Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Player FM - Internet Radio Done Right
43 subscribers
Checked 5d ago
Menambahkan two tahun yang lalu
Konten disediakan oleh Justin Gardner (Rhynorater) & Joseph Thacker (Rez0), Justin Gardner (Rhynorater), and Joseph Thacker (Rez0). Semua konten podcast termasuk episode, grafik, dan deskripsi podcast diunggah dan disediakan langsung oleh Justin Gardner (Rhynorater) & Joseph Thacker (Rez0), Justin Gardner (Rhynorater), and Joseph Thacker (Rez0) atau mitra platform podcast mereka. Jika Anda yakin seseorang menggunakan karya berhak cipta Anda tanpa izin, Anda dapat mengikuti proses yang diuraikan di sini https://id.player.fm/legal.
Mirip dengan Critical Thinking - Bug Bounty Podcast
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
What is the internet doing to us? The Times tech columnist Kevin Roose discovers what happens when our lives move online. Unlock full access to New York Times podcasts and explore everything from politics to pop culture. Subscribe today at nytimes.com/podcasts or on Apple Podcasts and Spotify.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
We help founders make something people want.
…
continue reading
R
Redefining AI - Artificial Intelligence with Squirro
1
Redefining AI - Artificial Intelligence with Squirro
Squirro
12k
113
Redefining AI is the 2024 New York Digital Award winning tech podcast! Discover a whole new take on Artificial Intelligence in joining host Lauren Hawker Zafer, a top voice in Artificial Intelligence on LinkedIn, for insightful chats that unravel the fascinating world of tech innovation, use case exploration and AI knowledge. Dive into candid discussions with accomplished industry experts and established academics. With each episode, you'll expand your grasp of cutting-edge technologies and ...
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
T
The Talk Show With John Gruber
1
The Talk Show With John Gruber
Daring Fireball / John Gruber
2k337
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
We promise we are not as Horrible as you think at video games, well maybe. Join us in a weekly show discussing video games, the culture around it and the latest topics going on in the industry. You’ll find insightful discussions , game reviews, and industry news that cater to all gaming enthusiasts. Join us as we dive deep into the world of gaming, sharing our thoughts and experiences. Give us a listen and share us with your friends. Your feedback is always welcome, and we appreciate your su ...
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
Player FM - Aplikasi Podcast
Offline dengan aplikasi Player FM !
Offline dengan aplikasi Player FM !
))
Daily Deals
Episode 108: How to Hack Salesforce, ServiceNow, and Other SaaS Products With Aaron Costello
Manage episode 463986289 series 3435922
Konten disediakan oleh Justin Gardner (Rhynorater) & Joseph Thacker (Rez0), Justin Gardner (Rhynorater), and Joseph Thacker (Rez0). Semua konten podcast termasuk episode, grafik, dan deskripsi podcast diunggah dan disediakan langsung oleh Justin Gardner (Rhynorater) & Joseph Thacker (Rez0), Justin Gardner (Rhynorater), and Joseph Thacker (Rez0) atau mitra platform podcast mereka. Jika Anda yakin seseorang menggunakan karya berhak cipta Anda tanpa izin, Anda dapat mengikuti proses yang diuraikan di sini https://id.player.fm/legal.
Episode 108: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph bring on Aaron Costello to discuss SaaS security and misconfigurations as a bug class. He also gives some in-depth examples from Salesforce, ServiceNow, and Power Pages.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to https://x.com/realytcracker for the awesome intro music!
====== Links ======
Follow your hosts on Twitter:
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today’s Sponsor: AppOmni. Get AppOmni's Definitive Guide to SaaS Security https://www.criticalthinkingpodcast.io/AppOmni
Today’s Guest:
====== Resources ======
Aaron's Blog
Data Exposure and ServiceNow: The Elephant in the ITSM Room
https://www.enumerated.ie/index/servicenow-data-exposure
Salesforce Lightning - An in-depth look at exploitation vectors for the everyday community
https://www.enumerated.ie/index/salesforce
Lightning Components: A Treatise on Apex
Security from an External Perspective
Microsoft Power Pages: Data Exposure Reviewed
https://appomni.com/ao-labs/microsoft-power-pages-data-exposure-reviewed/
====== Timestamps ======
(00:00:00) Introduction
(00:03:00) Aaron Costello, Arbitrary File Upload, & App Cache Manifest Poison bug
(00:13:37) SAAS Misconfigurations as a bug class
(00:43:27) SalesForce Misconfigurations
(01:11:30) Microsoft Power Pages
112 episode
BagikanManage episode 463986289 series 3435922
Konten disediakan oleh Justin Gardner (Rhynorater) & Joseph Thacker (Rez0), Justin Gardner (Rhynorater), and Joseph Thacker (Rez0). Semua konten podcast termasuk episode, grafik, dan deskripsi podcast diunggah dan disediakan langsung oleh Justin Gardner (Rhynorater) & Joseph Thacker (Rez0), Justin Gardner (Rhynorater), and Joseph Thacker (Rez0) atau mitra platform podcast mereka. Jika Anda yakin seseorang menggunakan karya berhak cipta Anda tanpa izin, Anda dapat mengikuti proses yang diuraikan di sini https://id.player.fm/legal.
