Critical Thinking - Bug Bounty Podcast

Episode 173: In this episode of Critical Thinking - Bug Bounty Podcast we’re talking about the negative effects that AI is having on the Bug Bounty scene as a whole. Is it over, or are we so back?Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/ ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor: Check out Zero Trust Cloud Access:https://www.criticalthinkingpodcast.io/tl-ztca====== Resources ======We want your feedback on this!https://forms.ctbb.show/future_of_bug_bountyEvolving the Android & Chrome VRPs for the AI Erahttps://bughunters.google.com/blog/evolving-the-android-chrome-vrps-for-the-ai-eraPaid Submissions?https://x.com/d0rsky/status/2047744193976742120Keep the Robots Out of the Gymhttps://danielmiessler.com/blog/keep-the-robots-out-of-the-gymIs my data used for model training?https://privacy.claude.com/en/articles/10023580-is-my-data-used-for-model-training====== Timestamps ======(00:00:00) Introduction(00:06:28) Network effects of Bug Bounty(00:31:55) Hopium/Copium(00:47:21) The Great Training Data Debate

Episode 172: In this episode of Critical Thinking - Bug Bounty Podcast trying out a new structure of episode: a Meta Analysis of sorts of many Source Code Review techniques. This episode features tips gathered from Shubs, Rafax, and FSI. Justin highlights best approaches, patterns, and common pitfalls.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/ ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today’s Sponsor: Adobe - Get 10% bonus for valid AI vulnerabilities in Adobe Stock and Lightroom Web. Use code: CTBB063026 in your report.Expires June 30, 2026. ====== This Week in Bug Bounty ======Open-source security testing: the Bug Bounty guide to code analysishttps://www.yeswehack.com/learn-bug-bounty/open-source-guide-code-analysis?utm_source=youtube&utm_medium=sponsor-critical-thinking&utm_campaign=open-source-guide-code-analysis====== Resources ======Abusing Windows, .NET quirks, and Unicode Normalization to exploit DNN (DotNetNuke)https://slcyber.io/research-center/abusing-windows-net-quirks-and-unicode-normalization-to-exploit-dnn-dotnetnuke/#:~:text=across%20different%20languages.-,A%20MUST%2DKNOW%20BEHAVIOUR%20OF%20PATH.COMBINE,-Another%20key%20implementation====== Timestamps ======(00:00:00) Introduction(00:06:49) Tracing Data Flow, knowing where your playload is landing, and developer mistakes.(00:17:33) Mapping the software(00:24:46) Sniffing for blood(00:31:54) Common Patterns and Pitfalls