Episode 48: MVH, DEFCON Black Badge, Googler - Sam Erb
Critical Thinking - Bug Bounty Podcast7 Joulu 2023

Episode 48: MVH, DEFCON Black Badge, Googler - Sam Erb

Episode 48: In this episode, joined by the spectacular Sam Erb, Google Security Engineer and DEFCON Black Badge winner. We talk about the importance of understanding how systems work to find vulnerabilities, and how his engineering background influences his hunting style and methodologies. Then we jump over to his Career Development and his work with Google, and then chat about some of the recent Google Vulnerability Programs.

This episode is sponsored by Wordfence! Wordfence recently launched a game-changer of a bug bounty program with ALL WordPress plugins over 50k installs are in-scope. They are currently paying 6.25x their normal bounty amounts, and have agreed to give CT listeners a 10% bonus on top of that! Head over to https://ctbb.show/wf for more info and keep an eye on the CTBB Discord for inspiration/collabs.

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

—— Links ——

Follow your hosts Rhynorater & Teknogeek on twitter:

—— Ways to Support CTBBPodcast ——

Sign up for Caido using code CTBBPODCAST for a 10% discount.

Hop on the CTBB Discord

Discord premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Today’s Guest:

https://twitter.com/erbbysam

Sam Erbs Static Secret

Security Now Podcast

BIMI:

And

https://bimigroup.org/

Google Device Vulnerability Reward Program Initiatives

Google Invalid Reports

Hacking Google

Transcripts

(00:00:00) Introduction

(00:02:50) Hacker Methodology with Sam Erb

(00:12:20) Balancing Bug Hunting and Personal Life

(00:15:53) Deep Diving on a program and using automation.

(00:27:00) Optimizing Bug Hunting and Understanding Attack Vectors

(00:39:22) Collaboration and Boundaries

(00:45:42) Career Development and Entrepreneurship

(00:55:13) Winning Black Badges at DEFCON

(00:58:02) BufferOver

(01:09:11) Working at Google

(01:19:23) Google Bug Bounty Programs

(01:31:41) BONUS Cool Bugs

Tämä jakso on lisätty Podme-palveluun avoimen RSS-syötteen kautta eikä se ole Podmen omaa tuotantoa. Siksi jakso saattaa sisältää mainontaa.

Jaksot(180)

Episode 180: State of Bug Bounty Maturity Posture Report

Episode 180: State of Bug Bounty Maturity Posture Report

Episode 180: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Steve Hernandez, founder of the Bug Bounty Maturity Framework (BBMF), to walk us through the inaugural State of B...

25 Kesä 1h 12min

Episode 179: Maintaining Motivation in Post-AI Bug Bounty World

Episode 179: Maintaining Motivation in Post-AI Bug Bounty World

Episode 179: In this episode of Critical Thinking - Bug Bounty Podcast we talk about how to stay motivated and keep the vibes strong during this trying time for Bug Bounty.Follow us on twitter at: htt...

18 Kesä 46min

Episode 178: 600k in ~3 months - BruteCat pt 2

Episode 178: 600k in ~3 months - BruteCat pt 2

Episode 178: In this episode of Critical Thinking - Bug Bounty Podcast we’re back with BruteCat to finish up our discussion on hacking Google. This week we hit AI.Follow us on twitter at: https://x.co...

11 Kesä 1h 23min

Episode 177: 2x Google RCE with VRP Legend Brutecat

Episode 177: 2x Google RCE with VRP Legend Brutecat

Episode 177: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by BruteCat to talk about his journey hacking Google Cloud, Gmail, Youtube, and Google Phone.Follow us on twitter at...

4 Kesä 1h 25min

Episode 176: 600+ CVEs on Adobe AEM with Jim Green (GreenJam)

Episode 176: 600+ CVEs on Adobe AEM with Jim Green (GreenJam)

Episode 176: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by top Adobe hacker Jim Green to deep-dive AEM. We talk through Sling selectors, Permissions, and how to spot AEM Re...

28 Touko 1h 50min

Episode 175: Rhyno’s Hackbot Setup, Sick Bugs, and ZDI Drama

Episode 175: Rhyno’s Hackbot Setup, Sick Bugs, and ZDI Drama

Episode 175: In this episode of Critical Thinking - Bug Bounty Podcast we’re comparing Hackbot setups and results. We also talk about some of the recent ZDI drama, as well as the importance of freakin...

21 Touko 49min

Episode 174: Saving Bug Bounty Programs + AMPScript, tessl & GPT-5.5

Episode 174: Saving Bug Bounty Programs + AMPScript, tessl & GPT-5.5

Episode 174: In this episode of Critical Thinking - Bug Bounty Podcast we follow up from last episode with some advice for BB platforms, as well as cover a slew of writeups from Searchlight Cyber, wat...

14 Touko 1h 9min

Episode 173: Bug Bounty is Dead and AI Killed it.

Episode 173: Bug Bounty is Dead and AI Killed it.

Episode 173: In this episode of Critical Thinking - Bug Bounty Podcast we’re talking about the negative effects that AI is having on the Bug Bounty scene as a whole. Is it over, or are we so back?Foll...

7 Touko 1h 1min