Episode 71: More VDP Chats & AI Bias Bounty Strats with Keith Hoodlet
Critical Thinking - Bug Bounty Podcast16 Touko 2024

Episode 71: More VDP Chats & AI Bias Bounty Strats with Keith Hoodlet

Episode 71: In this episode of Critical Thinking - Bug Bounty Podcast Keith Hoodlet joins us to weigh in on the VDP Debate. He shares some of his insights on when VDPs are appropriate in a company's security posture, and the challenges of securing large organizations. Then we switch gears and talk about AI bias bounties, where Keith explains the approach he takes to identify bias in chatbots and highlights the importance of understanding human biases and heuristics to better hack AI.

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.

Today's Sponsor - Project Discovery: https://nux.gg/podcast

Today’s guest: Keith Hoodlet

https://securing.dev/

Resources:

Daniel Miessler's article about the security poverty line

https://danielmiessler.com/p/the-cybersecurity-skills-gap-is-another-instance-of-late-stage-capitalism/

Hacking AI Bias

https://securing.dev/posts/hacking-ai-bias/

Hacking AI Bias Video

https://youtu.be/AeFZA7xGIbE?si=TLQ7B3YtzPWXS4hq

Sarah's Hoodlet's new book

https://sarahjhoodlet.com

Link to Amazon Page

https://a.co/d/c0LTM8U

Timestamps:

(00:00:00) Introduction

(00:04:09) Keith's Appsec Journey

(00:16:24) The Great VDP Debate Redux

(00:47:18) Platform/Hunter Incentives and Government Regulation

(01:06:24) AI Bias Bounties

(01:26:27) AI Techniques and Bugcrowd Contest

Jaksot(166)

Episode 94: Zendesk Fiasco & the CTBB Naughty List

Episode 94: Zendesk Fiasco & the CTBB Naughty List

Episode 94: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel give their perspectives on the recent Zendesk fiasco and the ethical considerations surrounding it. They also high...

24 Loka 202449min

Episode 93: A Chat with Dr. Bouman - Life as a Hacker and a Doctor

Episode 93: A Chat with Dr. Bouman - Life as a Hacker and a Doctor

Episode 93: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Dr. Jonathan Bouman to discuss his unique journey as both a Hacker and a Healthcare Professional. We talk through ...

17 Loka 20241h 41min

Episode 92 - SAML XPath Confusion, Chinese DNS Poisoning, and AI Powered 403 Bypasser

Episode 92 - SAML XPath Confusion, Chinese DNS Poisoning, and AI Powered 403 Bypasser

Episode 92: In this episode of Critical Thinking - Bug Bounty Podcast In this episode Justin and Joel tackle a host of new research and write-ups, including Ruby SAML, 0-Click exploits in MediaTek Wi-...

10 Loka 202447min

Episode 91: Zero to LHE in 9 Months (feat gr3pme)

Episode 91: Zero to LHE in 9 Months (feat gr3pme)

Episode 91: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner sits down with Critical Thinking’s own HackerNotes writer Brandyn Murtagh (gr3pme) to talk about his journey with B...

3 Loka 20241h 22min

Episode 90: 5k Clickjacking, Encryption Oracles, and Cursor for PoCs

Episode 90: 5k Clickjacking, Encryption Oracles, and Cursor for PoCs

Episode 90: In this episode of Critical Thinking - Bug Bounty Podcast Joel and Justin recap some of their recent hacking ups and downs and have a lively chat about Cursor. Then they cover some some re...

26 Syys 202451min

Episode 89: The Untapped Bug Bounty Landscape of IoT w/ Matt Brown

Episode 89: The Untapped Bug Bounty Landscape of IoT w/ Matt Brown

Episode 89: In this episode of Critical Thinking - Bug Bounty Podcast We’re joined live by Matt Brown to talk about his journey with hacking in the IoT. We cover the specializations and challenges in ...

19 Syys 20241h 58min

Episode 88: News, Tools, and Writeups

Episode 88: News, Tools, and Writeups

Episode 88: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel tackle a whole slate of new research including a new cheat sheet for URL validation bypass from Portswigger, the i...

12 Syys 20241h 6min

Episode 87: 'Hacker Wife' Mariah Gardner on Bug Bounty mentality and relationships

Episode 87: 'Hacker Wife' Mariah Gardner on Bug Bounty mentality and relationships

Episode 87: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with none other than his wife Mariah to talk about Bug Bounty from the perspective of a Significant Other. They s...

5 Syys 20241h 26min