Episode 118: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph cover a host of news and writeups, including clientside tidbits, “Credentialless” iframes, prototype pollution, and what constitutes a polyglot in llms.txt. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to…
Episode 117: In this episode of Critical Thinking - Bug Bounty Podcast Joseph introduces Vulus Ex Machina: A 3-part mini-series on hacking AI applications. In this part, he lays the groundwork and focuses on AI reconnaissance. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to…
Episode 116: Auth Bypasses and Google VRP Writeups Episode 116: In this episode of Critical Thinking - Bug Bounty Podcast Justin gives a quick rundown of Portswigger’s SAML Roulette writeup, as well as some Google VRP reports, and a Next.js middleware exploit. Follow us on twitter at: https://x.com/ctbbpodcast Got any…
Episode 115: In this episode of Critical Thinking - Bug Bounty Podcast Justin and So Sakaguchi sit down to walk through some recent bugs, before having a live mentorship session. They also talk about Reflector, and finish up by doing a bonus podcast segment in Japanese! Follow us on twitter…
#hacking #bugbounty #bugbountytips #websecurity #infosec #xss #xsstricks #aihacking
#hacking #bugbounty #bugbountytips #websecurity #infosec #aihacking #socialengineering
#hacking #bugbounty #bugbountytips #websecurity #infosec #webhacking #sopbypass
Episode 114: In this episode of Critical Thinking - Bug Bounty Podcast we’re diving into SPA and how to attack them.We also cover a host of news items, including some bug write-ups, AI updates, and a new tool called Hackadvisor. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and…
#hacking #bugbounty #bugbountytips #websecurity #infosec #aihacking #llmhacking #openai #gemini #chatgpt
#hacking #bugbounty #bugbountytips #websecurity #infosec #dompurify
Episode 113: In this episode of Critical Thinking - Bug Bounty Podcast we’re breaking down the Portswigger Top 10 from 2024. There’s some bangers in here! Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to https://twitter.com/realytcracker for…
#hacking #bugbounty #bugbountytips #websecurity #infosec #dompurify
#hacking #bugbounty #bugbountytips #websecurity #infosec #dompurify
Episode 112: In this episode of Critical Thinking - Bug Bounty Podcast Joseph Thacker is joined by Ciarán Cotter (Monke) to share his bug hunting journey and give us the rundown on some recent client-side and server-side bugs. Then they discuss WebSockets, SaaS security, and cover some AI news including…
#hacking #bugbounty #bugbountytips #websecurity #infosec #google #googlehacking #websecurity #gemini
#hacking #bugbounty #bugbountytips #websecurity #infosec #websecurity
#hacking #bugbounty #bugbountytips #websecurity #infosec #discord #xss
#hacking #bugbounty #bugbountytips #websecurity #infosec #oauth
Episode 111: How to Bypass DOMPurify in Bug Bounty with Kevin Mizu Episode 111: In this episode of Critical Thinking - Bug Bounty Podcast Justin interviews Kevin Mizu to showcase his knowledge regarding DOMPurify and its misconfigurations. We walk through some of Kevin’s research, highlighting things like Dangerous allow-lists and…
![[Bug Drop] XSSDoctor's Sick XSS Chain](https://i.ytimg.com/vi/oA1kooSC5pU/maxresdefault.jpg "[Bug Drop] XSSDoctor's Sick XSS Chain")
We're going a bit outside the normal posts for CTBB Podcast today, and we're gonna give you a taste of what our premium content on Discord feels like. This time, we've got an AMAZING bug from XSSDoctor. If you'd like to get your hands on the lab for this one,…
Episode 110: In this episode of Critical Thinking - Bug Bounty Podcast we hit some quick news items including a DOMPurify 3.2.3 Bypass, O3 mini updates, and a cool postLogger Chrome Extension. Then, we hone in on OAuth vulnerabilities, API keys, and innovative techniques hackers use to exploit these systems.…
#hacking #bugbounty #bugbountytips #websecurity #infosec #cookies #cookiebombing #SAASsecurity
#hacking #bugbounty #bugbountytips #websecurity #infosec
Episode 109: In this episode of Critical Thinking - Bug Bounty Podcast we start off with a quick recap of some of the DeepSeek Drama that’s been going down, and discuss AI in CAPTCHA and 2FA as well. Then we switch to cover some other news before settling in to…
