Critical Thinking - Bug Bounty Podcast

Critical Thinking - Bug Bounty Podcast

A 'by Hackers for Hackers' podcast focused on technical bug bounty content.

Connect

Archive

[HackerNotes Ep.102] Building Web Hacking Micro Agents with Jason Haddix

[HackerNotes Ep.102] Building Web Hacking Micro Agents with Jason Haddix

In this HackerNotes, we've got Justin and Jason Haddix diving into AI Micro-Agents for Hacking: From Web Fuzzing to WAF Bypasses, effective prompting tips and a whole lot of LLM content. Check it out below.

gr3pme
gr3pme
[HackerNotes Ep.101] AI Attack Vectors - CTBB Hijacked - Rez0__ and Johann

[HackerNotes Ep.101] AI Attack Vectors - CTBB Hijacked - Rez0__ and Johann

In this HackerNotes, Rez0 joins Johann Rehberger to explore the complexities of AI application vulnerabilities. They dive into the significance of system prompts, obfuscation techniques to bypass security, and discuss the top AI platforms shaping the future of AI security.

Yujilik
Yujilik
[HackerNotes Ep.100] 8 Fav Bugs of 2024, Farewell Joel, Hello Shift - Cursor of Hacking

[HackerNotes Ep.100] 8 Fav Bugs of 2024, Farewell Joel, Hello Shift - Cursor of Hacking

It's the 100th episode! We've got some of the top hunters together to discuss their top bugs of 2024. We've also got a big CTBB pod announcement and a new (game-changer) plugin for Caido; Shift.

gr3pme
gr3pme
Program Manager’s Guide To Running a Successful Bug Bounty Program

Program Manager’s Guide To Running a Successful Bug Bounty Program

How to run a bug bounty program hackers will love to hack on.

Critical Thinking Team
Critical Thinking Team
[HackerNotes Ep.99] Back to the Basics - Web Fundamental to 100k a Year in Bug Bounty

[HackerNotes Ep.99] Back to the Basics - Web Fundamental to 100k a Year in Bug Bounty

In this HackerNotes, we've got Roni and Justin dissecting an old thread of Justin's, breaking down how best to start bug bounty with the goal of making $100k in the first year.

Yujilik
Yujilik
[HackerNotes Ep.98] Team 82 Sharon Brizinov - The Live Hacking Polymath

[HackerNotes Ep.98] Team 82 Sharon Brizinov - The Live Hacking Polymath

We've got some cool war stories from Sharon, the differences between HackerOne and Pwn2Own, pwning OT/IoT devices, some high level methodologies and some approaches to more exotic attack surfaces in this HackerNotes.

gr3pme
gr3pme
[HackerNotes Ep.97] Bcrypt Hash Input Truncation & Mobile Device Threat Modeling

[HackerNotes Ep.97] Bcrypt Hash Input Truncation & Mobile Device Threat Modeling

We're back with some cool news items, including a recent Okta Bcrypt vulnerability, insights into crypto bugs, and some intricacies of Android and Chrome security. We also explore the latest research from Portswigger on payload concealment techniques, and the introduction of the Lightyear tool for PHP exploits.

Yujilik
Yujilik
[HackerNotes Ep.95 & Ep.96] Cookies, Caching & Attacking Chrome Extensions with MatanBer

[HackerNotes Ep.95 & Ep.96] Cookies, Caching & Attacking Chrome Extensions with MatanBer

We've got a HUGE double whammy HackerNotes. How to attack Chrome Extensions, understanding the extension threat model and diving deep into extension components. Then we finish off with a bunch of cool cookie parsing behaviours along with some clientside gadgets from the HeroV6 CTF writeup by Kevin Mizu.

gr3pme
gr3pme
[HackerNotes Ep.94] Zendesk Fiasco & the CTBB Naughty List

[HackerNotes Ep.94] Zendesk Fiasco & the CTBB Naughty List

In this week's HackerNotes, we dive into the recent Zendesk fiasco and the ethical considerations surrounding it. We also have the launch of AuthzAI and some research from Ophion Security.

Yujilik
Yujilik
[HackerNotes Ep.93] A Chat with Dr. Bouman - Life as a Hacker and a Doctor

[HackerNotes Ep.93] A Chat with Dr. Bouman - Life as a Hacker and a Doctor

In this week's HackerNotes, we cover Dr. Jonathan Bouman and his unique journey as both a Hacker and a Healthcare Professional. We've got some tips for long-term hunting and some prior experiences he’s had with Amazon's bug bounty program alongside some cool bugs.

gr3pme
gr3pme
[HackerNotes Ep.92] SAML XPath Confusion, Chinese DNS Poisoning, and AI-Powered 403 Bypasser

[HackerNotes Ep.92] SAML XPath Confusion, Chinese DNS Poisoning, and AI-Powered 403 Bypasser

This weeks HackerNotes has dropped covering a bunch of new research. We've got SAML XPath confusion, some AssetNote research,WAF bypasses and a whole lot more. Check it out below!

Yujilik
Yujilik
[HackerNotes Ep.91] Zero to LHE in 9 Months (feat gr3pme)

[HackerNotes Ep.91] Zero to LHE in 9 Months (feat gr3pme)

Justin Gardner and gr3pme talk about his journey with Bug Bounty. We cover LHEs, tips for picking and unlocking targets, how to approach a target and a bunch of bugs ranging from ATO in a fintech provider, 0 user interaction ATO and abusing development environments in chains. Check it out below.

gr3pme
gr3pme
FirstBack
12345
Next Last