Critical Thinking - Bug Bounty Podcast

Episode 133: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Harley and Ari from H1 to talk some about community management roles within Bug Bounty, as well as discuss the evolution of Bug Bounty Village at DEFCON, and what they’ve got in store this year. Follow us on twitter at: https://x.com/ctbbpodcast [https://x.com/ctbbpodcast] Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io [info@criticalthinkingpodcast.io] Shoutout to YTCracker [https://twitter.com/realytcracker] for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater [https://x.com/Rhynorater] https://x.com/rez0__ [https://x.com/rez0__] ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord [https://ctbb.show/discord]! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch [https://ctbb.show/merch]! Today’s Guests: * x.com/infinitelogins [http://x.com/infinitelogins] * https://x.com/Arl_rose [https://x.com/Arl_rose] Today’s Sponsor is Adobe. Use code CTBBP0907 in your first report on Adobe Behance, Portfolio, Fonts or Acrobat Web, and earn a one-time 10% bonus reward! ====== This Week in Bug Bounty ====== BBV Platform Panel about Triage [https://x.com/BugBountyDEFCON/status/1947763983584313699] YesWeHACK Makes Debut at Black Hat USA 2025 [https://www.yeswehack.com/page/yeswehack-makes-our-debut-at-black-hat-usa-2025] New Dojo challenge featuring a time-based token prediction combined PyYAML deserialization [https://dojo-yeswehack.com/challenge-of-the-month/dojo-43] GMSGadget [https://gmsgadget.com/] ====== Resources ====== Bug Bounty Village [https://www.bugbountydefcon.com/] Sign up for the Disclosed Newsletter [http://getdisclosed.com] Disclosed Online [http://disclosedonline.com] Harley's Youtube Channel [http://youtube.com/infinitelogins] ====== Timestamps ====== (00:00:00) Introduction (00:05:51) Bug Stories and Hacking Journeys (00:32:37) Community Management within Bug Bounty (00:39:43) Bug Bounty Village - Origin & 2025 Plans (01:02:39) Disclosed Online and Harley's Upcoming Ebook

Episode 132: In this episode of Critical Thinking - Bug Bounty Podcast, Justin Gardner is joined by Mathias Karlsson to discuss vulnerabilities associated with archives. They talk about his new tool, Archive Alchemist, and explore topics like the significance of Unicode paths, symlinks, and TAR before they end up talking about Charsets again.. Follow us on twitter at: https://x.com/ctbbpodcast [https://x.com/ctbbpodcast] Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io [info@criticalthinkingpodcast.io] Shoutout to YTCracker [https://twitter.com/realytcracker] for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater [https://x.com/Rhynorater] and Rez0 [https://x.com/rez0__] on Twitter: ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord [https://ctbb.show/discord]! You can also find some hacker swag at https://ctbb.show/merch [https://ctbb.show/merch]! Today's Sponsor: ThreatLocker - Patch Management [https://www.criticalthinkingpodcast.io/TL-patch-management] Today’s Guest: Mathias Karlsson [https://x.com/avlidienbrunn] ====== This Week in Bug Bounty ====== Swiss Post's 2025 Public Intrusion Test starts on July 28 [https://yeswehack.com/programs/swiss-post-evoting] Intigriti teams with NVIDIA [https://www.intigriti.com/blog/business-insights/intigriti-teams-with-nvidia-to-launch-bug-bounty-vulnerability-disclosure-program] Bugcrowd Ingenuity Awards [https://live-bug-crowd.pantheonsite.io/blog/announcing-the-bugcrowd-ingenuity-awards-celebrating-excellence-among-hackers-and-industry-leaders/] Hack the Hacker Series - AI Vulnerabilities and Bug Bounties [https://www.youtube.com/watch?v=syXVGe8zPSY] A Novel Technique for SQL Injection in PDO’s Prepared Statements [https://slcyber.io/assetnote-security-research-center/a-novel-technique-for-sql-injection-in-pdos-prepared-statements/] How We Accidentally Discovered a Remote Code Execution Vulnerability in ETQ Reliance [https://slcyber.io/assetnote-security-research-center/how-we-accidentally-discovered-a-remote-code-execution-vulnerability-in-etq-reliance/] ====== Resources ====== Archive Alchemist [https://github.com/avlidienbrunn/archivealchemist] Hacking Livestream #53: The ZIP file format [https://www.youtube.com/watch?v=X7j2sisMKzk] ====== Timestamps ====== (00:00:00) Introduction (00:10:04) Archive Alchemist (00:36:05) Unicode Extensions, normalization, and confusion attacks on Zip parsers (00:48:44) Character Sets (01:01:49) 7zip & File Names (01:06:44) Path Traversal, Symlinks & Identifying Techniques (01:36:05) Hardlinks and TAR

