Critical Thinking - Bug Bounty Podcast Episode 165: Protobuf Hacking, AI-Powered Bug Hunting, and Self-Improving Claude Workflows
Mar 12, 2026
A fast-paced dive into protobuf hacking and how decoding wire formats uncovers hidden fields. They discuss AI-powered bug hunting, Claude workflows that learn from failures, and tools that automate report searching. Practical risks like client-side mic permission flaws and iframe delegation get highlighted. New hardware hacking resources and ways to run remote labs round out the tech-packed conversation.
AI Snips
Chapters
Transcript
Episode notes
Zero Trust World Talk With Cloud Code Slides
- Justin recounted giving a last-minute moved talk at Zero Trust World to ~400 people and running interactive labs from pre-imaged laptops.
- He used Cloud Code to auto-generate slides and host labs, avoiding slide-prep pain and supporting 500 concurrent users.
Decode Protobufs To Unlock Hidden Parameters
- Protobuf binary payloads on Google endpoints often contain base64-encoded nested fields that reveal IDs and UI strings when decoded.
- Justin built a Kaido convert workflow to decode length-delimited protobuf values and map field numbers to likely meanings for further injection.
Use Claude To Automate Protobuf Reverse Engineering
- Use Claude to analyze protobuf strings and generate reversible encoders/decoders to test and manipulate fields rapidly.
- Be aware some Google protos include checksums, but Claude often identifies and implements those calculations automatically.