- Видео 252
- Просмотров 485 453
Critical Thinking - Bug Bounty Podcast
Добавлен 7 дек 2022
A "by Hackers for Hackers" podcast focused on technical content ranging from bug bounty tips, to write-up explanations, to the latest hacking techniques.
Announcing our new cohost... (Ep. 106)
Episode 106: In this episode of Critical Thinking - Bug Bounty Podcast we are pleased to announce our new co-host of the podcast: Joseph Thacker Aka Rez0! We discuss Joseph's transition to full-time bug bounty hunting, his goals, and what he’s looking forward to bringing to the pod. We also cover some news items including doubleclickjacking, character set attacks, SVG XSS, and more.
Follow us on twitter at: ctbbpodcast
Feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to realytcracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater & Rez0 on twitter:
x.com/Rhynorater
x.com/rez0__
====== Ways to Support CTBBPodcas...
Follow us on twitter at: ctbbpodcast
Feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to realytcracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater & Rez0 on twitter:
x.com/Rhynorater
x.com/rez0__
====== Ways to Support CTBBPodcas...
Просмотров: 1 748
Видео
Best Moments of 2024 on the Pod (Ep. 105)
Просмотров 1,2 тыс.День назад
Episode 105: In this episode of Critical Thinking - Bug Bounty Podcast we're back with another Best-of episode recapping some of our top moments of the year. Follow us on twitter at: ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to realytcracker for the awesome intro music! Links Follow...
2024 Hacker Stats & 2025 Goals (Ep. 104)
Просмотров 3,7 тыс.14 дней назад
Episode 104: 2024 Hacker Stats & 2025 Goals Episode 104: In this episode of Critical Thinking - Bug Bounty Podcast Justin reflects upon the past year and walks through some of the bug bounty goals he had for 2024, and how he feels like he did. Then he sets some goals for 2025, as well as some exciting CT news for the coming year. Follow us on twitter at: ctbbpodcast We're new to thi...
Getting ANSI about Unicode Normalization (Ep. 103)
Просмотров 1,2 тыс.21 день назад
Episode 103: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph delve into the vulnerabilities associated with ANSI codes and large language models (LLMs), as well as talk through some research about _json Juggling, cookie handling quirks, and the value of micro-blogging in general. Follow us on twitter at: ctbbpodcast We're new to this podcasting thing, so ...
Building Web Hacking Micro Agents with Jason Haddix (Ep. 102)
Просмотров 5 тыс.Месяц назад
Episode 102: In this episode of Critical Thinking - Bug Bounty Podcast Justin grabs Jason Haddix to help brainstorm the concept of AI micro-agents in hacking, particularly in terms of web fuzzing, WAF bypasses, report writing, and more.They discuss the importance of contextual knowledge, the cost implications, and the strengths of different LLM Models. Follow us on twitter at: ctbbp...
AI Attack Vectors - CTBB Hijacked - Rez0__ and Johann (Ep. 101)
Просмотров 2,1 тыс.Месяц назад
AI Attack Vectors - CTBB Hijacked - Rez0 and Johann (Ep. 101)
8 Fav Bugs of 2024, Farewell Joel, Hello Shift - Cursor of Hacking (Ep. 100)
Просмотров 3,8 тыс.Месяц назад
8 Fav Bugs of 2024, Farewell Joel, Hello Shift - Cursor of Hacking (Ep. 100)
Back to the Basics - Web Fundamental to 100k a Year in Bug Bounty (Ep. 99)
Просмотров 10 тыс.Месяц назад
Back to the Basics - Web Fundamental to 100k a Year in Bug Bounty (Ep. 99)
