Critical Thinking - Bug Bounty Podcast

• Episode 126: Hacking AI Series: Vulnus ex Machina - Part 3

  Episode 126: In this episode of Critical Thinking - Bug Bounty Podcast we wrap up Rez0’s AI miniseries ‘Vulnus Ex Machina’. Part 3 includes a showcase of AI Vulns that Rez0 himself has found, and how much they paid out.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today’s Sponsor - ThreatLocker Web Controlhttps://www.criticalthinkingpodcast.io/tl-webcontrol====== Resources ======Claude Code System PromptAttacking AI AgentsProbability of HacksNew Gemini for Workspace Vulnerability Enabling Phishing & Content ManipulationHow to Hack AI Agents and Applications====== Timestamps ======(00:00:00) Introduction(00:02:53) NahamCon Recap, Claude news, and wunderwuzzi writeups (00:08:57) Probability of Hacks(00:11:27) First AI Vulnerabilities(00:18:57) AI Vulns on Google (00:25:11) Invisible prompt Injection

  --------  

  38:32
• Episode 125: How to Win Live Hacking Events

  Episode 125: In this episode of Critical Thinking - Bug Bounty Podcast Justin shares insights on how to succeed at live hacking events. We cover pre-event preparations, challenges of collaboration, on-site strategies, and the importance of maintaining a healthy mindset throughout the entire process.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!====== This Week in Bug Bounty ======Decathlon Public Bug Bounty Program on YesWeHack====== Resources ======The Ultimate Double-Clickjacking PoCGrafana Full read SSRF and Account Takeover: CVE-2025-4123Grafana CVE-2025-4123 ExploitWhat I learned from my first 100 HackerOne ReportsRoot for your friends====== Timestamps ======(00:00:00) Introduction(00:02:30) The Ultimate Double-Clickjacking PoC, Grafana CVE, & Evan Connelly's first 100 bugs(00:10:23) How to win at Live Hacking Events(00:11:53) Pre-event(00:11:45) Scope Call(00:33:11) Dupe window Ends(00:36:00) Onsite & and Day of Event(00:42:46) Don't define your identity on the outcome

  --------  

  47:04
• Episode 124: Bug Bounty Lifestyle = Less Hacking Time?

  Episode 124: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph cover some news from around the community, hitting on Joseph’s Anthropic safety testing, Justin’s guest appearance on For Crying Out Cloud, and several fascinating tweets. Then they have a quick Full-time Bug Bounty check-in.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today’s Sponsor - ThreatLocker Web Controlhttps://www.criticalthinkingpodcast.io/tl-webcontrol====== This Week in Bug Bounty ======Louis Vuitton Public Bug Bounty ProgramCVE-2025-47934 was discovered on one of our Bug Bounty program : OpenPGP.jsStored XSS in File Upload Leads to Privilege Escalation and Full Workspace Takeover====== Resources ======Jorian tweetClipjacking: Hacked by copying text - Clickjacking but betterCrying out Cloud AppearanceWiz Research takes 1st place in Pwn2Own AI categoryNew XSS vector with image tag====== Timestamps ======(00:00:00) Introduction(00:10:50) Supabase(00:13:47) Tweet-research from Jorian and Wyatt Walls.(00:20:24) Anthropic safety testing challenge & Wiz Podcast guest appearance(00:27:44) New XSS vector, Google i/o, and coding agents(00:35:48) Full Time Bug Bounty

  --------  

  45:26
• Episode 123: Hacking AI Series: Vulnus ex Machina - Part 2

  Episode 123: In this episode of Critical Thinking - Bug Bounty Podcast we’re back with part 2 of Rez0’s miniseries. Today we talk about mastering Prompt Injection, taxonomy of impact, and both triggering traditional Vulns and exploiting AI-specific features.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter:https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today’s Sponsor - ThreatLocker User Storehttps://www.criticalthinkingpodcast.io/tl-userstore====== This Week in Bug Bounty ======Earning a HackerOne 2025 Live Hacking Invitehttps://www.hackerone.com/blog/earning-hackerone-2025-live-hacking-inviteHTTP header hacks: basic and advanced exploit techniques exploredhttps://www.yeswehack.com/learn-bug-bounty/http-header-exploitation====== Resources ======Grep.apphttps://vercel.com/blog/migrating-grep-from-create-react-app-to-next-jsGemini 2.5 Pro prompt leakhttps://x.com/elder_plinius/status/1913734789544214841Pliny's CL4R1T4Shttps://github.com/elder-plinius/CL4R1T4SO3https://x.com/pdstat/status/1913701997141803329====== Timestamps ======(00:00:00) Introduction(00:05:25) Grep.app, O3, and Gemini 2.5 Pro prompt leak(00:11:09) Delivery and impactful action(00:20:44) Mastering Prompt Injection(00:30:36) Traditional vulns in Tool Calls, and AI Apps(00:37:32) Exploiting AI specific features

  --------  

  44:12
• Episode 122: We Won Google's AI Hacking Event in Tokyo - Main Takeaways

  Episode 122: In this episode of Critical Thinking - Bug Bounty Podcast your boys are MVH winners! First we’re joined by Zak, to discuss the Google LHE as well as surprising us with a bug of his own! Then, we sit down with Lupin and Monke for a winners roundtable and retrospective of the event.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter:https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Check out the CTBB Job Board: https://jobs.ctbb.show/Today’s Guests:Zak Bennett : https://www.linkedin.com/in/zak-bennett/Ciarán Cotter: https://x.com/monkehackRoni Carta: https://x.com/0xLupin====== Resources ======We hacked Google’s A.I Gemini and leaked its source codehttps://www.landh.tech/blog/20250327-we-hacked-gemini-source-code====== Timestamps ======(00:00:00) Introduction(00:03:02) An RCE via memory corruption(00:07:45) Zak's role at Google and Google's AI LHE(00:15:25) Different Components of AI Vulnerabilities(00:24:58) MHV Winner Debrief(01:08:47) Technical Takeaways And Team Strategies(01:28:49) LHE Experience and Google VRP & Abuse VRP

  --------  

  1:45:30

Más podcasts de Tecnología

Podcasts a la moda de Tecnología

Acerca de Critical Thinking - Bug Bounty Podcast