Episode 154: In this episode of Critical Thinking - Bug Bounty Podcast Joseph and Brandyn talk through the transition from Bug Bounty hunting to Pentesting. We cover diversifying income streams, the challenges of pricing for Pentests, legal considerations, and what Bug Hunters can bring to the Pentesting world

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater, rez0 and gr3pme on X:

https://x.com/Rhynorater

https://x.com/rez0__

https://x.com/gr3pme

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

====== Timestamps ======

(00:00:00) Introduction

(00:03:36) Starting a Pentesting Company

(00:12:25) Advantages of Pentesting as a Bug Bounty Hunter

(00:29:03) Pricing, Sales, and knowing your Market/Worth

(00:36:21) Compliance in Pentests & Rapid-Fire Takaways

Episode 153: In this episode of Critical Thinking - Bug Bounty Podcast Matt Brown returns to talk with us about hacking robots, IOT hackbots, and his Zero-to-Hero Hardware Hacking Guide.

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater, rez0 and gr3pme on X:

https://x.com/Rhynorater

https://x.com/rez0__

https://x.com/gr3pme

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today’s Guest: Matt Brown

• https://x.com/nmatt0
• https://github.com/BrownFineSecurity/iothackbot

====== Resources ======

KeeYees USB Logic Analyzer Device

Saleae logic analyzer

XGecu

Hardware Hacking Tutorial by Make Me Hack

UART and SPI firmware extraction

UART Root Shell on Linux Router

UART Shell Jail and Unlocked Bootloader

Chinese IP Camera Firmware Extraction

Chip-Off Firmware Extraction

====== Timestamps ======

(00:00:00) Introduction

(00:01:22) Incremental Session Token Story and Matt Brown Intro

(00:10:42) Hardware Bug Bounty Scene & AI on Devices

(00:24:30) Hacking Human Robot

(00:41:33) Zero-to-Hero Hardware Hacking Guide

(01:01:47) IOT Hackbot

Episode 152: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Sasi Levi from Noma Security to talk about AI and Agentic Security. We also talk about ForcedLeak, a Google Vertex Bug, and debate if Prompt Injection is a real Vuln.

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater, rez0 and gr3pme on X:

https://x.com/Rhynorater

https://x.com/rez0__

https://x.com/gr3pme

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

CHeck out our New Christmas Swag at https://ctbb.show/merch!

Today's Sponsor: ThreatLocker. Check out ThreatLocker Elevation Control

https://ctbb.show/tl-ec

And Noma Security! https://noma.security/

Today’s Guest: https://x.com/sasi2103

====== This Week in Bug Bounty ======

Vercel Platform Protection

Dedicated HackerOne program for Vercel WAF

YesWeHack Open Source Programs

Android recon for Bug Bounty hunters

====== Resources ======

Sasi's Tweet from 2015

ForcedLeak: AI Agent risks exposed in Salesforce AgentForce

Is Prompt Injection a Vulnerability?

====== Timestamps ======

(00:00:00) Introduction

(00:09:16) Google Vertex AI Bug

(00:29:28) Sasi's Background and Bug Bounty Journey

(00:38:55) Resources for AI and Agentic Security Methodology

(00:50:34) ForcedLeak

(01:02:06) Is Prompt Injection a Vuln?

Episode 151: In this episode of Critical Thinking - Bug Bounty Podcast we’re covering Client-side advanced topics. Justin talks Joseph (and us) through Third-Party Cookie Nuances, Iframe Tricks, URL Parsing, and more.

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater, rez0 and gr3pme on X:

https://x.com/Rhynorater

https://x.com/rez0__

https://x.com/gr3pme

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today's Sponsor: ThreatLocker. Check out ThreatLocker Elevation Control

https://ctbb.show/tl-ec

====== Resources ======

Nowasky's Tweet #1

https://x.com/nowaskyjr/status/1993421017381744974

Nowasky's Tweet #2

https://x.com/nowaskyjr/status/1992717862398800081

rep+ in Chrome DevTools

https://x.com/BourAbdelhadi/status/1992622964077179229

Terjanq Post from 2021

https://x.com/terjanq/status/1421093136022048775

====== Timestamps ======

(00:00:00) Introduction

(00:02:58) Client-side news & AI Updates

(00:12:02) Third-Party Cookie Nuances & PostMessages

(00:30:09) Iframe Tricks

(00:47:43) URL Parsing, CSPTS, and Client-side Routes

Episode 150: In this episode of Critical Thinking - Bug Bounty Podcast we're highlighting some cool news and research, but not before expressing our gratitude to the Hacker community. We are so thankful for you all!