Episode 108: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph bring on Aaron Costello to discuss SaaS security and misconfigurations as a bug class. He also gives some in-depth examples from Salesforce, ServiceNow, and Power Pages.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to https://x.com/realytcracker for the awesome intro music!
====== Links ======
Follow your hosts on Twitter:
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today’s Sponsor: AppOmni. Get AppOmni's Definitive Guide to SaaS Security https://www.criticalthinkingpodcast.io/AppOmni
Today’s Guest:
====== Resources ======
Aaron's Blog
Data Exposure and ServiceNow: The Elephant in the ITSM Room
https://www.enumerated.ie/index/servicenow-data-exposure
Salesforce Lightning - An in-depth look at exploitation vectors for the everyday community
https://www.enumerated.ie/index/salesforce
Lightning Components: A Treatise on Apex
Security from an External Perspective
Microsoft Power Pages: Data Exposure Reviewed
https://appomni.com/ao-labs/microsoft-power-pages-data-exposure-reviewed/
====== Timestamps ======
(00:00:00) Introduction
(00:03:00) Aaron Costello, Arbitrary File Upload, & App Cache Manifest Poison bug
(00:13:37) SAAS Misconfigurations as a bug class
(00:43:27) SalesForce Misconfigurations
(01:11:30) Microsoft Power Pages
112 episode
Semua episode
×
C
Critical Thinking - Bug Bounty Podcast
1 Episode 112: Interview with Ciarán Cotter (MonkeHack) - Critical Lab Researcher and Full-time Hunter 1:07:37
1:07:37 
Putar Nanti 
Putar Nanti 
Daftar 
Suka 
Menyukai1:07:37
Putar Nanti Putar Nanti Daftar Suka MenyukaiEpisode 112: In this episode of Critical Thinking - Bug Bounty Podcast Joseph Thacker is joined by Ciarán Cotter (Monke) to share his bug hunting journey and give us the rundown on some recent client-side and server-side bugs. Then they discuss WebSockets, SaaS security, and cover some AI news including Grok 3, Nuclei -AI Flag, and some articles by Johann Rehberger. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater https://x.com/rez0__ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch ! Today’s Guest - Ciarán Cotter https://x.com/monkehack ====== Resources ====== Msty https://msty.app/ From Day Zero to Zero Day https://nostarch.com/zero-day Nuclei - ai flag https://x.com/pdiscoveryio/status/1890082913900982763 ChatGPT Operator: Prompt Injection Exploits & Defenses https://embracethered.com/blog/posts/2025/chatgpt-operator-prompt-injection-exploits/ Hacking Gemini's Memory with Prompt Injection and Delayed Tool Invocation https://embracethered.com/blog/posts/2025/gemini-memory-persistence-prompt-injection/ ====== Timestamps ====== (00:00:00) Introduction (00:01:04) Bug Rundowns (00:13:05) Monke's Bug Bounty Background (00:20:03) Websocket Research (00:34:01) Connecting Hackers with Companies (00:34:56) Grok 3, Msty, From Day Zero to Zero Day (00:42:58) Full time Bug Bounty, SaaS security, and Threat Modeling while AFK (00:54:49) Nuclei - ai flag, ChatGPT Operator, and Hacking Gemini's Memory…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 111: How to Bypass DOMPurify in Bug Bounty with Kevin Mizu 1:49:15
1:49:15 Putar Nanti Putar Nanti Daftar Suka Menyukai1:49:15
Putar Nanti Putar Nanti Daftar Suka MenyukaiEpisode 111: In this episode of Critical Thinking - Bug Bounty Podcast Justin interviews Kevin Mizu to showcase his knowledge regarding DOMPurify and its misconfigurations. We walk through some of Kevin’s research, highlighting things like Dangerous allow-lists and URI Attributes, DOMPurify hooks, node manipulation, and DOM Clobbering. