Episode 162: HackerOne Training AI on Bug Bounty Data?
Critical Thinking - Bug Bounty Podcast19 Feb

Episode 162: HackerOne Training AI on Bug Bounty Data?

Episode 162: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph sit down with HackerOne Founder & CTO Alex Rice to discuss concerns of Using Hacker Data for AI and decreasing bounties.


Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!



====== Links ======

Follow your hosts Rhynorater, rez0 and gr3pme on X:

https://x.com/Rhynorater

https://x.com/rez0__

https://x.com/gr3pme


Critical Research Lab:

https://lab.ctbb.show/


====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!


We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.


You can also find some hacker swag at https://ctbb.show/merch!


Today's Sponsor: Join Justin at Zero Trust World in March and get $200 off registration with Code ZTWCTBB26

https://ztw.com/


Today’s Guest: https://x.com/senorarroz


====== This Week in Bug Bounty ======


XML external entity: The ultimate Bug Bounty guide to exploiting XXE vulnerabilities

https://www.yeswehack.com/learn-bug-bounty/xml-external-entity-guide-xxe?utm_source=Critical_Thinking&utm_medium=Youtube&utm_campaign=XXE_Critical_Thinking&utm_id=XXE_CT


Bug Bounty Maturity Framework

https://bugbountymaturity.com/


====== Resources ======

Confidential Information and Confidentiality Obligations

https://www.hackerone.com/terms/general#:~:text=HackerOne%20may%20use%20Confidential%20Information%20to%20develop%20and/or%20improve%20its%20Services%20(for%20example%2C%20to%20identify%20trends%2C%20and%20to%20train%20AI%20models)%20provided%20such%20use%20does%20not%20result%20in%20disclosure%20of%20Confidential%20Information%20to%20unauthorized%20third%20parties


Ownership and Licenses

https://www.hackerone.com/terms/community#:~:text=8.%20Ownership%20and%20Licenses


I argued with an AI regarding HackerOne using Hacker reports to train PtaaS

https://bugbounty.forum/post/183ff0fc-eb9e-47f8-991d-c0aa5b0bba71


HackerOne PTaaS (likely training their AI on private reports data)

https://www.reddit.com/r/bugbounty/comments/1r5hixk/hackerone_ptaas_likely_training_their_ai_on/


What Makes Agentic PTaaS Different in Real Environments

https://www.hackerone.com/blog/agentic-penetration-testing-as-a-service#:~:text=Our%20agents%20are,real%20enterprise%20constraints


====== Timestamps ======

(00:00:00) Introduction

(00:08:44) HackerOne AI Terms of Service

(00:24:56) Agentic PTaaS

(00:38:09) Selling data

(00:43:49) Decrease in Bounties

Episoder(165)

Episode 69: Johan Carlsson - 3 Month Check-in on Full-time Bug Bounty.

Episode 69: Johan Carlsson - 3 Month Check-in on Full-time Bug Bounty.

Episode 69: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Johan Carlsson to hear about some updates on his bug hunting journey. We deep-dive a CSP bypass he found in GitHub...

2 Mai 20241h 49min

Episode 68: 0-days & HTMX-SS with Mathias

Episode 68: 0-days & HTMX-SS with Mathias

Episode 68: In this episode of Critical Thinking - Bug Bounty Podcast Mathias is back with some fresh HTMX research, including CSP bypass using HTMX triggers, converting client-side response header in...

25 Apr 20241h 3min

Episode 67: VDPs & Accidental Program VS Hacker Debate Part 2

Episode 67: VDPs & Accidental Program VS Hacker Debate Part 2

Episode 67: In this episode of Critical Thinking - Bug Bounty Podcast we deepdive on the topic of Vulnerability Disclosure Programs (VDPs) and whether they are beneficial or not. We also touch on the ...

18 Apr 20241h 19min

Episode 66: CDN-CGI Research, Intent To Ship, and Louis Vuitton

Episode 66: CDN-CGI Research, Intent To Ship, and Louis Vuitton

Episode 66: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel discuss the recent YesWeHack Louis Vuitton LHE, the importance of failure as growth in bug bounty, and Justin shar...

11 Apr 202458min

Episode 65: Motivation and Methodology with Sam Curry (Zlz)

Episode 65: Motivation and Methodology with Sam Curry (Zlz)

Episode 65: In this episode of Critical Thinking - Bug Bounty Podcast we sit down with Sam Curry to discuss the ethical considerations and effectiveness of hacking, the importance of good intent, and ...

4 Apr 20242h 29min

Episode 64: .NET Remoting, CDN Attack Surface, and Recon vs Main App

Episode 64: .NET Remoting, CDN Attack Surface, and Recon vs Main App

Episode 64: In this episode of Critical Thinking - Bug Bounty Podcast we talk about Justin and Joel delve into .NET remoting and how it can be exploited, a recent bypass in the Dom Purify library and ...

28 Mar 20241h 8min

Episode 63: JHaddix Returns

Episode 63: JHaddix Returns

Episode 63: In this episode of Critical Thinking - Bug Bounty Podcast we welcome back Jason Haddix (From Episode 12) to talk about some updates to his The Bug Hunter's Methodology, as well as his own ...

21 Mar 20241h 21min

Episode 62: Frontend Language Oddities

Episode 62: Frontend Language Oddities

Episode 62: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel are back with some additional research resources that didn’t make the Portswigger Top-Ten, but that are worth look...

14 Mar 202458min

Populært innen Teknologi

lydartikler-fra-aftenposten
romkapsel
teknisk-sett
smart-forklart
energi-og-klima
rss-ki-praten
nasjonal-sikkerhetsmyndighet-nsm
rss-impressions-2
shifter
tomprat-med-gunnar-tjomlid
elektropodden
rss-praktisk-proptech
hans-petter-og-co
rss-ki-til-kaffen
teknologi-og-mennesker
i-loopen
pedagogisk-intelligens
rss-for-alarmen-gar
rss-digitaliseringspadden
rss-ai-forklart