Episodes

  • Episode 102: Building Web Hacking Micro Agents with Jason Haddix
    Dec 19 2024

    Episode 102: In this episode of Critical Thinking - Bug Bounty Podcast Justin grabs Jason Haddix to help brainstorm the concept of AI micro-agents in hacking, particularly in terms of web fuzzing, WAF bypasses, report writing, and more.They discuss the importance of contextual knowledge, the cost implications, and the strengths of different LLM Models.

    Follow us on twitter at: @ctbbpodcast

    We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

    Shoutout to YTCracker for the awesome intro music!

    ------ Links ------

    Follow your hosts Rhynorater & Teknogeek on twitter:

    https://twitter.com/0xteknogeek

    https://twitter.com/rhynorater

    ------ Ways to Support CTBBPodcast ------

    Hop on the CTBB Discord at https://ctbb.show/discord!

    We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

    Check out our new SWAG store at https://ctbb.show/swag!

    Today’s Guest - https://x.com/Jhaddix

    Resources

    Keynote: Red, Blue, and Purple AI - Jason Haddix

    https://www.youtube.com/watch?v=XHeTn7uWVQM

    Attention in transformers,

    https://www.youtube.com/watch?v=eMlx5fFNoYc

    Shift

    https://shiftwaitlist.com/

    The Darkest Side of Bug Bounty

    https://www.youtube.com/watch?v=6SNy0u6pYOc

    Timestamps

    (00:00:00) Introduction

    (00:01:25) Micro-agents and Weird Machine Tricks

    (00:11:05) Web fuzzing with AI

    (00:18:15) Brainstorming Shift and micro-agents

    (00:34:40) Strengths of different AI Models, and using AI to write reports

    (00:54:21) The Darkest Side of Bug Bounty

    Show More Show Less
    1 hr and 3 mins
  • Episode 101: CTBB Hijacked: Rez0__ on AI Attack Vectors with Johann Rehberger
    Dec 12 2024

    Episode 101: In this episode of Critical Thinking - Bug Bounty Podcast we’ve been hijacked! Rez0 takes control of this episode, and sits down with Johann Rehberger to discuss the intricacies of AI application vulnerabilities. They talk through the importance of understanding system prompts, and various obfuscation techniques used to bypass security measures, the best AI platforms, and the evolving landscape of AI security.

    Follow us on twitter at: @ctbbpodcast

    We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

    Shoutout to YTCracker for the awesome intro music!

    ------ Links ------

    Follow your hosts Rhynorater & Teknogeek on twitter:

    https://twitter.com/0xteknogeek

    https://twitter.com/rhynorater

    ------ Ways to Support CTBBPodcast ------

    Hop on the CTBB Discord at https://ctbb.show/discord!

    We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

    Today’s Sponsor - ThreatLocker. Check out their Elevation Control! https://www.criticalthinkingpodcast.io/tl-ec

    Today’s Guest: https://x.com/wunderwuzzi23

    Resources

    Johann's blog

    https://embracethered.com/blog/

    zombais

    https://embracethered.com/blog/posts/2024/claude-computer-use-c2-the-zombais-are-coming/

    Copirate

    https://embracethered.com/blog/posts/2024/m365-copilot-prompt-injection-tool-invocation-and-data-exfil-using-ascii-smuggling/

    Timestamps

    (00:00:00) Introduction

    (00:01:59) Biggest things to look for in AI hacking

    (00:11:58) Best AI companies to hack on

    (00:15:59) URL Redirects and Obfuscation Techniques

    (00:24:05) Copirate

    (00:35:50) prompt injection guardrails and threats

    Show More Show Less
    51 mins
  • Ep 100 - 8 Fav Bugs of 2024, Farewell Joel, Hello Shift - Cursor of Hacking
    Dec 5 2024

    Episode 100: In this episode of Critical Thinking - Bug Bounty Podcast we have a mixed bag. We celebrate 100 episodes of Critical Thinking, but also bid farewell to Joel, who will be leaving the show as a co-host, but returning as guest. Then we hear from a bunch of friends about their 'best bug of the year', before capping the episode with the announcement of a new AI tool we've been working on!

    Follow us on twitter at: @ctbbpodcast

    We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

    Shoutout to YTCracker for the awesome intro music!

    ------ Links ------

    Follow your hosts Rhynorater & Teknogeek on twitter:

    https://twitter.com/0xteknogeek

    https://twitter.com/rhynorater

    ------ Ways to Support CTBBPodcast ------

    Hop on the CTBB Discord at https://ctbb.show/discord!