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater https://x.com/rez0__ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch ! ====== Resources ====== Exploring the DOMPurify library: Bypasses and Fixes (1/2) https://mizu.re/post/exploring-the-dompurify-library-bypasses-and-fixes Exploring the DOMPurify library: Hunting for Misconfigurations (2/2) https://mizu.re/post/exploring-the-dompurify-library-hunting-for-misconfigurations Dom-Explorer tool https://yeswehack.github.io/Dom-Explorer/shared?id=772a440c-b0c2-4991-be71-3e271cf7954f CT Episode 61: A Hacker on Wall Street - JR0ch17 https://www.criticalthinkingpodcast.io/episode-61-a-hacker-on-wall-street-jr0ch17/ ====== Timestamps ====== (00:00:00) Introduction (00:01:44) Kevin Mizu - Background and Bring-a-bug (00:15:09) DOMPurify (00:29:04) Misconfigurations - Dangerous allow-lists (00:39:09) Dangerous URI attributes configuration (00:46:08) Bad usage (00:59:55) DOMPurify Hooks: before, after, and upon SanitizeAttribute (01:29:15) Node manipulation, nodeName namespace case confusion, & DOM Clobbering DOS (01:36:51) Misc concepts for future research…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 110: Oauth Gadget Correlation and Common Attacks 49:41
49:41 Putar Nanti Putar Nanti Daftar Suka Menyukai49:41
Putar Nanti Putar Nanti Daftar Suka MenyukaiEpisode 110: In this episode of Critical Thinking - Bug Bounty Podcast we hit some quick news items including a DOMPurify 3.2.3 Bypass, O3 mini updates, and a cool postLogger Chrome Extension. Then, we hone in on OAuth vulnerabilities, API keys, and innovative techniques hackers use to exploit these systems. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to https://x.com/realytcracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater https://x.com/rez0__ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch ! ====== Resources ====== DOMPurify 3.2.3 Bypass Jason Zhou's post about O3 mini Live Chat Blog #2: Cisco Webex Connect postLogger Chrome Extension postLogger Webstore Link Common OAuth Vulnerabilities nOAuth: How Microsoft OAuth Misconfiguration Can Lead to Full Account Takeover Account Takeover using SSO Logins Kai Greshake ====== Timestamps ====== (00:00:00) Introduction (00:01:44) DOMPurify 3.2.3 Bypass (00:06:37) O3 mini (00:10:29) Ophion Security: Cisco Webex Connect (00:15:54) Discord Community News (00:19:12) postLogger Chrome Extension (00:21:04) Common OAuth Vulnerabilities & Lessons learned from Google’s APIs…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 109: Creative Recon - Alternative Techniques 1:01:42
1:01:42 Putar Nanti Putar Nanti Daftar Suka Menyukai1:01:42
Putar Nanti Putar Nanti Daftar Suka MenyukaiEpisode 109: In this episode of Critical Thinking - Bug Bounty Podcast we start off with a quick recap of some of the DeepSeek Drama that’s been going down, and discuss AI in CAPTCHA and 2FA as well. Then we switch to cover some other news before settling in to talk about Alternative Recon Techniques Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to https://x.com/realytcracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater https://x.com/rez0__ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch ! Today’s Sponsor - ThreatLocker. Check out their Managed Detection and Response! ====== Resources ====== Resources Wiz Research Uncovers Exposed DeepSeek Database Bypass Bot Detection Tweet from sw33tLie rsc 2fa Stealing HttpOnly cookies with the cookie sandwich technique Report Pointers for Collaborative Chains Clone2Leak: Your Git Credentials Belong To Us Deanonymization via cache GoogleChrome related-website-sets ====== Timestamps ====== (00:00:00) Introduction (00:02:03) DeepSeek debacle and Bypass Bot Detection (00:23:48) Stealing HttpOnly cookies with the cookie sandwich technique (00:30:54) Report Pointers for Collaborative Chains (00:34:43) Clone2Leak: Your Git Credentials Belong To Us (00:40:04) Deanonymization for Signal and Discord (00:41:53) Alternative Recon Techniques…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 108: How to Hack Salesforce, ServiceNow, and Other SaaS Products With Aaron Costello 1:31:08
1:31:08 Putar Nanti Putar Nanti Daftar Suka Menyukai1:31:08