Episode 131: In this episode of Critical Thinking - Bug Bounty Podcast we're covering Christmas in July with several banger articles from Searchlight Cyber, as well as covering things like Raycast for Windows, Third-Person prompting, and touch on the recent McDonalds Leak Follow us on twitter at: https://x.com/ctbbpodcast [https://x.com/ctbbpodcast] Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io [info@criticalthinkingpodcast.io] Shoutout to YTCracker [https://twitter.com/realytcracker] for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater [https://x.com/Rhynorater] https://x.com/rez0__ [https://x.com/rez0__] ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord [https://ctbb.show/discord]! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch [https://ctbb.show/merch]! Today’s Sponsor is Adobe. Use code CTBBP0907 in your first report on Adobe Behance, Portfolio, Fonts or Acrobat Web, and earn a one-time 10% bonus reward! ====== Resources ====== v1 Instance Metadata Service protections bypass [https://amlw.dev/vrp/135276622/] Would you like an IDOR with that? Leaking 64 million McDonald’s job applications [https://ian.sh/mcdonalds] How we got persistent XSS on every AEM cloud site, thrice [https://slcyber.io/assetnote-security-research-center/how-we-got-persistent-xss-on-every-aem-cloud-site-thrice/] Google docs now supports export as markdown [https://x.com/albinowax/status/1943306445149049178] Abusing Windows, .NET quirks, and Unicode Normalization to exploit DNN (DotNetNuke) [https://slcyber.io/assetnote-security-research-center/abusing-windows-net-quirks-and-unicode-normalization-to-exploit-dnn-dotnetnuke/] How I Scanned all of GitHub’s “Oops Commits” for Leaked Secrets [https://trufflesecurity.com/blog/guest-post-how-i-scanned-all-of-github-s-oops-commits-for-leaked-secrets] Bug bounty, feedback, strategy and alchemy [https://zhero-web-sec.github.io/thoughts/bugbounty-feedback-strategy-and-alchemy] ====== Timestamps ====== (00:00:00) Introduction (00:05:39) Metadata Service protections bypass & Mcdonalds Leak (00:12:30) Christmas in July with Searchlight Cyber Pt 1 (00:19:43) Export as Markdown, Raycast for Windows, & Third-Person prompting (00:23:56) Christmas in July with Searchlight Cyber Pt 2 (00:27:39) GitHub’s “Oops Commits” for Leaked Secrets (00:36:53) Bug bounty, feedback, strategy and alchemy

