Episode 159: Avoiding Downgrades on Google Cloud VRP with Cote and Darby Hopkins
Critical Thinking - Bug Bounty Podcast29 Tammi

Episode 159: Avoiding Downgrades on Google Cloud VRP with Cote and Darby Hopkins

Episode 159: In this episode of Critical Thinking - Bug Bounty Podcast we sit down with the Google Cloud VRP Team to deep-dive policy and reward changes, what the panel process looks like, and how to best configure for success.


Follow us on X


Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io


Shoutout to YTCracker for the awesome intro music!


====== Links ======


Follow your hosts Rhynorater, rez0 and gr3pme on X:


====== Ways to Support CTBBPodcast ======


Hop on the CTBB Discord


We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.


Get some hacker swag


Today's Sponsor: Join Justin at Zero Trust World in March and get $200 off registration with Code ZTWCTBB26

https://ztw.com/


Google Cloud VRP Swag Bonus! Mention the podcast in any rewarded (cash or credit) VRP report submission before the end of April to receive bonus swag!


Today’s Guests:

Darby Hopkins

Michael Cote


====== This Week in Bug Bounty ======

AI Red Teaming Explained by AI Red Teamers


Good Faith AI Research Safe Harbor


Join the Adobe LHE at NULLCON GOA


====== Resources ======


‘Legendary Guy’ - Jakub Domeracki


Google Cloud VRP rewards rules


Google Cloud VRP product tiers


Bug Hunters blog on the 2025 Google Cloud VRP bugSWAT


Google VRP Discord


Google VRP on X


====== Timestamps ======


(00:00:00) Introduction

(00:10:03) CloudVRP Bugswat Event Breakdown

(00:16:40) VRP Policy & Rewards Changes

(00:04:50) Panel Process

(01:00:08) Configuring for Success & Avoiding Downgrades

(01:33:47) Scenarios for Success

Jaksot(165)

Episode 157: Crushing Pwn2Own & H1 with Kernel Driver Exploits

Episode 157: Crushing Pwn2Own & H1 with Kernel Driver Exploits

Episode 157: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Hypr to talk about hacking Mediatek and his experiences with HackerOne and Pwn2Own Ecosystems.Follow us on twitte...

15 Tammi 1h 34min

Episode 156: Chill AMA from bugbounty.forum

Episode 156: Chill AMA from bugbounty.forum

Episode 156: In this episode of Critical Thinking - Bug Bounty Podcast we answer some fantastic questions from over at bugbounty.forumFollow us on twitter at: https://x.com/ctbbpodcastGot any ideas an...

8 Tammi 1h 23min

Episode 155: 2025 Hacker Stats & 2026 Goals

Episode 155: 2025 Hacker Stats & 2026 Goals

Episode 155: In this episode of Critical Thinking - Bug Bounty Podcast Justin, Joseph, and Brandyn reflect on last year of Bug Bounty, and list their goals and predictions for what 2026 holds.Follow u...

1 Tammi 1h 32min

Episode 154: Starting a Pentesting Company on Top of Bug Bounty

Episode 154: Starting a Pentesting Company on Top of Bug Bounty

Episode 154: In this episode of Critical Thinking - Bug Bounty Podcast Joseph and Brandyn talk through the transition from Bug Bounty hunting to Pentesting. We cover diversifying income streams, the c...

25 Joulu 202541min

Episode 153: Hacking the Robots of the Future: Hardware, AI, and Bug Bounties with Matt Brown

Episode 153: Hacking the Robots of the Future: Hardware, AI, and Bug Bounties with Matt Brown

Episode 153: In this episode of Critical Thinking - Bug Bounty Podcast Matt Brown returns to talk with us about hacking robots, IOT hackbots, and his Zero-to-Hero Hardware Hacking Guide.Follow us on t...

18 Joulu 20251h 16min

Episode 152: GeminiJack and Agentic Security with Sasi Levi

Episode 152: GeminiJack and Agentic Security with Sasi Levi

Episode 152: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Sasi Levi from Noma Security to talk about AI and Agentic Security. We also talk about ForcedLeak, a Google Verte...

11 Joulu 20251h 21min

Episode 151: Client-side Advanced Topics

Episode 151: Client-side Advanced Topics

Episode 151: In this episode of Critical Thinking - Bug Bounty Podcast we’re covering Client-side advanced topics. Justin talks Joseph (and us) through Third-Party Cookie Nuances, Iframe Tricks, URL P...

4 Joulu 20251h 7min

Episode 150: ASP.NET MVC Patterns, Popping Oracle Identity, and Esoteric Subdomain Enumeration

Episode 150: ASP.NET MVC Patterns, Popping Oracle Identity, and Esoteric Subdomain Enumeration

Episode 150: In this episode of Critical Thinking - Bug Bounty Podcast we're highlighting some cool news and research, but not before expressing our gratitude to the Hacker community. We are so thankf...

27 Marras 202557min