Putar Nanti Putar Nanti Daftar Suka MenyukaiEpisode 108: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph bring on Aaron Costello to discuss SaaS security and misconfigurations as a bug class. He also gives some in-depth examples from Salesforce, ServiceNow, and Power Pages. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to https://x.com/realytcracker for the awesome intro music! ====== Links ====== Follow your hosts on Twitter: https://x.com/Rhynorater https://x.com/rez0__ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch ! Today’s Sponsor: AppOmni. Get AppOmni's Definitive Guide to SaaS Security https://www.criticalthinkingpodcast.io/AppOmni Today’s Guest: https://x.com/ConspiracyProof ====== Resources ====== Aaron's Blog https://www.enumerated.ie/ Data Exposure and ServiceNow: The Elephant in the ITSM Room https://www.enumerated.ie/index/servicenow-data-exposure Salesforce Lightning - An in-depth look at exploitation vectors for the everyday community https://www.enumerated.ie/index/salesforce Lightning Components: A Treatise on Apex Security from an External Perspective https://go.appomni.com/hubfs/Collateral/AppOmni_Labs_White_Paper_Apex_Security.pdf?utm_campaign=Network%20Computing&utm_source=referral&utm_content=network_computing Microsoft Power Pages: Data Exposure Reviewed https://appomni.com/ao-labs/microsoft-power-pages-data-exposure-reviewed/ ====== Timestamps ====== (00:00:00) Introduction (00:03:00) Aaron Costello, Arbitrary File Upload, & App Cache Manifest Poison bug (00:13:37) SAAS Misconfigurations as a bug class (00:43:27) SalesForce Misconfigurations (01:11:30) Microsoft Power Pages…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 107: Bypassing Cross-Origin Browser Headers 1:06:17
1:06:17 Putar Nanti Putar Nanti Daftar Suka Menyukai1:06:17
Putar Nanti Putar Nanti Daftar Suka MenyukaiEpisode 107: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph are tackling the subject of cross-origin security headers. They also cover some news items including Google’s OAuth login flaw, RAINK, and gift card hacking. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to https://x.com/realytcracker for the awesome intro music! ====== Links ====== Follow your hosts on Twitter: https://x.com/Rhynorater https://x.com/rez0__ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch ! Today’s Sponsor - ThreatLocker. Check out their Managed Detection and Response! https://www.criticalthinkingpodcast.io/tl-mdr ====== Resources ====== A Proud Dad's Tale of Two Bug Hunting Daughters and Their Responsible Disclosures Google’s OAuth login flaw Rez0's Ai tweet Rez0's Follow-up Raink from BishopFox Gift cards security research Top 10 web hacking techniques of 2024 Cross-Origin-Opener-Policy: preventing attacks from popups ====== Timestamps ====== (00:00:00) Introduction (00:05:13) Hacking with your kids (00:09:46) H1/bc pentests (00:12:23) Google’s OAuth login flaw (00:18:01) Raink & Rez0's AI tweets (00:28:46) Giftcard hacking & Portswigger top 10 voting (00:34:23) Cross Origin Web Headers…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 106: Announcing our new cohost... 58:10
58:10 Putar Nanti Putar Nanti Daftar Suka Menyukai58:10
Putar Nanti Putar Nanti Daftar Suka MenyukaiEpisode 106: In this episode of Critical Thinking - Bug Bounty Podcast we are pleased to announce our new co-host of the podcast: Joseph Thacker Aka Rez0! We discuss Joseph's transition to full-time bug bounty hunting, his goals, and what he’s looking forward to bringing to the pod. We also cover some news items including doubleclickjacking, character set attacks, SVG XSS, and more. Follow us on twitter at: @ctbbpodcast Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Rez0 on twitter: https://x.com/Rhynorater https://x.com/rez0__ ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Check out our new SWAG store at https://ctbb.show/swag ! Resources DoubleClickjacking: A New Era of UI Redressing https://www.paulosyibelo.com/2024/12/doubleclickjacking-what.html XBOW Validation Benchmarks https://github.com/xbow-engineering/validation-benchmarks Jorian tweet https://x.com/J0R1AN/status/1871586792455163975 Simplified Payload https://portswigger-labs.net/xss/charset.php?x=%1b$B%1b(B%3Ca%20href=javas%1B(Jcript:alert(1)%3Etest%3C/a%3E&charset= SVG XSS Payload https://x.com/garethheyes/status/1876953751245783534 curl-cffi https://pypi.org/project/curl-cffi/ Bypassing File Upload Restrictions To Exploit CSPT https://blog.doyensec.com/2025/01/09/cspt-file-upload.html AI-Crash-Course https://github.com/henrythe9th/AI-Crash-Course?tab=readme-ov-file Timestamps (00:00:00) Introduction (00:02:15) Rez0's journey to Full-time hunter, Tool developer, and new Co-host (00:21:04) DoubleClickjacking (00:31:48) XBOW Validation Benchmarks, Charset Thoughts, and SVG XSS (00:42:28) curl-cffi, CSPT, and AI Crash Course…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 105: Best Critical Thinking Moments from 2024 2:17:47
