Critical Thinking - Bug Bounty Podcast

Valeriy Shevchenko (Krevetk0), an experienced bug bounty hunter and program manager known for high-impact findings. He recounts early big wins and how to prove transient vulnerabilities. He explores scope expansion via supplier chains and proxies. He reveals a striking report‑theft case, how leaks happen, and practical mitigations like watermarks and server-side POCs.

They dissect Claude skills for hacking, explaining when to use deterministic workflows versus exploratory agents. They cover orchestration tricks to keep long tasks running and ways to integrate external tools and APIs. They also highlight where AI-generated reports commonly break and how to structure notes, validators, and pipelines for reproducible research.

A fast-paced dive into protobuf hacking and how decoding wire formats uncovers hidden fields. They discuss AI-powered bug hunting, Claude workflows that learn from failures, and tools that automate report searching. Practical risks like client-side mic permission flaws and iframe delegation get highlighted. New hardware hacking resources and ways to run remote labs round out the tech-packed conversation.

Episode 164: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Tommy DeVoss to talk about his origin story, Yahoo bugs, and how Tommy first got Justin into Bug BountyFollow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/ ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today’s Guest: https://x.com/thedawgyg====== This Week in Bug Bounty ======Python pitfalls: Turning developer mistakes into vulnerabilitieshttps://www.yeswehack.com/learn-bug-bounty/python-pitfalls-turning-developer-mistakes?utm_source=critical-thinking&utm_medium=sponsored&utm_campaign=article-research-python-pitfalls====== Timestamps ======(00:00:00) Introduction(00:06:22) Yahoo SSRF(00:14:56) Tommy's Origin(00:44:10) Bug Bounty(00:51:47) SSRF Attraction, AI implementation, & Browser Hacking

A fast tour of the PortSwigger Top 10 techniques for 2025. They unpack parser differential quirks like YAML tags and duplicate headers. Deep dives cover XSS-leaks via cross-origin redirects and HTTP/2 CONNECT port-scanning. There are clear breakdowns of Next.js cache poisoning, SOAPwn .NET quirks, ETag length leaks, Unicode normalization attacks, ORM injection leaks, novel SSRF redirect chains, and new SSTI error tricks.

Alex Rice, Co-founder and CTO of HackerOne, leads the company's product and security vision. He tackles concerns about using HackerOne data for AI training and explains anonymization and licensing. They discuss PTaaS, agentic tooling that mixes models with human oversight. The conversation also covers bounty benchmarking changes and how researchers can report suspected data leaks.

Quick hits on CSRF and iframe techniques that bypass X-Frame-Options and SameSite cookies. A deep dive into PhoneLeak style data exfiltration using DTMF tones and intent URIs. Discussion of recent bounty program changes and controversy around policy language permitting AI use. Breakdown of cross-consumer attack techniques for tenant-hosted content discovery.

They unpack a Cloudflare ACME zero-day that let WAF rules be bypassed. They explain how List-Unsubscribe headers can be weaponized into SSRF and stored XSS gadgets. Research on breaking Heroku Postgres multi-tenant isolation and parser MIME differentials that lead to cross-browser XSS gets discussed. A curious Claude ‘magic string’ denial-of-service and a mobile WebView-to-RCE chain are also covered.

Episode 159: In this episode of Critical Thinking - Bug Bounty Podcast we sit down with the Google Cloud VRP Team to deep-dive policy and reward changes, what the panel process looks like, and how to best configure for success.Follow us on XGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X:====== Ways to Support CTBBPodcast ======Hop on the CTBB DiscordWe also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Get some hacker swagToday's Sponsor: Join Justin at Zero Trust World in March and get $200 off registration with Code ZTWCTBB26https://ztw.com/Google Cloud VRP Swag Bonus! Mention the podcast in any rewarded (cash or credit) VRP report submission before the end of April to receive bonus swag!Today’s Guests:Darby HopkinsMichael Cote====== This Week in Bug Bounty ======AI Red Teaming Explained by AI Red TeamersGood Faith AI Research Safe HarborJoin the Adobe LHE at NULLCON GOA====== Resources ======‘Legendary Guy’ - Jakub DomerackiGoogle Cloud VRP rewards rulesGoogle Cloud VRP product tiersBug Hunters blog on the 2025 Google Cloud VRP bugSWATGoogle VRP DiscordGoogle VRP on X====== Timestamps ======(00:00:00) Introduction(00:10:03) CloudVRP Bugswat Event Breakdown(00:16:40) VRP Policy & Rewards Changes(00:04:50) Panel Process(01:00:08) Configuring for Success & Avoiding Downgrades(01:33:47) Scenarios for Success

Episode 158: In this episode of Critical Thinking - Bug Bounty Podcast we talk about our personal takeaways from the CTBB Charity Hackalong, and then break down some InsertScript POCs, what a $55,000 bug can look like, and if Smart People Ever Say They’re Smart.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/ ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor: Join Justin at Zero Trust World in March and get $200 off registration with Code ZTWCTBB26https://ztw.com/====== Resources ======InsertScript - XSS Challenge Solutionhttps://insert-script.blogspot.com/2020/03/xss-challenge-solution-refresh-header.htmlInsertScript - Redirect AuthHeaderhttps://www.insert-script.com/examples/redirectAuthHeader/send.htmlCRLF injection on a 302 redirecthttps://x.com/0xdef1ant/status/2009040359482118500Multiple XSS in Meta Conversion API Gateway Leading to Zero-Click Account Takeoverhttps://ysamm.com/uncategorized/2025/01/13/capig-xss.htmlArcanum Hack Tipshttps://github.com/Arcanum-Sec/hack_tipsTrail of Bits Releases Claude Skillshttps://x.com/dguido/status/2011541318229533063what a $55,000 bug can look likehttps://x.com/the_IDORminator/status/2007480636244697237Pwning Claude Code in 8 Different Wayshttps://flatt.tech/research/posts/pwning-claude-code-in-8-different-ways/Do Smart People Ever Say They’re Smart?https://labs.watchtowr.com/do-smart-people-ever-say-theyre-smart-smartertools-smartermail-pre-auth-rce-cve-2025-52691/====== Timestamps ======(00:00:00) Introduction(00:04:18) Technical takeaways from CT Charity Hackalong(00:22:21) InsertScript POCs & Rez0 and teknogeek's IOT Adventures(00:32:16) CRLF injection on a 302 redirect & Multiple XSS in Meta(00:41:00) Trail of Bits, what a $55,000 bug can look like, & Pwning Claude Code(00:54:16) Do Smart People Ever Say They’re Smart?