Episode 65: In this episode of Critical Thinking - Bug Bounty Podcast we sit down with Sam Curry to discuss the ethical considerations and effectiveness of hacking, the importance of good intent, and the enjoyment Sam derives from pushing the boundaries to find bugs. He shares stories of his experiences, including hacking Tesla, online casinos,Starbucks, his own is ISP router, and even getting detained at the airport.
Follow us on twitter at: https://twitter.com/ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to https://twitter.com/realytcracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
Project Discovery Conference: https://nux.gg/hss24
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Today’s Guest:
Resources:
Don’t Force Yourself to Become a Bug Bounty Hunter
https://samcurry.net/dont-force-yourself-to-become-a-bug-bounty-hunter/
hackcompute
https://hackcompute.com/
Starbucks Bug
https://samcurry.net/hacking-starbucks/
recollapse
https://github.com/0xacb/recollaps
Timestamps:
(00:00:00) Introduction
(00:02:25) Hacking Journey and the limits of Ethical Hacking
(00:28:28) Selecting companies to hack
(00:33:22) Fostering passion vs. Forcing performance
(00:54:06) Collaboration and Hackcompute
(01:00:40) The Efficacy of Bug Bounty
(01:09:20) Secondary Context Bugs
(01:25:01) Mindmaps, note-taking, and Intuition.
(01:46:56) Back-end traversals and Unicode
(01:56:16) Hacking ISP
(02:06:58) Next.js and Crypto
(02:22:24) Dev vs. Prod JWT
