Episode 162: HackerOne Training AI on Bug Bounty Data?
Critical Thinking - Bug Bounty Podcast19 Helmi

Episode 162: HackerOne Training AI on Bug Bounty Data?

Episode 162: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph sit down with HackerOne Founder & CTO Alex Rice to discuss concerns of Using Hacker Data for AI and decreasing bounties.


Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!



====== Links ======

Follow your hosts Rhynorater, rez0 and gr3pme on X:

https://x.com/Rhynorater

https://x.com/rez0__

https://x.com/gr3pme


Critical Research Lab:

https://lab.ctbb.show/


====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!


We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.


You can also find some hacker swag at https://ctbb.show/merch!


Today's Sponsor: Join Justin at Zero Trust World in March and get $200 off registration with Code ZTWCTBB26

https://ztw.com/


Today’s Guest: https://x.com/senorarroz


====== This Week in Bug Bounty ======


XML external entity: The ultimate Bug Bounty guide to exploiting XXE vulnerabilities

https://www.yeswehack.com/learn-bug-bounty/xml-external-entity-guide-xxe?utm_source=Critical_Thinking&utm_medium=Youtube&utm_campaign=XXE_Critical_Thinking&utm_id=XXE_CT


Bug Bounty Maturity Framework

https://bugbountymaturity.com/


====== Resources ======

Confidential Information and Confidentiality Obligations

https://www.hackerone.com/terms/general#:~:text=HackerOne%20may%20use%20Confidential%20Information%20to%20develop%20and/or%20improve%20its%20Services%20(for%20example%2C%20to%20identify%20trends%2C%20and%20to%20train%20AI%20models)%20provided%20such%20use%20does%20not%20result%20in%20disclosure%20of%20Confidential%20Information%20to%20unauthorized%20third%20parties


Ownership and Licenses

https://www.hackerone.com/terms/community#:~:text=8.%20Ownership%20and%20Licenses


I argued with an AI regarding HackerOne using Hacker reports to train PtaaS

https://bugbounty.forum/post/183ff0fc-eb9e-47f8-991d-c0aa5b0bba71


HackerOne PTaaS (likely training their AI on private reports data)

https://www.reddit.com/r/bugbounty/comments/1r5hixk/hackerone_ptaas_likely_training_their_ai_on/


What Makes Agentic PTaaS Different in Real Environments

https://www.hackerone.com/blog/agentic-penetration-testing-as-a-service#:~:text=Our%20agents%20are,real%20enterprise%20constraints


====== Timestamps ======

(00:00:00) Introduction

(00:08:44) HackerOne AI Terms of Service

(00:24:56) Agentic PTaaS

(00:38:09) Selling data

(00:43:49) Decrease in Bounties

Jaksot(162)

Episode 10: The Life of a Full-Time Bug Bounty Hunter + BB News + Reports from Mentees

Episode 10: The Life of a Full-Time Bug Bounty Hunter + BB News + Reports from Mentees

Episode 10: In this episode of Critical Thinking - Bug Bounty Podcast we talk about what its like to be a full-time bug bounty hunter, a tonne of bug bounty news, and some great report summaries from ...

9 Maalis 20231h 16min

Episode 9: Headless Browser SSRF & RebindMultiA Tool Release + Web3 Bug

Episode 9: Headless Browser SSRF & RebindMultiA Tool Release + Web3 Bug

Episode 9: In this episode of Critical Thinking - Bug Bounty Podcast we talk about Headless Browser SSRF and drop a tool called RebindMultiA. Joel also walks us through a web3 bug and we cover some bu...

2 Maalis 20231h 8min

Episode 8: PostMessage Bugs, CSS Injection, and Bug Drops

Episode 8: PostMessage Bugs, CSS Injection, and Bug Drops

Episode 8: In this episode of Critical Thinking - Bug Bounty Podcast we drop some critical bugs which leak raw credit card info. We also discuss some CSS Injection & PostMessage related techniques. It...

22 Helmi 202335min

Episode 7: PortSwigger Top 10, TruffleSecurity Drama, and More!

Episode 7: PortSwigger Top 10, TruffleSecurity Drama, and More!

Episode 7: In this episode of Critical Thinking - Bug Bounty Podcast we talk about PortSwigger's Top 10 Web Hacking Techniques of 2022 (link below), some drama surrounding TruffleSecurity's XSS Hunter...

16 Helmi 202356min

Episode 6: Mobile Hacking Attack Vectors with Teknogeek (Joel Margolis)

Episode 6: Mobile Hacking Attack Vectors with Teknogeek (Joel Margolis)

Episode 6: In this episode of Critical Thinking - Bug Bounty Podcast we sit down with mobile hacking legend Joel Margolis and get the scoop on his approach to popping bugs on Android.Follow us on twit...

9 Helmi 20231h 39min

Episode 4: H1-407 Event Madness & Takeaways Part 2 w/ Special Guest Spaceraccoon

Episode 4: H1-407 Event Madness & Takeaways Part 2 w/ Special Guest Spaceraccoon

Episode 4: In this episode of Critical Thinking - Bug Bounty Podcast we have part two of our series on the H1-407 HackerOne Live Hacking Event. This time, we have a special guest SpaceRaccoon (@spacer...

2 Helmi 202345min

Episode 5: AI Security, Hacking WiFi, the New XSS Hunter, and more

Episode 5: AI Security, Hacking WiFi, the New XSS Hunter, and more

Episode 5: In this episode of Critical Thinking - Bug Bounty Podcast we talk about the new XSS Hunter, MD5 collisions and using ChatGPT for security, and much more!Follow us on twitter at: @ctbbpodcas...

2 Helmi 202353min

Episode 3: H1-407 Event Madness & Takeaways Part 1

Episode 3: H1-407 Event Madness & Takeaways Part 1

Episode 3: In this episode of Critical Thinking - Bug Bounty Podcast we talk about some of the interesting things we’ve learned from participating in HackerOne's H1-407 Live Hacking event. We cover de...

26 Tammi 202345min