Fulltime Bug Hunter
A lot of great writeups today and some AI news
Bug bounty isn't dead, but it's definitely changing a lot. Here's what's actually changing.
Solo episode from Justin looking at some recent bugs he found about client side stuff
New live episode from South Korea to cover the latest LHE by Hackerone and by Google
A practical look at OAuth 2.1 and MCP security pitfalls, from PKCE downgrades and SSRF tricks to token misuse and recent framework CVEs.
We dig CSPT across different frameworks with xssdoctor, discovering a nice bug in react router
Today, a new episode about research theft with krevetk0
Exploring how Rez0 use Claude code to hunt and how to properly set it up
Today, we are digging some protobuf stuff, and also talking about the current debate about AI finding bugs and how to use it properly
Justin sits down with Tommy DeVoss to talk about his origin story, Yahoo bugs, and how Tommy first got Justin into Bug Bounty
![[HackerNotes Ep. 174] Crypto Oracles, cPanel Auth Bypass, and the .git Trick That Pops Google Cloud](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=800,height=421,fit=scale-down,onerror=redirect/uploads/publication/logo/f3cc9f6e-341e-452a-9b50-a244bcc4cf92/Critical_Thinking_Podcast_Cover_Square.jpg){kind=logo}