2:17:47 Putar Nanti Putar Nanti Daftar Suka Menyukai2:17:47
Putar Nanti Putar Nanti Daftar Suka MenyukaiEpisode 105: In this episode of Critical Thinking - Bug Bounty Podcast we're back with another Best-of episode recapping some of our top moments of 2024. Follow us on twitter at: @ctbbpodcast Ssend us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Rez0 on twitter: https://x.com/Rhynorater https://x.com/rez0__ ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Check out our new SWAG store at https://ctbb.show/swag ! Today’s Sponsor - ThreatLocker. Check out their Elevation Control! https://www.criticalthinkingpodcast.io/tl-ec Resources Episode 53 ctbb.show/53 Episode 59 ctbb.show/59 Episode 65 ctbb.show/65 Episode 69 ctbb.show/69 Episode 80 ctbb.show/80 Episode 81 ctbb.show/81 Episode 86 ctbb.show/86 Episode 87 ctbb.show/87 Episode 91 ctbb.show/91 Episode 93 ctbb.show/93 Episode 99 ctbb.show/99 Timestamps (00:00:00) Introduction (00:03:59) Episode 53 (00:17:12) Episode 59 (00:32:45) Episode 65 (00:48:08) Episode 69 (01:02:37) Episode 80 (01:18:09) Episode 81 (01:28:59) Episode 86 (01:41:04) Episode 87 (01:54:48) Episode 91 (02:01:48) Episode 93 (02:09:37) Episode 99…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 104: 2024 Hacker Stats & 2025 Goals 29:00
29:00 Putar Nanti Putar Nanti Daftar Suka Menyukai29:00
Putar Nanti Putar Nanti Daftar Suka MenyukaiEpisode 104: In this episode of Critical Thinking - Bug Bounty Podcast Justin reflects upon the past year and walks through some of the bug bounty goals he had for 2024, and how he feels like he did. Then he sets some goals for 2025, as well as some exciting CT news for the coming year. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Rez0 on X: https://x.com/rhynorater https://x.com/rez0__ ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Check out our new SWAG store at https://ctbb.show/swag ! Resources CTBB Full Time Guild ctbb.show/ft Critical Research Lab ctbb.show/crl CT Episode 51 - 2024 Goals https://www.criticalthinkingpodcast.io/episode-51-hacker-stats-2023-2024-goals/ Personal BB inventory and goals https://ctbb.show/blog Timestamps (00:00:00) introduction (00:00:57) Critical Thinking 2025 Announcements (00:04:21) Personal Inventory of 2024 (00:24:05) Goals for 2025…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 103: Getting ANSI about Unicode Normalization 1:00:30
1:00:30 Putar Nanti Putar Nanti Daftar Suka Menyukai1:00:30
Putar Nanti Putar Nanti Daftar Suka MenyukaiEpisode 103: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph delve into the vulnerabilities associated with ANSI codes and large language models (LLMs), as well as talk through some new research and the value of micro-blogging in general. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord ! We offer Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Check out our new SWAG store ! Join our Shift waitlist ! Today’s Sponsor - ThreatLocker. Check out their Elevation Control! https://www.criticalthinkingpodcast.io/tl-ec Resources _json Juggling Attack Cross-Site POST Requests Without a Content-Type Header Worst Fit Orange Tsai on Worst Fit Handling Cookies is a Minefield Terminal DiLLMa XS-Leaking flags with CSS: A CTFd 0day Hacking Back the AI-Hacker Johann Computer use demo How I Became The Most Valuable Hacker Timestamps (00:00:00) Introduction (00:01:39) _json Juggling Attack and Cross-Site POST Requests Without a Content-Type Header (00:10:55) Worst Fit and Unicode Mapping (00:20:08) Handling Cookies is a Minefield (00:28:11) Terminal DiLLMa & CTFd 0day (00:41:18) Hacking Back the AI-Hacker (00:47:30) Becoming Most Valuable Hacker…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 102: Building Web Hacking Micro Agents with Jason Haddix 1:02:49
