[HackerNotes Ep. 126] Vulnus ex Machina - Part 3

In this episode of Critical Thinking - Bug Bounty Podcast we wrap up Rez0’s AI miniseries ‘Vulnus Ex Machina’. Part 3 includes a showcase of AI Vulns that Rez0 himself has found, and how much they paid out.

[HackerNote Ep.125] How to Win Live Hacking Events

We've got some fresh research and Justin's guide on on how to succeed at live hacking events. We cover pre-event preparations, challenges of collaboration, on-site strategies, and the importance of maintaining a healthy mindset throughout the entire process.

[HackerNotes Ep. 124] Balancing Bug Bounty Freedom with Hacking Time

In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph cover some news from around the community, hitting on Joseph’s Anthropic safety testing, Justin’s guest appearance on For Crying Out Cloud, and several fascinating tweets. Then they have a quick Full-time Bug Bounty check-in.

[HackerNotes Ep. 123] Vulnus Ex Machina - AI Hacking Part 2

We've got an AI hacking masterclass. We cover mastering Prompt Injection, taxonomy of impact, and both triggering traditional Vulns and exploiting AI-specific features, plus a bunch more below.

[HackerNotes Ep. 122] We Won Google's AI Hacking Event in Tokyo - Main Takeaways

In this episode of Critical Thinking - Bug Bounty Podcast your boys are MVH winners! First we’re joined by Zak, to discuss the Google LHE as well as surprising us with a bug of his own! Then, we sit down with Lupin and Monke for a winners roundtable and retrospective of the event.

[HackerNotes Ep. 121] Slonser's Image Injection 0-day - ATO & New Caido Collab Plugin

A Chrome 0 day allowing IMG injection to query parameter leak, a writeup by Sharon Brizinov that netted 64k in bounties by searching Git repos for secrets, a tool drop featuring Subdomain link launcher & Drop for Caido, MCP Protocol Research, NahamCon and content from Pliny leaking the system Prompt Gemini-2.5-pro With Canvas plus a whole lot more.

[HackerNotes Ep. 120] SpaceRaccoon - From Day Zero to Zero Day

In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner welcomes Eugene to talk (aka fanboy) about his new book, 'From Day Zero to Zero Day.' We walk through what to expect in each chapter, including Binary Analysis, Source and Sink Discovery, and Fuzzing everything.Then we give listeners a special deal on the book.

[HackerNotes Ep. 119] Abusing iframes from a Client-side Hacker

In this episode Justin does a mini deep dive into the world of iframes, starting with why they’re significant, their attributes, and how to attack them.

[HackerNotes Ep. 118] Hacking Happy Hour: 0days on Tap and SQLi Shots

We've got some extra Next.js Middleware payloads for ya, LLM polyglots, fresh research on React Router & Remix, IOT research, MCP Security and some clientside tips. Check it out below.

[HackerNotes Ep. 117] Vulnus Ex Machina - AI Hacking Part 1

[HackerNotes Ep.116] Auth Bypasses and Google VRP Writeups

We've got Portswigger’s SAML Roulette writeup, as well as some Google VRP reports, and a Next.js middleware exploit.

[HackerNotes Ep. 115] Mentee to Career Hacker - So Sakaguchi

Justin and So Sakaguchi sit down to walk through some recent bugs, before having a live mentorship session. They also talk about Reflector, and finish up by doing a bonus podcast segment in Japanese!