Critical Thinking - Bug Bounty Podcast

Critical Thinking - Bug Bounty Podcast

A 'by Hackers for Hackers' podcast focused on technical bug bounty content.

Connect

Archive

[HackerNotes Ep.106] Announcing our new Co-Host...

[HackerNotes Ep.106] Announcing our new Co-Host...

We announce our new co-host of the podcast: Joseph Thacker Aka Rez0! We also cover some cool research including doubleclickjacking, character set attacks, SVG XSS, CSPT and a bunch more. Check it out below.

gr3pme
gr3pme
[HackerNotes Ep.105] Best Moments of 2024 on the Pod

[HackerNotes Ep.105] Best Moments of 2024 on the Pod

We're back with another Best-of episode recapping some of our top moments of the year. This one captures some of the cooler tips and takeaways from this years episodes along with links to the original episode. Check it out below.

Yujilik
Yujilik
[HackerNotes Ep.104] 2024 Hacker Stats & 2025 Goals

[HackerNotes Ep.104] 2024 Hacker Stats & 2025 Goals

In this HackerNotes, we have two fresh CTBB announcements including the launch of the bug bounty hunters guild and research lab. We also have a Bug Bounty Hunter Worksheet for ya'll to reflect on your 2024 as a hunter, and set some goals up for 2025.

gr3pme
gr3pme
[HackerNotes Ep.103] Getting ANSI about Unicode Normalization

[HackerNotes Ep.103] Getting ANSI about Unicode Normalization

In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph delve into the vulnerabilities associated with ANSI codes and large language models (LLMs), as well as talk through some research about _json Juggling, cookie handling quirks, and the value of micro-blogging in general.

Yujilik
Yujilik
[HackerNotes Ep.102] Building Web Hacking Micro Agents with Jason Haddix

[HackerNotes Ep.102] Building Web Hacking Micro Agents with Jason Haddix

In this HackerNotes, we've got Justin and Jason Haddix diving into AI Micro-Agents for Hacking: From Web Fuzzing to WAF Bypasses, effective prompting tips and a whole lot of LLM content. Check it out below.

gr3pme
gr3pme
[HackerNotes Ep.101] AI Attack Vectors - CTBB Hijacked - Rez0__ and Johann

[HackerNotes Ep.101] AI Attack Vectors - CTBB Hijacked - Rez0__ and Johann

In this HackerNotes, Rez0 joins Johann Rehberger to explore the complexities of AI application vulnerabilities. They dive into the significance of system prompts, obfuscation techniques to bypass security, and discuss the top AI platforms shaping the future of AI security.

Yujilik
Yujilik
[HackerNotes Ep.100] 8 Fav Bugs of 2024, Farewell Joel, Hello Shift - Cursor of Hacking

[HackerNotes Ep.100] 8 Fav Bugs of 2024, Farewell Joel, Hello Shift - Cursor of Hacking

It's the 100th episode! We've got some of the top hunters together to discuss their top bugs of 2024. We've also got a big CTBB pod announcement and a new (game-changer) plugin for Caido; Shift.

gr3pme
gr3pme
Program Manager’s Guide To Running a Successful Bug Bounty Program

Program Manager’s Guide To Running a Successful Bug Bounty Program

How to run a bug bounty program hackers will love to hack on.

Critical Thinking Team
Critical Thinking Team
[HackerNotes Ep.99] Back to the Basics - Web Fundamental to 100k a Year in Bug Bounty

[HackerNotes Ep.99] Back to the Basics - Web Fundamental to 100k a Year in Bug Bounty

In this HackerNotes, we've got Roni and Justin dissecting an old thread of Justin's, breaking down how best to start bug bounty with the goal of making $100k in the first year.

Yujilik
Yujilik
[HackerNotes Ep.98] Team 82 Sharon Brizinov - The Live Hacking Polymath

[HackerNotes Ep.98] Team 82 Sharon Brizinov - The Live Hacking Polymath

We've got some cool war stories from Sharon, the differences between HackerOne and Pwn2Own, pwning OT/IoT devices, some high level methodologies and some approaches to more exotic attack surfaces in this HackerNotes.

gr3pme
gr3pme
[HackerNotes Ep.97] Bcrypt Hash Input Truncation & Mobile Device Threat Modeling

[HackerNotes Ep.97] Bcrypt Hash Input Truncation & Mobile Device Threat Modeling

We're back with some cool news items, including a recent Okta Bcrypt vulnerability, insights into crypto bugs, and some intricacies of Android and Chrome security. We also explore the latest research from Portswigger on payload concealment techniques, and the introduction of the Lightyear tool for PHP exploits.

Yujilik
Yujilik
[HackerNotes Ep.95 & Ep.96] Cookies, Caching & Attacking Chrome Extensions with MatanBer

[HackerNotes Ep.95 & Ep.96] Cookies, Caching & Attacking Chrome Extensions with MatanBer

We've got a HUGE double whammy HackerNotes. How to attack Chrome Extensions, understanding the extension threat model and diving deep into extension components. Then we finish off with a bunch of cool cookie parsing behaviours along with some clientside gadgets from the HeroV6 CTF writeup by Kevin Mizu.

gr3pme
gr3pme
FirstBack
12345
Next Last