickjacking PoC [https://jorianwoltjer.com/blog/p/hacking/ultimate-doubleclickjacking-poc] Grafana Full read SSRF and Account Takeover: CVE-2025-4123 [https://nightbloodz.github.io/grafana-CVE-2025-4123/] Grafana CVE-2025-4123 Exploit [https://github.com/NightBloodz/CVE-2025-4123] What I learned from my first 100 HackerOne Reports [https://evanconnelly.com/post/my-first-100-hackerone-reports/] Root for your friends [https://josephthacker.com/personal/2025/05/13/root-for-your-friends.html] ====== Timestamps ====== (00:00:00) Introduction (00:02:30) The Ultimate Double-Clickjacking PoC, Grafana CVE, & Evan Connelly's first 100 bugs (00:10:23) How to win at Live Hacking Events (00:11:53) Pre-event (00:11:45) Scope Call (00:33:11) Dupe window Ends (00:36:00) Onsite & and Day of Event (00:42:46) Don't define your identity on the outcome

Episode 124: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph cover some news from around the community, hitting on Joseph’s Anthropic safety testing, Justin’s guest appearance on For Crying Out Cloud, and several fascinating tweets. Then they have a quick Full-time Bug Bounty check-in. Follow us on twitter at: https://x.com/ctbbpodcast [https://x.com/ctbbpodcast] Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io [info@criticalthinkingpodcast.io] Shoutout to YTCracker [https://twitter.com/realytcracker] for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater [https://x.com/Rhynorater] https://x.com/rez0__ [https://x.com/rez0__] ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord [https://ctbb.show/discord]! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch [https://ctbb.show/merch]! Today’s Sponsor - ThreatLocker Web Control https://www.criticalthinkingpodcast.io/tl-webcontrol [https://www.criticalthinkingpodcast.io/tl-webcontrol] ====== This Week in Bug Bounty ====== Louis Vuitton Public Bug Bounty Program [https://yeswehack.com/programs/louis-vuitton-malletier-public-bug-bounty-program] CVE-2025-47934 was discovered on one of our Bug Bounty program : OpenPGP.js [https://nvd.nist.gov/vuln/detail/CVE-2025-47934] Stored XSS in File Upload Leads to Privilege Escalation and Full Workspace Takeover [https://hackerone.com/reports/3115705] ====== Resources ====== Jorian tweet [https://x.com/J0R1AN/status/1925164620886536703/photo/1] Clipjacking: Hacked by copying text - Clickjacking but better [https://blog.jaisal.dev/articles/cwazy-clipboardz] Crying out Cloud Appearance [https://www.youtube.com/watch?v=eW6kk-5Jn6k] Wiz Research takes 1st place in Pwn2Own AI category [https://x.com/wiz_io/status/1924463892111020363] New XSS vector with image tag [https://x.com/garethheyes/status/1922029698986455338] ====== Timestamps ====== (00:00:00) Introduction (00:10:50) Supabase (00:13:47) Tweet-research from Jorian and Wyatt Walls. (00:20:24) Anthropic safety testing challenge & Wiz Podcast guest appearance (00:27:44) New XSS vector, Google i/o, and coding agents (00:35:48) Full Time Bug Bounty