Episode 130: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by Valentino, who shares his journey from hacking Minecraft to becoming a Google hunter. He talks us through several bugs, including an HTML Sanitizer bypass and .NET deserialization, and highlights the hyper creative approaches he tends to employ. Follow us on twitter at: https://x.com/ctbbpodcast [https://x.com/ctbbpodcast] Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io [info@criticalthinkingpodcast.io] Shoutout to YTCracker [https://twitter.com/realytcracker] for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater [https://x.com/Rhynorater] https://x.com/rez0__ [https://x.com/rez0__] ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord [https://ctbb.show/discord]! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch [https://ctbb.show/merch]! Today's Sponsor: ThreatLocker - Patch Management https://www.criticalthinkingpodcast.io/TL-patch-management [https://www.criticalthinkingpodcast.io/TL-patch-management] Today’s Guest: Valentino - https://blog.3133700.xyz/ [https://blog.3133700.xyz/] ====== Resources ====== JMX Manager [https://web.archive.org/web/20220702003650/https://xz.aliyun.com/t/11450] Stored XSS in reclamos [https://hackerone.com/reports/1675516] Command Injection in Vertex AI [https://docs.google.com/document/d/18oQDjLVcrwRFTaRK6zW2tnL3gwWwthOQnp89kMKNAb0/edit?tab=t.0] whitepaper-net-deser.pdf [https://github.com/thezdi/presentations/blob/main/2023_Hexacon/whitepaper-net-deser.pdf] free-after-use.go [https://github.com/valent1nee/vulnz/blob/main/free-after-use.go] A Journey Into Finding Vulnerabilities in the PMB Library Management System [https://blog.3133700.xyz/pmb#CVE-2023-52155] emulated-register_globals.php [https://github.com/valent1nee/vulnz/blob/main/emulated-register_globals.php] ====== Timestamps ====== (00:00:00) Introduction (00:02:38) JMXProxy Bug Story (00:09:46) Intro to Valentino (00:29:08) HTML Sanitizer bypass on MercadoLibre (00:37:16) Command injection in Vertex AI (00:44:10) .NET deserialization, & Argument injection to LFR, & Free after use (00:51:33) Luck, creativity, and evolution as Hacker (00:59:31) Issues in file extension validation components, Emulated register_globals, & AI Hacking

Episode 129: In this episode of Critical Thinking - Bug Bounty Podcast we chat about the future of hack bots and human-AI collaboration, the challenges posed by tokenization, and the need for cybersecurity professionals to adapt to the evolving landscape of hacking in the age of AI Follow us on twitter at: https://x.com/ctbbpodcast [https://x.com/ctbbpodcast] Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io [info@criticalthinkingpodcast.io] Shoutout to YTCracker [https://twitter.com/realytcracker] for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater [https://x.com/Rhynorater] https://x.com/rez0__ [https://x.com/rez0__] ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord [https://ctbb.show/discord]! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch [https://ctbb.show/merch]! ====== This Week in Bug Bounty ====== Improper error handling in async cryptographic operations crashes process https://hackerone.com/reports/2817648 [https://hackerone.com/reports/2817648] Recon Series #6: Excavating hidden artifacts with Wayback Machine https://www.yeswehack.com/learn-bug-bounty/recon-wayback-machine-web-archive [https://www.yeswehack.com/learn-bug-bounty/recon-wayback-machine-web-archive] ====== Resources ====== This is How They Tell Me Bug Bounty Ends https://josephthacker.com/hacking/2025/06/09/this-is-how-they-tell-me-bug-bounty-ends.html [https://josephthacker.com/hacking/2025/06/09/this-is-how-they-tell-me-bug-bounty-ends.html] Welcome, Hackbots: How AI Is Shaping the Future of Vulnerability Discovery https://www.hackerone.com/blog/welcome-hackbots-how-ai-shaping-future-vulnerability-discovery [https://www.hackerone.com/blog/welcome-hackbots-how-ai-shaping-future-vulnerability-discovery] Glitch Token https://www.youtube.com/watch?v=WO2X3oZEJOA [https://www.youtube.com/watch?v=WO2X3oZEJOA] Conducting smarter intelligences than me: new orchestras https://southbridge-research.notion.site/conducting-smarter-intelligences-than-me [https://southbridge-research.notion.site/conducting-smarter-intelligences-than-me] ====== Timestamps ====== (00:00:00) Introduction (00:04:05) Is this how Bug Bounty Ends? (00:11:14) Hackbots and handling leads (00:20:50) Hacker chain of thought & Tokenization (00:32:54) Context Engineering