[HackerNotes Ep. 134] XBOW - AI Hacking Agent and Human in the Loop with Diego Jurado

In this episode we’re joined by Diego Jurado to give us the scoop on XBOW. We cover a little about its architecture and approach to hunting, the challenges with hallucinations, and the future of AI in the BB landscape. Diego also shares some of his own hacking journey and successes in the Ambassador World cup.

[HackerNotes EP133] Building Hacker Communities - Bug Bounty Village, getDisclosed, and the LHE Squad

In this episode, we’re joined by Harley and Ari from HackerOne to talk some about community management roles within Bug Bounty, as well as discuss the evolution of Bug Bounty Village at DEFCON, and what they’ve got in store this year.

[HackerNotes Ep. 132] Archive Testing Methodology with Mathias Karlsson

Justin is joined by Mathias Karlsson to discuss vulnerabilities associated with archives. They talk about his new tool, Archive Alchemist, and explore topics like the significance of Unicode paths, symlinks, and TAR.

[HackerNotes Ep.131] SL Cyber Writeups, Metastrategy & Orphaned Github Commits

[HackerNotes Ep. 130] Minecraft Hacks to Google Hacking Star

Valentino shares his journey from hacking Minecraft to becoming a Google hunter. He talks us through several bugs, including an HTML Sanitizer bypass and .NET deserialisation, and highlights the hyper creative approaches he tends to employ.

[HackerNotes EP.129] Is this how Bug Bounty Ends

The future of hunting, hackbots and Rez0's blog, 'This Is How They Tell Me Bug Bounty Ends.

[HackerNotes Ep. 128] New Research in Blind SSRF and Self-XSS, and How to Architect Source-code Review AI Bots

In this episode of Critical Thinking - Bug Bounty Podcast we talking Blind SSRF and Self-XSS, as well as Reversing massive minified JS with AI and a wild Google Logo Ligature Bug

[HackerNotes Ep. 127] Drama, PDF as JS Chaos, Bounty Profile Apps, And More

A new bug bounty newsletter, PDF to JS tricks, OBS Websocket RCE, EchoLeak writeup, new tool drops, bug bounty profile apps and a whole lot more. Check it out below.

[HackerNotes Ep. 126] Vulnus ex Machina - Part 3

In this episode of Critical Thinking - Bug Bounty Podcast we wrap up Rez0’s AI miniseries ‘Vulnus Ex Machina’. Part 3 includes a showcase of AI Vulns that Rez0 himself has found, and how much they paid out.

[HackerNote Ep.125] How to Win Live Hacking Events

We've got some fresh research and Justin's guide on on how to succeed at live hacking events. We cover pre-event preparations, challenges of collaboration, on-site strategies, and the importance of maintaining a healthy mindset throughout the entire process.

[HackerNotes Ep. 124] Balancing Bug Bounty Freedom with Hacking Time

In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph cover some news from around the community, hitting on Joseph’s Anthropic safety testing, Justin’s guest appearance on For Crying Out Cloud, and several fascinating tweets. Then they have a quick Full-time Bug Bounty check-in.

[HackerNotes Ep. 123] Vulnus Ex Machina - AI Hacking Part 2

We've got an AI hacking masterclass. We cover mastering Prompt Injection, taxonomy of impact, and both triggering traditional Vulns and exploiting AI-specific features, plus a bunch more below.