Team 82 Sharon Brizinov - The Live Hacking Polymath (Ep. 98)
Просмотров 2,4 тыс.Месяц назад
Team 82 Sharon Brizinov - The Live Hacking Polymath (Ep. 98)
Bcrypt Hash Input Truncation & Mobile Device Threat Modeling (Ep. 97)
Просмотров 1,2 тыс.2 месяца назад
Bcrypt Hash Input Truncation & Mobile Device Threat Modeling (Ep. 97)
Cookies & Caching with MatanBer (Ep. 96)
Просмотров 2 тыс.2 месяца назад
Cookies & Caching with MatanBer (Ep. 96)
Attacking Chrome Extensions with MatanBer - Big Impact on the Client-Side (Ep. 95)
Просмотров 2,4 тыс.2 месяца назад
Attacking Chrome Extensions with MatanBer - Big Impact on the Client-Side (Ep. 95)
Zendesk Fiasco & the CTBB Naughty List (Ep. 94)
Просмотров 1,8 тыс.2 месяца назад
Zendesk Fiasco & the CTBB Naughty List (Ep. 94)
A Chat with Dr. Bouman - Life as a Hacker and a Doctor (Ep.93)
Просмотров 3 тыс.3 месяца назад
A Chat with Dr. Bouman - Life as a Hacker and a Doctor (Ep.93)
SAML XPath Confusion, Chinese DNS Poisoning, and AI Powered 403 Bypasser (Ep. 92)
Просмотров 2,1 тыс.3 месяца назад
SAML XPath Confusion, Chinese DNS Poisoning, and AI Powered 403 Bypasser (Ep. 92)
Zero to LHE in 9 Months (feat gr3pme) (Ep. 91)
Просмотров 5 тыс.3 месяца назад
Zero to LHE in 9 Months (feat gr3pme) (Ep. 91)
5k Clickjacking, Encryption Oracles, and Cursor for PoCs (Ep. 90)
Просмотров 2 тыс.3 месяца назад
5k Clickjacking, Encryption Oracles, and Cursor for PoCs (Ep. 90)
The Untapped Bug Bounty Landscape of IoT w/ Matt Brown (Ep. 89)
Просмотров 2,7 тыс.4 месяца назад
The Untapped Bug Bounty Landscape of IoT w/ Matt Brown (Ep. 89)
News, Tools, and Writeups (Ep. 88)
Просмотров 2,3 тыс.4 месяца назад
News, Tools, and Writeups (Ep. 88)
'Hacker Wife' Mariah Gardner on Bug Bounty Mentality and Relationships (Ep. 87)
Просмотров 4,2 тыс.4 месяца назад
'Hacker Wife' Mariah Gardner on Bug Bounty Mentality and Relationships (Ep. 87)
The X-Correlation between Frans & RCE - Research Drop (Ep. 86)
Просмотров 7 тыс.4 месяца назад
The X-Correlation between Frans & RCE - Research Drop (Ep. 86)
Practical Applications of DEFCON 32 Web Research (Ep. 85)
Просмотров 2,5 тыс.4 месяца назад
Practical Applications of DEFCON 32 Web Research (Ep. 85)
0xLupin & Takeaways from Google's Las Vegas BugSwat (Ep. 84)
Просмотров 1,5 тыс.5 месяцев назад
0xLupin & Takeaways from Google's Las Vegas BugSwat (Ep. 84)
Brainstorming Proxy Plugins (Ep.83)
Просмотров 1,3 тыс.5 месяцев назад
Brainstorming Proxy Plugins (Ep.83)
Crushing Client-Side on Any Scope with MatanBer (Ep. 81)
Просмотров 7 тыс.5 месяцев назад
Crushing Client-Side on Any Scope with MatanBer (Ep. 81)
Pwn2Own VS H1 Live Hacking Event (feat SinSinology) (Ep. 80)
Просмотров 4,7 тыс.6 месяцев назад
Pwn2Own VS H1 Live Hacking Event (feat SinSinology) (Ep. 80)
The State of CSS Injection - Leaking Text Nodes & HTML Attributes (Ep. 79)
Просмотров 1,8 тыс.6 месяцев назад
The State of CSS Injection - Leaking Text Nodes & HTML Attributes (Ep. 79)
Less Writing, More Hacking - Reporting Efficiency Techniques (Ep.78)
Просмотров 1,8 тыс.6 месяцев назад
Less Writing, More Hacking - Reporting Efficiency Techniques (Ep.78)
Bug Bounty Mental - Practical Tips for Staying Sharp & Motivated (Ep.77)
Просмотров 3,9 тыс.6 месяцев назад
Bug Bounty Mental - Practical Tips for Staying Sharp & Motivated (Ep.77)
Did joel quite the podcast ?😢
🔥🔥🔥
Just wait a few months ... Justin will definitely be on the hunt for a new co-host, because let's face it, he simply can't resist the urge to cut off his guests mid-sentence!