1:02:49 Putar Nanti Putar Nanti Daftar Suka Menyukai1:02:49
Putar Nanti Putar Nanti Daftar Suka MenyukaiEpisode 102: In this episode of Critical Thinking - Bug Bounty Podcast Justin grabs Jason Haddix to help brainstorm the concept of AI micro-agents in hacking, particularly in terms of web fuzzing, WAF bypasses, report writing, and more.They discuss the importance of contextual knowledge, the cost implications, and the strengths of different LLM Models. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Check out our new SWAG store at https://ctbb.show/swag ! Today’s Guest - https://x.com/Jhaddix Resources Keynote: Red, Blue, and Purple AI - Jason Haddix https://www.youtube.com/watch?v=XHeTn7uWVQM Attention in transformers, https://www.youtube.com/watch?v=eMlx5fFNoYc Shift https://shiftwaitlist.com/ The Darkest Side of Bug Bounty https://www.youtube.com/watch?v=6SNy0u6pYOc Timestamps (00:00:00) Introduction (00:01:25) Micro-agents and Weird Machine Tricks (00:11:05) Web fuzzing with AI (00:18:15) Brainstorming Shift and micro-agents (00:34:40) Strengths of different AI Models, and using AI to write reports (00:54:21) The Darkest Side of Bug Bounty…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 101: CTBB Hijacked: Rez0__ on AI Attack Vectors with Johann Rehberger 51:24
51:24 Putar Nanti Putar Nanti Daftar Suka Menyukai51:24
Putar Nanti Putar Nanti Daftar Suka MenyukaiEpisode 101: In this episode of Critical Thinking - Bug Bounty Podcast we’ve been hijacked! Rez0 takes control of this episode, and sits down with Johann Rehberger to discuss the intricacies of AI application vulnerabilities. They talk through the importance of understanding system prompts, and various obfuscation techniques used to bypass security measures, the best AI platforms, and the evolving landscape of AI security. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s Sponsor - ThreatLocker. Check out their Elevation Control! https://www.criticalthinkingpodcast.io/tl-ec Today’s Guest: https://x.com/wunderwuzzi23 Resources Johann's blog https://embracethered.com/blog/ zombais https://embracethered.com/blog/posts/2024/claude-computer-use-c2-the-zombais-are-coming/ Copirate https://embracethered.com/blog/posts/2024/m365-copilot-prompt-injection-tool-invocation-and-data-exfil-using-ascii-smuggling/ Timestamps (00:00:00) Introduction (00:01:59) Biggest things to look for in AI hacking (00:11:58) Best AI companies to hack on (00:15:59) URL Redirects and Obfuscation Techniques (00:24:05) Copirate (00:35:50) prompt injection guardrails and threats…
C
Critical Thinking - Bug Bounty Podcast
1 Ep 100 - 8 Fav Bugs of 2024, Farewell Joel, Hello Shift - Cursor of Hacking 1:41:40
1:41:40 Putar Nanti Putar Nanti Daftar Suka Menyukai1:41:40
Putar Nanti Putar Nanti Daftar Suka MenyukaiEpisode 100: In this episode of Critical Thinking - Bug Bounty Podcast we have a mixed bag. We celebrate 100 episodes of Critical Thinking, but also bid farewell to Joel, who will be leaving the show as a co-host, but returning as guest. Then we hear from a bunch of friends about their 'best bug of the year', before capping the episode with the announcement of a new AI tool we've been working on! Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Resources Delorean https://github.com/jselvi/Delorean Shift shiftwaitlist.com Timestamps (00:00:00) Introduction (00:07:32) Nagli (00:19:09) Shubs (00:35:00) Matt Brown (00:39:42) Matanber (00:57:52) Douglas Day (01:05:18) Alex Chapman (01:15:02) Nahamsec (01:25:45) Rez0 (01:28:20) Shift Announcement…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 99: Back to the Basics - Web Fundamental to 100k a Year in Bug Bounty 1:42:54
1:42:54 Putar Nanti Putar Nanti Daftar Suka Menyukai1:42:54
Putar Nanti Putar Nanti Daftar Suka MenyukaiEpisode 99: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Roni dissect an old thread of Justin's talking about how best to start bug bounty with the goal of making $100k in the first year. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s Sponsor - AssetNote: Check out their ASMR board (no not that kind!) https://assetnote.io/asmr Today’s Guest - https://x.com/0xLupin Resources Justin's Twitter Thread https://x.com/Rhynorater/status/1699395452481769867 Timestamps (00:00:00) Introduction (00:03:00) Web Fundamentals Education (00:46:01) Threat Modeling and Hacking Goals (01:18:58) Vuln Types and finding Specialization…
