Interested in going full-time bug bounty? Check out our blueprint!
March 30, 2023

Episode 13: How to Find a Good BBP + Acropalypse + ZDI

The player is loading ...
Critical Thinking - Bug Bounty Podcast
Episode 13: How to Find a Good BBP + Acropalypse + ZDI
Apple Podcasts podcast player badge
Spotify podcast player badge
Castro podcast player badge
RSS Feed podcast player badge
Apple Podcasts podcast player icon Spotify podcast player icon Castro podcast player icon RSS Feed podcast player icon
Season 1

Episode 13: In this episode of Critical Thinking - Bug Bounty Podcast we talk about how to determine if a bug bounty program is good or not from the policy page. We also cover some news including Acropalypse, ZDI's Pwn2Own Competition, Node's Request library's SSRF Bypass, and a new scanning tool by JHaddix.

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

 

JHaddix AWSScrape Tool:

https://twitter.com/Jhaddix/status/1637140192728612865?s=20

Acropalypse Links:

https://twitter.com/ItsSimonTime/status/1636857478263750656

https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.html

https://twitter.com/David3141593/status/1638222624084951040

https://twitter.com/David3141593/status/1638293029059477505

 

SSRF Bypass in NodeJS:

https://blog.doyensec.com/2023/03/16/ssrf-remediation-bypass.html

 

ZDI's Pwn2Own:

https://twitter.com/thezdi

 

Kuzu7shiki's Awesome Pixiv Report:

https://hackerone.com/reports/1861974

https://twitter.com/kuzu7shiki

 

Some of the Programs we talk about:

https://hackerone.com/instacart

https://hackerone.com/semrush

https://hackerone.com/yahoo

https://hackerone.com/paypal