Critical Thinking - Bug Bounty Podcast

A 'by Hackers for Hackers' podcast focused on technical bug bounty content.

Connect

[HackerNotes Ep.108] How to Hack Salesforce, ServiceNow, and Other SaaS Products With Aaron Costello

Justin and Joseph bring on Aaron Costello to discuss SaaS security and misconfigurations as a bug class. He also gives some in-depth examples on research he's performed on Salesforce, ServiceNow, and Power Pages.

gr3pme

Jan 27, 2025

[HackerNotes Ep.107] Bypassing Cross-Origin Browser Headers

Justin and Joseph are tackling the subject of cross-origin security headers. They also cover some news items including Google’s OAuth login flaw, RAINK, and gift card hacking

Yujilik

Jan 17, 2025

[HackerNotes Ep.106] Announcing our new Co-Host...

We announce our new co-host of the podcast: Joseph Thacker Aka Rez0! We also cover some cool research including doubleclickjacking, character set attacks, SVG XSS, CSPT and a bunch more. Check it out below.

gr3pme

Jan 11, 2025

[HackerNotes Ep.105] Best Moments of 2024 on the Pod

We're back with another Best-of episode recapping some of our top moments of the year. This one captures some of the cooler tips and takeaways from this years episodes along with links to the original episode. Check it out below.

Yujilik

Jan 02, 2025

[HackerNotes Ep.104] 2024 Hacker Stats & 2025 Goals

In this HackerNotes, we have two fresh CTBB announcements including the launch of the bug bounty hunters guild and research lab. We also have a Bug Bounty Hunter Worksheet for ya'll to reflect on your 2024 as a hunter, and set some goals up for 2025.

gr3pme

Dec 31, 2024

[HackerNotes Ep.103] Getting ANSI about Unicode Normalization

In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph delve into the vulnerabilities associated with ANSI codes and large language models (LLMs), as well as talk through some research about _json Juggling, cookie handling quirks, and the value of micro-blogging in general.

Yujilik

Dec 20, 2024

[HackerNotes Ep.102] Building Web Hacking Micro Agents with Jason Haddix

In this HackerNotes, we've got Justin and Jason Haddix diving into AI Micro-Agents for Hacking: From Web Fuzzing to WAF Bypasses, effective prompting tips and a whole lot of LLM content. Check it out below.

gr3pme

Dec 14, 2024

[HackerNotes Ep.101] AI Attack Vectors - CTBB Hijacked - Rez0__ and Johann

In this HackerNotes, Rez0 joins Johann Rehberger to explore the complexities of AI application vulnerabilities. They dive into the significance of system prompts, obfuscation techniques to bypass security, and discuss the top AI platforms shaping the future of AI security.

Yujilik

Dec 11, 2024

[HackerNotes Ep.100] 8 Fav Bugs of 2024, Farewell Joel, Hello Shift - Cursor of Hacking

It's the 100th episode! We've got some of the top hunters together to discuss their top bugs of 2024. We've also got a big CTBB pod announcement and a new (game-changer) plugin for Caido; Shift.

gr3pme

Dec 04, 2024

Program Manager’s Guide To Running a Successful Bug Bounty Program

How to run a bug bounty program hackers will love to hack on.

Critical Thinking Team

Nov 30, 2024

[HackerNotes Ep.99] Back to the Basics - Web Fundamental to 100k a Year in Bug Bounty

In this HackerNotes, we've got Roni and Justin dissecting an old thread of Justin's, breaking down how best to start bug bounty with the goal of making $100k in the first year.

Yujilik

Nov 24, 2024

[HackerNotes Ep.98] Team 82 Sharon Brizinov - The Live Hacking Polymath

We've got some cool war stories from Sharon, the differences between HackerOne and Pwn2Own, pwning OT/IoT devices, some high level methodologies and some approaches to more exotic attack surfaces in this HackerNotes.

gr3pme

First Back

1 2 3 4 5 6

Next Last