    We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

    Resources

    Delorean

    https://github.com/jselvi/Delorean

    Shift

    shiftwaitlist.com

    Timestamps

    (00:00:00) Introduction

    (00:07:32) Nagli

    (00:19:09) Shubs

    (00:35:00) Matt Brown

    (00:39:42) Matanber

    (00:57:52) Douglas Day

    (01:05:18) Alex Chapman

    (01:15:02) Nahamsec

    (01:25:45) Rez0

    (01:28:20) Shift Announcement

    Show More Show Less
    1 hr and 42 mins
  • Episode 99: Back to the Basics - Web Fundamental to 100k a Year in Bug Bounty
    Nov 28 2024

    Episode 99: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Roni dissect an old thread of Justin's talking about how best to start bug bounty with the goal of making $100k in the first year.

    Follow us on twitter at: @ctbbpodcast

    We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

    Shoutout to YTCracker for the awesome intro music!

    ------ Links ------

    Follow your hosts Rhynorater & Teknogeek on twitter:

    https://twitter.com/0xteknogeek

    https://twitter.com/rhynorater

    ------ Ways to Support CTBBPodcast ------

    Hop on the CTBB Discord at https://ctbb.show/discord!

    We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

    Today’s Sponsor - AssetNote: Check out their ASMR board (no not that kind!)

    https://assetnote.io/asmr

    Today’s Guest - https://x.com/0xLupin

    Resources

    Justin's Twitter Thread

    https://x.com/Rhynorater/status/1699395452481769867

    Timestamps

    (00:00:00) Introduction

    (00:03:00) Web Fundamentals Education

    (00:46:01) Threat Modeling and Hacking Goals

    (01:18:58) Vuln Types and finding Specialization

    Show More Show Less
    1 hr and 43 mins
  • Episode 98: Team 82 Sharon Brizinov - The Live Hacking Polymath
    Nov 21 2024

    Episode 98: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner sits down with Sharon,to discuss his journey from early iOS development to leading a research team at Claroty. They address the differences between HackerOne and Pwn2Own, and talk through some intricacies of IoT security, and some less common IoT attack surfaces.

    Follow us on twitter at: @ctbbpodcast

    We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

    Shoutout to YTCracker for the awesome intro music!

    ------ Links ------

    Follow your hosts Rhynorater & Teknogeek on twitter:

    https://twitter.com/0xteknogeek

    https://twitter.com/rhynorater

    ------ Ways to Support CTBBPodcast ------

    Hop on the CTBB Discord at https://ctbb.show/discord!

    We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

    Today’s Sponsor - ThreatLocker: Check out Network Control!

    https://www.criticalthinkingpodcast.io/tl-nc

    And AssetNote: Check out their ASMR board (no not that kind!)

    https://assetnote.io/asmr

    Today’s Guest: https://sharonbrizinov.com/

    Resources

    The Claroty Research Team

    https://claroty.com/team82

    Pwntools

    https://github.com/Gallopsled/pwntools

    Scan My SMS

    http://scanmysms.com

    Gotta Catch 'Em All: Phishing, Smishing, and the birth of ScanMySMS

    https://www.youtube.com/watch?v=EhNsXXbDp3U

    Timestamps

    (00:00:00) Introduction

    (00:03:31) Sharon's Origin Story

    (00:21:58) Transition to Bug Bounty and Pwn2Own vs HackerOne

    (00:47:05) IoT/ICS Hacking Methodology

    (01:10:13) Cloud to Device Communication

    (01:18:15) Bug replication and uncommon attack surfaces

    (01:30:58) Documentation tracker, reCaptcha bypass, and ScanMySMS

    Show More Show Less
    1 hr and 44 mins
  • Episode 97: Bcrypt Hash Input Truncation & Mobile Device Threat Modeling
    Nov 14 2024

    Episode 97: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel jump into some cool news items, including a recent Okta Bcrypt vulnerability, insights into crypto bugs, and some intricacies of Android and Chrome security. They also explore the latest research from Portswigger on payload concealment techniques, and the introduction of the Lightyear tool for PHP exploits.

    Follow us on twitter at: @ctbbpodcast

    We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

    Shoutout to YTCracker for the awesome intro music!

