logo
episode-header-image
Mar 2023
1h 16m

Episode 13: How to Find a Good BBP + Acr...

Justin Gardner (Rhynorater) & Joseph Thacker (Rez0)
About this episode

Episode 13: In this episode of Critical Thinking - Bug Bounty Podcast we talk about how to determine if a bug bounty program is good or not from the policy page. We also cover some news including Acropalypse, ZDI's Pwn2Own Competition, Node's Request library's SSRF Bypass, and a new scanning tool by JHaddix.

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

JHaddix AWSScrape Tool:

https://twitter.com/Jhaddix/status/1637140192728612865?s=20

Acropalypse Links:

https://twitter.com/ItsSimonTime/status/1636857478263750656

https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.html

https://twitter.com/David3141593/status/1638222624084951040

https://twitter.com/David3141593/status/1638293029059477505

SSRF Bypass in NodeJS:

https://blog.doyensec.com/2023/03/16/ssrf-remediation-bypass.html

ZDI's Pwn2Own:

https://twitter.com/thezdi

Kuzu7shiki's Awesome Pixiv Report:

https://hackerone.com/reports/1861974

https://twitter.com/kuzu7shiki

Some of the Programs we talk about:

https://hackerone.com/instacart

https://hackerone.com/semrush

https://hackerone.com/yahoo

https://hackerone.com/paypal

Up next
Jul 10
Episode 130: Minecraft Hacks to Google Hacking Star - Valentino
Episode 130: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by Valentino, who shares his journey from hacking Minecraft to becoming a Google hunter. He talks us through several bugs, including an HTML Sanitizer bypass and .NET deserialization, and high ... Show More
1h 8m
Jul 3
Episode 129: Is this how Bug Bounty Ends?
Episode 129: In this episode of Critical Thinking - Bug Bounty Podcast we chat about the future of hack bots and human-AI collaboration, the challenges posed by tokenization, and the need for cybersecurity professionals to adapt to the evolving landscape of hacking in the age of ... Show More
36m 14s
Jun 26
Episode 128: New Research in Blind SSRF and Self-XSS, and How to Architect Source-code Review AI Bots
Episode 128: In this episode of Critical Thinking - Bug Bounty Podcast we talking Blind SSRF and Self-XSS, as well as Reversing massive minified JS with AI and a wild Google Logo Ligature BugFollow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel fre ... Show More
58m 6s
Recommended Episodes
Mar 2024
Linux Kernel Scheduler Developer | David Vernet
The linux kernel is something we all use but have you ever thought about what goes into it, well today we've got David Vernet on the show who has spent quite a bit of time focusing on one aspect, that being the scheduler. =========Guest Links========== Twitch: https://www.twi ... Show More
1h 55m
Jun 2024
The Linux Distro No One Talks About | René Rebe
Today we have the one and only René Rebe on the show, the developer of T2 SDE one of the very few standalone distros that is severely under represented in the media alongside running 2 youtube channels, Code Therapy and Bits inside ==========Support The Channel========== ► Patreo ... Show More
2h 1m
May 2024
GPT-4o launches, Glue demo, Ohalo breakthrough, Druck's Argentina bet, did Google kill Perplexity?
(0:00) Bestie Intros: Recapping Phil Hellmuth's birthday weekend (7:38) OpenAI launches GPT-4o: better, faster, cheaper (29:40) Sacks demos Glue: How AI unlocked his Slack killer (40:12) Friedberg walks through his major breakthrough at Ohalo (1:01:35) Stanley Druckenmiller bets ... Show More
1h 41m
Feb 2024
E167: Nvidia smashes earnings (again), Google's Woke AI disaster, Groq's LPU breakthrough & more
(0:00) Bestie intros: Banana boat! (2:34) Nvidia smashes expectations again: understanding its terminal value and bull/bear cases in the context of the history of the internet (27:26) Groq's big week, training vs. inference, LPUs vs. GPUs, how to succeed in deep tech (49:37) Goog ... Show More
1h 20m
Jun 2024
20 Years, 1000 Episodes: The Man Behind PodQuiz
We have another bonus episode! In this one, Andrew sits down and talks with James Carter from PodQuiz who began his popular trivia podcast back in 2005. He just published his 1000th episode so Andrew took the opportunity to pick his brain on how he comes up with his questions and ... Show More
59m 30s
Feb 2024
ROLLUP: $ETH 3k! | TradFi Stonks ATHs | $STRK Now Live | Yuga Acquires PROOF
Last Week of February 2024 ------ 🏹 USE PODCAST24 FOR 10% OFF https://bankless.cc/Citizen2024   ------ 📣SUI | Register for Sui Basecamp https://bankless.cc/sui-basecamp    ------ 🎧Listen On Your Favorite Podcast Player:  https://bankless.cc/podcast  ------ BANKLESS SPONSOR TOO ... Show More
1h 10m
Apr 2024
Crainer's Return, Brutally Rating YouTubers and NEW Podcast Together!?
In this SPECIAL episode of two/thirds, Crainer joins us to look back on the best moments of Season 1 and how far we’ve come. We answer questions sent in by viewers and talk through Crainer’s trauma around us talking behind his back in previous episodes. Has Crainer forgiven us? I ... Show More
1h 4m
Jun 2024
How Much AI Will We WWDC?
There was a lot to get into this week! First, Marques, Andrew, and David discuss Instagram testing unskippable ads before getting into some Microsoft Recall news. Then they go deep on what they expect to see from Apple's WWDC 2024 next week. Then we finish it up with a call to ac ... Show More
1h 32m
May 2024
Trump verdict, COVID Cover-up, Crypto Corner, Salesforce drops 20%, AI correction?
(0:00) Bestie Intros: Jason's first show for his new production company (2:15) Why Sacks and Chamath are hosting a Trump fundraiser (18:40) House COVID investigation: findings, cover-up, what's next? (41:36) The Deep State Problem: unelected bureaucrats running three letter agenc ... Show More
1h 47m
Aug 2023
#545 | ダンボールの折り方?
編集担当 | Yo ダンボール、おりまくってたなー。 引用元記事:https://it.impress.co.jp/articles/-/24991 ITわくわくさんのTwitter:https://twitter.com/ITwakuwakusan Shogoのインスタ:https://www.instagram.com/shogoitwakuwaku/ ShogoのTwitter:https://twitter.com/ShogoITwakuwaku Yoのインスタ:https://www.instagram.com/yo__lo__yo/ YoのT ... Show More
11m 15s
Listen to millions of songs and podcasts on Anghami