Critical Thinking - Bug Bounty Podcast

A 'by Hackers for Hackers' podcast focused on technical bug bounty content.

Connect

[HackerNotes Ep.111] How to Bypass DOMPurify with Kévin Mizu

In this episode Justin interviews Kévin Mizu to showcase his knowledge regarding DOMPurify and its misconfigurations. We walk through some of Kevin’s research, highlighting things like Dangerous allow-lists and URI Attributes, DOMPurify hooks, node manipulation, and DOM Clobbering.

Yuji Kiba

Feb 14, 2025

[HackerNotes Ep.110] Oauth Gadget Correlation and Common Attacks

A DOMPurify 3.2.3 Bypass, Ophion Security Cisco Webex research, a new postMessage Chrome Extension, and a whole lot of OAuth research. Check it out below.

gr3pme

Feb 07, 2025

[HackerNotes Ep. 109] Creative Recon - Alternative Techniques

In this episode of Critical Thinking - Bug Bounty Podcast we start off with a quick recap of some of the DeepSeek Drama that’s been going down, and discuss AI in CAPTCHA and 2FA as well. Then we switch to cover some other news before settling in to talk about Alternative Recon Techniques.

Yujilik

Feb 03, 2025

[HackerNotes Ep.108] How to Hack Salesforce, ServiceNow, and Other SaaS Products With Aaron Costello

Justin and Joseph bring on Aaron Costello to discuss SaaS security and misconfigurations as a bug class. He also gives some in-depth examples on research he's performed on Salesforce, ServiceNow, and Power Pages.

gr3pme

Jan 27, 2025

[HackerNotes Ep.107] Bypassing Cross-Origin Browser Headers

Justin and Joseph are tackling the subject of cross-origin security headers. They also cover some news items including Google’s OAuth login flaw, RAINK, and gift card hacking

Yujilik

Jan 17, 2025

[HackerNotes Ep.106] Announcing our new Co-Host...

We announce our new co-host of the podcast: Joseph Thacker Aka Rez0! We also cover some cool research including doubleclickjacking, character set attacks, SVG XSS, CSPT and a bunch more. Check it out below.

gr3pme

Jan 11, 2025

[HackerNotes Ep.105] Best Moments of 2024 on the Pod

We're back with another Best-of episode recapping some of our top moments of the year. This one captures some of the cooler tips and takeaways from this years episodes along with links to the original episode. Check it out below.

Yujilik

Jan 02, 2025

[HackerNotes Ep.104] 2024 Hacker Stats & 2025 Goals

In this HackerNotes, we have two fresh CTBB announcements including the launch of the bug bounty hunters guild and research lab. We also have a Bug Bounty Hunter Worksheet for ya'll to reflect on your 2024 as a hunter, and set some goals up for 2025.

gr3pme

Dec 31, 2024

[HackerNotes Ep.103] Getting ANSI about Unicode Normalization

In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph delve into the vulnerabilities associated with ANSI codes and large language models (LLMs), as well as talk through some research about _json Juggling, cookie handling quirks, and the value of micro-blogging in general.

Yujilik

Dec 20, 2024

[HackerNotes Ep.102] Building Web Hacking Micro Agents with Jason Haddix

In this HackerNotes, we've got Justin and Jason Haddix diving into AI Micro-Agents for Hacking: From Web Fuzzing to WAF Bypasses, effective prompting tips and a whole lot of LLM content. Check it out below.

gr3pme

Dec 14, 2024

[HackerNotes Ep.101] AI Attack Vectors - CTBB Hijacked - Rez0__ and Johann

In this HackerNotes, Rez0 joins Johann Rehberger to explore the complexities of AI application vulnerabilities. They dive into the significance of system prompts, obfuscation techniques to bypass security, and discuss the top AI platforms shaping the future of AI security.

Yujilik

Dec 11, 2024

[HackerNotes Ep.100] 8 Fav Bugs of 2024, Farewell Joel, Hello Shift - Cursor of Hacking

It's the 100th episode! We've got some of the top hunters together to discuss their top bugs of 2024. We've also got a big CTBB pod announcement and a new (game-changer) plugin for Caido; Shift.

gr3pme

First Back

1 2 3 4 5 6

Next Last