I get what you are saying but he loves bugbounty so he is excited. Even though sometimes he stops guests when they are really giving something important. We try to give positive feedback
Which Douglas Days talk about " looking for nos" are they talking about at 36`15?
ruclips.net/video/G1RHa7l1Ys4/видео.htmlsi=ZmQzBvXzVoqE-xMe
@criticalthinkingpodcast rhx
Ha ha mr fuffing
Nice nice
🖖
Thank you for the shout out guys 🙏
AI hacking agents... I hate the idea
great episode 😂
what would be bug bounty landscape as hack bots , AI automation is going wild ? would you suggest who are new to this field and thinking of starting a career in BB to start their career in bug bounty ?
yeah, i think it'll be a great industry for awhile and even if not, the skills you will pick up will be invaluable to pivoting into a post-ai security world.
@@joseph_thackerHow much ai will impact bug Bounty space?
Keep up the awesome content!
BROO I WAS WAITING FOR THIS..
Just turned 16 and this is the dude I gotta out hack. Only 1 bug $1,100 earned so far
hey i wanted to know that you cant start the saml interaction without creating a account on idp right before you do the SAML login capturing process you need to have an account right. So the first step in any bug bounty program I go to see the saml vuln I need to find a way to create a account on their idp
I have a question , jason did talk about github repo with all telegram and some onion websites can you please add it to the description
this was really helpful
mariah chan is so lucky, i have the biggest crush on rhynorator ˶ᵔᗜ ᵔ˶
he is the reason most people doing mobile apps bug bounty
25:45 his lips say "Half a Muffin"
Good content as usual and the Mariah episode was awesome thank you for adding it❤
How to download these 105 episodes of knowledge at once in my brain!!
:)
❤
First strategy: Focus on one target company, spending time familiarizing myself with all of its products, keeping up with updates, and hunting for various vulnerabilities in those. Secondly strategy: Cast a wider net, learning new techniques or exploitation methods, or analyzing newly disclosed vulnerabilities, and then perform broad scans or manual testing across multiple targets on bug bounty platforms. Which of these two strategies is better?
I'm trying to understand this - What you and Joel said are true to a certain extent... but wouldn't this be applicable to other instances of applications like Facebook (fbconnect) only because the application creator decided to open specific links that are either affiliated to that application or want the application workflow pivot from one application to another? Happens in certain cases where you want to open instances of those applications like clicking a RUclips link from internet browser and playing the video in the application vs playing the video in browser.
Bruh Shubs bug so outta pocket 💀
This is so real
Lol "young and invincible" 😎
Been there, done that 😎
intro music is cool
1:13:56 🔥😂
Appreciate man thanks for all you do
I feel you. You wish there were 40 hours per day, so that you could do 8 hours of work, 12 hours of sleep & misc stuff and 20 hours of pure CySec: 10 hours bug bounty, 10 hours research & learning.
Thanks for sharing your insights. Ready and motivated to get back into the hunt as a part timer. Need to accomplish some professional goals that I set for myself but again really motivated to dive back in.
Temp home and revert home that’s a great idea Awesome pod as usual
Nice job on 2024 goals! Bug bounty guild and research group sounds cool 👀
Very useful tips. Thanks for sharing!
collab with @yshahinzadeh (thezodd in hackerone)
Hello Mr. Rhynorater, I wanted to say that your videos are inspiring! Thank you for what you are doing for the community!
Appreciate y’all so much! Looking forward to an amazing 2025 for us all! 🎉
Just wanted to say thank you so much for all the effort you put into this Podcast and the community. It's been my main source of motivation these last few months going through two CS50 courses to get my CS fundamentals down, to the point where I am now finally in a situation where I can justify making a full time attempt at your "1 year to 100k" plan this year! Absolutely love the idea of a full-time BB community and I'm looking forward to applying once I (hopefully) clear the 50% requirement sometime this year!
What was the crypto bug ??
half a mil? good goal ;)
🎉🎉
Doing god's work. Thanks Justin
i wish it was more in example video instead of just talk
Me too
why i have no idea what they're talking about but I been hacking for a year
I'm watching it on the end of this year to make a new beginning tomorrow 🎉🎉
In burp you an use the CMAR extension, Conditional Match and Replace.
Please help me recover my funds