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater, rez0 and gr3pme on X:

https://x.com/Rhynorater

https://x.com/rez0__

https://x.com/gr3pme

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today's Sponsor: ThreatLocker. Check out ThreatLocker Elevation Control

https://ctbb.show/tl-ec

====== This Week in Bug Bounty ======

Cache Overflow on Cloudflare

====== Resources ======

Breaking Oracle’s Identity Manager

Who Needs a Blind XSS?

ASP.NET MVC View Engine Search Patterns

Heretic

Lesser known techniques for large-scale subdomain enum

Antigravity – Known Issues

Bug Bounty Daily

Caido version of AssetNote Surf

====== Timestamps ======

(00:00:00) Introduction

(00:09:47) Breaking Oracle’s Identity Manager & Who Needs a Blind XSS?

(00:20:37) ASP.NET MVC View Engine Search Patterns & Heretic

(00:29:04) Lesser known techniques for large-scale subdomain enum

(00:35:29) Gemini 3 & Antigravity.

(00:45:57) Bug Bounty Daily

(00:52:42) Surf for Caido

Episode 148: In this episode of Critical Thinking - Bug Bounty Podcast Justin gives us a crash course on Model Context Protocol.

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater, rez0 and gr3pme on X:

https://x.com/Rhynorater

https://x.com/rez0__

https://x.com/gr3pme

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

====== Timestamps ======

(00:00:00) Introduction

(00:02:51) MCP Architecture & Authentication

(00:13:08) Roots, Sampling, & Elicitation

(00:19:15) Tools and Resources

Episode 147: In this episode of Critical Thinking - Bug Bounty Podcast we're talking tips and tricks that help us in hacking that we really should’ve learned sooner.

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater, rez0 and gr3pme on X:

https://x.com/Rhynorater

https://x.com/rez0__

https://x.com/gr3pme

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today's Sponsor: ThreatLocker. Check out ThreatLocker Network Control

https://www.criticalthinkingpodcast.io/tl-nc

====== This Week in Bug Bounty ======

Netscaler's new program

https://hackerone.com/netscaler_public_program?type=team

The ultimate Bug Bounty guide to HTTP request smuggling vulnerabilities

https://www.yeswehack.com/learn-bug-bounty/http-request-smuggling-guide-vulnerabilities

Hackers now have 2 Request-a-Response

https://docs.bugcrowd.com/changelog/researchers/request-a-response-researcher/

Evan Connelly Spotlight

https://www.bugcrowd.com/blog/hacker-spotlight-evan-connelly/

Epic Games Jobs Openings

Jobs.ctbb.show

====== Timestamps ======

(00:00:00) Introduction

(00:09:23) Command Palette, Auto-decoding, & Evenbetter

(00:17:28) Chrome Devtools Edit as html & Raycast

(00:33:23) ffuf -request flag

(00:41:33) JXScout

(00:48:55) Conditional Breakpoints in Devtools & Lightning round tips

Episode 146: In this episode of Critical Thinking - Bug Bounty Podcast Justin, Joseph, and Brandyn all sit down to celebrate the spooky season by swapping their scariest bug stories. From frightening fails and firings to hacks with chilling and critical consequences. Grab your flashlight and a blanket for this one!

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater, rez0 and gr3pme on X:

https://x.com/Rhynorater

https://x.com/rez0__

https://x.com/gr3pme

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today's Sponsor: ThreatLocker. Check out ThreatLocker Network Control

https://www.criticalthinkingpodcast.io/tl-nc

====== This Week in Bug Bounty ======

Methodology tips from top Bug Bounty hunters

YesWeHack marks first year of partnership with Singapore’s Government

HackerOne Hacker-Powered Security Report

====== Resources ======

Critical Research Lab

Hacking the World Poker Tour: Inside ClubWPT Gold’s Back Office

File Creation via SQLite Injection

====== Timestamps ======

(00:00:00) Introduction

(00:10:11) Crit Research Lab News

(00:21:31) Hacking the World Poker Tour & File Creation via SQLite Injection

(00:30:40) Brandyn's Spooky Bug

(00:38:02) Joseph's Spooky Bug

(00:44:18) Justin's Spooky Bug

(00:54:44) Banking Bugs, LHE Scares, and Workday weirdness.

(01:14:52) Firings and failures

(01:22:49) Bank Bug Redux

(01:35:55) Wedding planning/registry app & Amazon Rufus bugs

(01:40:52) New Relic bug