logo
episode-header-image
Nov 20
1h 2m

Episode 149: DEFCON Debrief: AI Vulns, U...

Justin Gardner (Rhynorater) & Joseph Thacker (Rez0)
About this episode

Episode 149: In this episode of Critical Thinking - Bug Bounty Podcast The DEFCON videos are up, and Justin and Joseph talk through some of their favorites.

Follow us on X

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater, rez0 and gr3pme on X:

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

====== Resources ======

Unicode surrogates conversion

Prompt. Scan. Exploit

Breaking into thousands of cloud based VPNs with 1 bug

Examining Access Control Vulnerabilities in GraphQL

Smart Bus Smart Hacking

Passkeys Pwned

Bypassing Intent Destination Checks

Gemini Agents in Google Calendar

Exploitation of DOM Clobbering Vuln at Scale

TheHulk

Smart Devices, Dumb Resets

Mac PRT Cookie Theft

====== Timestamps ======

(00:00:00) Introduction

(00:10:10) Prompt. Scan. Exploit

(00:23:52) Breaking into thousands of cloud based VPNs with 1 bug

(00:33:25) Access Control Vulns in GraphQL, Smart Bus Hacking, & Passkeys Pwned

(00:44:10) Bypassing Intent Destination Checks & Invoking Gemini Agents

(00:57:08) DOM Clobbering, Mac PRT Cookie Theft, & Smart Devices, Dumb Resets

Up next
Nov 13
Episode 148: MCP Hacking Guide
Episode 148: In this episode of Critical Thinking - Bug Bounty Podcast Justin gives us a crash course on Model Context Protocol.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io ... Show More
32m 26s
Nov 6
Episode 147: Stupid Simple Hacking Workflow Tips
Episode 147: In this episode of Critical Thinking - Bug Bounty Podcast we're talking tips and tricks that help us in hacking that we really should’ve learned sooner.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback ... Show More
58m 48s
Oct 30
Episode 146: Hacking Horror Stories
Episode 146: In this episode of Critical Thinking - Bug Bounty Podcast Justin, Joseph, and Brandyn all sit down to celebrate the spooky season by swapping their scariest bug stories. From frightening fails and firings to hacks with chilling and critical consequences. Grab your fl ... Show More
1h 50m
Recommended Episodes
Mar 2016
Episode 214: 214: Atrophic Cohost
<p>Sean, Kyle, and a chorus of small frogs discuss the Game Developers Conference, eating alone, atrophic organs, Slack vs Basecamp, the cost of abstractions, and tips for adding new team members.</p> <p><a href="http://braintreepayments.com/railspodcast">Braintree</a>: An easy w ... Show More
1h 23m
Sep 14
455: The Chicken Killer | The Official Podcast
Get 25% off HelixSleep sitewide: go to https://www.helixsleep.com/official Get 25% off your Fitbod subscription or try the app for free: go to https://www.fitbod.me/official Get additional episodes and bonus content with early access (try now with 7 DAYS FREE): go to https://www. ... Show More
1h 41m
Aug 13
How to Prompt GPT-5
Nearly a week into the GPT-5 era, users are still divided on its quality—but one thing’s clear: it’s more steerable than any previous model, and prompts make or break results. In this episode, we cut through the debate and share 11 practical prompting techniques you can use right ... Show More
29m 42s
Sep 29
#521: Red Teaming LLMs and GenAI with PyRIT
English is now an API. Our apps read untrusted text; they follow instructions hidden in plain sight, and sometimes they turn that text into action. If you connect a model to tools or let it read documents from the wild, you have created a brand new attack surface. In this episode ... Show More
1h 2m
Feb 2025
Freaky Friday: Episode 150
My Dog Found a Dead Body; Getting Away Twice; Precognitive Phenomena? And the Work Conference from Hell; Tales from the Night Shift; Knock, Knock, Knock; and The Time my Dog Caught a Fugitive. Get your fan code today, and grab your tickets starting Feb. 7 to join us for CrimeWave ... Show More
1h 8m
Jan 2025
10 Tools To Make 2025 Your Best Year Yet: Habits & Mindset Shifts Ft. Michael & Lauryn Bosstick
#792: New Year, New Goals – Make 2025 Your Best Year Yet! Join Michael & Lauryn Bosstick as they sit down to discuss their goals & intentions for the New Year, sharing actionable habits & meaningful changes to inspire your own journey. They cover everything from setting personal ... Show More
48m 25s
Feb 2025
96. Love is Blind S8 Eps. 1-6 Recap: Most Boring Season Yet?!
00:00 - LiB S8 Eps 1-6 Initial Reactions 09:10 - Early Season 8 Favorites 49:15 - Competing for Screen Time on LiB 55:39 - Episode 6 Cliffhanger Theories This episode is sponsored by: - Bumble: Wanna date on your terms? Date your way, on Bumble.  - Allara Health: Allara Health: G ... Show More
1h 4m
Listen to millions of songs and podcasts on Anghami