C
Critical Thinking - Bug Bounty Podcast
1 Episode 98: Team 82 Sharon Brizinov - The Live Hacking Polymath 1:43:57
1:43:57 Putar Nanti Putar Nanti Daftar Suka Menyukai1:43:57
Putar Nanti Putar Nanti Daftar Suka MenyukaiEpisode 98: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner sits down with Sharon,to discuss his journey from early iOS development to leading a research team at Claroty. They address the differences between HackerOne and Pwn2Own, and talk through some intricacies of IoT security, and some less common IoT attack surfaces. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynorater & Teknogeek on twitter: https://twitter.com/0xteknogeek https://twitter.com/rhynorater ------ Ways to Support CTBBPodcast ------ Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Today’s Sponsor - ThreatLocker: Check out Network Control! https://www.criticalthinkingpodcast.io/tl-nc And AssetNote: Check out their ASMR board (no not that kind!) https://assetnote.io/asmr Today’s Guest: https://sharonbrizinov.com/ Resources The Claroty Research Team https://claroty.com/team82 Pwntools https://github.com/Gallopsled/pwntools Scan My SMS http://scanmysms.com Gotta Catch 'Em All: Phishing, Smishing, and the birth of ScanMySMS https://www.youtube.com/watch?v=EhNsXXbDp3U Timestamps (00:00:00) Introduction (00:03:31) Sharon's Origin Story (00:21:58) Transition to Bug Bounty and Pwn2Own vs HackerOne (00:47:05) IoT/ICS Hacking Methodology (01:10:13) Cloud to Device Communication (01:18:15) Bug replication and uncommon attack surfaces (01:30:58) Documentation tracker, reCaptcha bypass, and ScanMySMS…
Selamat datang di Player FM!
Player FM memindai web untuk mencari podcast berkualitas tinggi untuk Anda nikmati saat ini. Ini adalah aplikasi podcast terbaik dan bekerja untuk Android, iPhone, dan web. Daftar untuk menyinkronkan langganan di seluruh perangkat.
Daily Deals
Daily Deals
Mirip dengan Critical Thinking - Bug Bounty Podcast
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
What is the internet doing to us? The Times tech columnist Kevin Roose discovers what happens when our lives move online. Unlock full access to New York Times podcasts and explore everything from politics to pop culture. Subscribe today at nytimes.com/podcasts or on Apple Podcasts and Spotify.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
We help founders make something people want.
…
continue reading
R
Redefining AI - Artificial Intelligence with Squirro
1
Redefining AI - Artificial Intelligence with Squirro
Squirro
12k113
Redefining AI is the 2024 New York Digital Award winning tech podcast! Discover a whole new take on Artificial Intelligence in joining host Lauren Hawker Zafer, a top voice in Artificial Intelligence on LinkedIn, for insightful chats that unravel the fascinating world of tech innovation, use case exploration and AI knowledge. Dive into candid discussions with accomplished industry experts and established academics. With each episode, you'll expand your grasp of cutting-edge technologies and ...
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
T
The Talk Show With John Gruber
1
The Talk Show With John Gruber
Daring Fireball / John Gruber
2k337
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
We promise we are not as Horrible as you think at video games, well maybe. Join us in a weekly show discussing video games, the culture around it and the latest topics going on in the industry. You’ll find insightful discussions , game reviews, and industry news that cater to all gaming enthusiasts. Join us as we dive deep into the world of gaming, sharing our thoughts and experiences. Give us a listen and share us with your friends. Your feedback is always welcome, and we appreciate your su ...
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
Player FM - Aplikasi Podcast
Offline dengan aplikasi Player FM !
Offline dengan aplikasi Player FM !
))