    ------ Links ------

    Follow your hosts Rhynorater & Teknogeek on twitter:

    https://twitter.com/0xteknogeek

    https://twitter.com/rhynorater

    ------ Ways to Support CTBBPodcast ------

    Hop on the CTBB Discord at https://ctbb.show/discord!

    We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

    Today’s Sponsor - ThreatLocker: Check out Network Control!

    https://www.criticalthinkingpodcast.io/tl-nc

    And AssetNote: Check out their ASMR board (no not that kind!)

    https://assetnote.io/asmr

    Resources

    Okta bcrypt

    Android Web Attack Surface Writeups

    Concealing payloads in URL credentials

    Dumping PHP files with Lightyear

    Limit maximum number of filter chains

    Dom-Explorer tool launched

    MultiHTMLParse

    JSON Crack

    Caido/Burp notes plugin

    Timestamps

    (00:00:00) Introduction

    (00:02:43) Okta Release and bcrypt

    (00:10:26) Android Web Attack Surface Writeups

    (00:20:21) More Portswigger Research

    (00:28:29) Lightyear and PHP filter chains

    (00:35:09) Dom-Explorer

    (00:45:24) The JSON Debate

    (00:49:59) Notes plugin for Burp and Caido

    Show More Show Less
    53 mins
  • Episode 96: Cookies & Caching with MatanBer
    Nov 7 2024

    Episode 96: In this episode of Critical Thinking - Bug Bounty Podcast we’re back with Matanber to hit some stuff we ran out of time on last episode. We talk about advanced cookie parsing techniques and exploitation methods, Safari's unique behaviors regarding cookie handling and debugging methods, and some of the writeups from the HeroCTF v6.

    Follow us on twitter at: @ctbbpodcast

    We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

    Shoutout to YTCracker for the awesome intro music!

    ------ Links ------

    Follow your hosts Rhynorater & Teknogeek on twitter:

    https://twitter.com/0xteknogeek

    https://twitter.com/rhynorater

    ------ Ways to Support CTBBPodcast ------

    Hop on the CTBB Discord at https://ctbb.show/discord!

    We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

    Today’s Guest: https://x.com/MtnBer

    Resources:

    Cookie Bugs - Smuggling & Injection

    https://blog.ankursundara.com/cookie-bugs/#:~:text=Cookie%20Smuggling

    iOS Webkit Debug Proxy

    https://github.com/google/ios-webkit-debug-proxy

    HeroCTF v6 Writeups

    https://mizu.re/post/heroctf-v6-writeups

    Timestamps

    (00:00:00) Introduction

    (00:01:29) Cookie exploits

    (00:21:32) Matan's Safari Adventure

    (00:29:49) HeroCTF 6 writeups

    Show More Show Less
    49 mins
  • Episode 95: Attacking Chrome Extensions with MatanBer - Big Impact on the Client-Side
    Oct 31 2024

    Episode 95: In this episode of Critical Thinking - Bug Bounty Podcast In this episode, Justin is joined by MatanBer to delve into the intricacies of browser extensions. We talk about the structure and threat models, and cover things like service workers, extension pages, and isolated worlds.

    Follow us on twitter at: @ctbbpodcast

    We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

    Shoutout to YTCracker for the awesome intro music!

    ------ Links ------

    Follow your hosts Rhynorater & Teknogeek on twitter:

    https://twitter.com/0xteknogeek

    https://twitter.com/rhynorater

    ------ Ways to Support CTBBPodcast ------

    Hop on the CTBB Discord at https://ctbb.show/discord!

    We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

    Today’s Sponsor - AssetNote. Listen to their podcast https://www.criticalthinkingpodcast.io/sspod

    Today’s Guest: https://x.com/MtnBer

    Resources

    Universal Code Execution by Chaining Messages in Browser Extensions

    https://spaceraccoon.dev/universal-code-execution-browser-extensions/

    DOMLogger++

    https://github.com/kevin-mizu/domloggerpp

    BBRE Metamask bug

    https://youtu.be/HnI0w156rtw?si=QixP8SX6JuRFz6PA

    Bench Press: Leaking Text Nodes with CSS

    https://blog.pspaul.de/posts/bench-press-leaking-text-nodes-with-css/

    Timestamps:

    (00:00:00) Introduction

    (00:03:08) Structure & Threat Model for Browser Extension

    (00:28:28) Extension Attack scenarios

    (01:01:26) Attacking Extension Pages

    (01:26:35) Attacking Service Workers

    (01:46:23) Getting source code and dynamic debugging

    Show More Show Less
    1 hr and 56 mins