Episode 161: Cross-Consumer Attacks & DTMF Tone Exfil
Critical Thinking - Bug Bounty Podcast12 Helmi

Episode 161: Cross-Consumer Attacks & DTMF Tone Exfil

Episode 161: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gives us some quick hits regarding CSRF and Cross Consumer Attacks, and also touches on some breaking questions surrounding HackerOne


Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!



====== Links ======

Follow your hosts Rhynorater, rez0 and gr3pme on X:

https://x.com/Rhynorater

https://x.com/rez0__

https://x.com/gr3pme


Critical Research Lab:

https://lab.ctbb.show/


====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!


We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.


You can also find some hacker swag at https://ctbb.show/merch!


Today's Sponsor: Join Justin at Zero Trust World in March and get $200 off registration with Code ZTWCTBB26

https://ztw.com/


====== This Week in Bug Bounty ======


AS Watson

https://app.intigriti.com/programs/aswatson/watsons/detail


YesWeHack 2026 Report

https://choose.yeswehack.com/bug-bounty-report-2026-trends-and-key-insights-yeswehack?utm_source=youtube&utm_medium=sponsor-critical-thinking&utm_campaign=yeswehack-report-2026


====== Resources ======


PhoneLeak: Data Exfiltration in Gemini via Phone Call

https://blog.starstrike.ai/posts/phoneleak-data-exfiltration-in-gemini-via-phone-call/


Max's Tweet about decreasing bounties

https://x.com/0xw2w/status/2020788164378427483


HackerOne General Terms and Conditions

https://www.hackerone.com/terms/general


Research Review #-2: RCE in Google's AI code editor Antigravity (sudi)

https://www.youtube.com/watch?v=JqvJSF2UMyY


====== Timestamps ======

(00:00:00) Introduction

(00:03:26) YesWeHack 2026 Report

(00:09:12) CSRF Realizations & Data Exfiltration in Gemini via Phone Call

(00:14:38) 7urb0's Youtube, HackerOne decreasing bounties and Section 3.1 controversy.

(00:19:06) Cross Consumer Attacks



Jaksot(162)

Episode 106: Announcing our new cohost...

Episode 106: Announcing our new cohost...

Episode 106: In this episode of Critical Thinking - Bug Bounty Podcast we are pleased to announce our new co-host of the podcast: Joseph Thacker Aka Rez0! We discuss Joseph's transition to full-time b...

16 Tammi 202558min

Episode 105: Best Critical Thinking Moments from 2024

Episode 105: Best Critical Thinking Moments from 2024

Episode 105: In this episode of Critical Thinking - Bug Bounty Podcast we're back with another Best-of episode recapping some of our top moments of 2024.Follow us on twitter at: @ctbbpodcastSsend us a...

9 Tammi 20252h 17min

Episode 104: 2024 Hacker Stats & 2025 Goals

Episode 104: 2024 Hacker Stats & 2025 Goals

Episode 104: In this episode of Critical Thinking - Bug Bounty Podcast Justin reflects upon the past year and walks through some of the bug bounty goals he had for 2024, and how he feels like he did. ...

2 Tammi 202529min

Episode 103: Getting ANSI about Unicode Normalization

Episode 103: Getting ANSI about Unicode Normalization

Episode 103: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph delve into the vulnerabilities associated with ANSI codes and large language models (LLMs), as well as talk thr...

26 Joulu 20241h

Episode 102: Building Web Hacking Micro Agents with Jason Haddix

Episode 102: Building Web Hacking Micro Agents with Jason Haddix

Episode 102: In this episode of Critical Thinking - Bug Bounty Podcast Justin grabs Jason Haddix to help brainstorm the concept of AI micro-agents in hacking, particularly in terms of web fuzzing, WAF...

19 Joulu 20241h 2min

Episode 101: CTBB Hijacked: Rez0__ on AI Attack Vectors with Johann Rehberger

Episode 101: CTBB Hijacked: Rez0__ on AI Attack Vectors with Johann Rehberger

Episode 101: In this episode of Critical Thinking - Bug Bounty Podcast we’ve been hijacked! Rez0 takes control of this episode, and sits down with Johann Rehberger to discuss the intricacies of AI app...

12 Joulu 202451min

Ep 100 - 8 Fav Bugs of 2024, Farewell Joel, Hello Shift - Cursor of Hacking

Ep 100 - 8 Fav Bugs of 2024, Farewell Joel, Hello Shift - Cursor of Hacking

Episode 100: In this episode of Critical Thinking - Bug Bounty Podcast we have a mixed bag. We celebrate 100 episodes of Critical Thinking, but also bid farewell to Joel, who will be leaving the show ...

5 Joulu 20241h 41min

Episode 99: Back to the Basics - Web Fundamental to 100k a Year in Bug Bounty

Episode 99: Back to the Basics - Web Fundamental to 100k a Year in Bug Bounty

Episode 99: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Roni dissect an old thread of Justin's talking about how best to start bug bounty with the goal of making $100k in the ...

28 Marras 20241h 42min