Interested in going full-time bug bounty? Check out our blueprint!

(Ep. 109) Creative Recon - Alternative Techniques

Episode 109: In this episode of Critical Thinking - Bug Bounty Podcast we start off with a quick recap of some of the DeepSeek Drama that’s been going down, and discuss AI in CAPTCHA and 2FA as well. Then we switch to cover some other news before settling in to talk about Alternative Recon Techniques

Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to https://x.com/realytcracker for the awesome intro music!

====== Links ======
Follow your hosts Rhynorater and Rez0 on Twitter:
https://x.com/Rhynorater
https://x.com/rez0__

====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today’s Sponsor - ThreatLocker. Check out their Managed Detection and Response! https://www.criticalthinkingpodcast.io/tl-mdr

====== Resources ======

Wiz Research Uncovers Exposed DeepSeek Database
https://www.wiz.io/blog/wiz-research-uncovers-exposed-deepseek-database-leak

Bypass Bot Detection
https://x.com/BApp_Store/status/1884648661058990310

Tweet from sw33tLie
https://x.com/sw33tLie/status/1883630595747758384

rsc 2fa
https://github.com/rsc/2fa

Stealing HttpOnly cookies with the cookie sandwich technique
https://portswigger.net/research/stealing-httponly-cookies-with-the-cookie-sandwich-technique

Report Pointers for Collaborative Chains
https://douglas.day/2025/01/20/collaborativechains.html

Clone2Leak: Your Git Credentials Belong To Us
https://flatt.tech/research/posts/clone2leak-your-git-credentials-belong-to-us/

Deanonymization via cache
https://gist.github.com/hackermondev/45a3cdfa52246f1d1201c1e8cdef6117

GoogleChrome related-website-sets
https://github.com/GoogleChrome/related-website-sets

====== Timestamps ======
(00:00:00) Introduction
(00:02:03) DeepSeek debacle and Bypass Bot Detection
(00:23:48) Stealing HttpOnly cookies with the cookie sandwich technique
(00:30:54) Report Pointers for Collaborative Chains
(00:34:43) Clone2Leak: Your Git Credentials Belong To Us
(00:40:04) Deanonymization for Signal and Discord
(00:41:53) Alternative Recon Techniques