Episode 162: HackerOne Training AI on Bug Bounty Data?
Critical Thinking - Bug Bounty Podcast19 Feb

Episode 162: HackerOne Training AI on Bug Bounty Data?

Episode 162: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph sit down with HackerOne Founder & CTO Alex Rice to discuss concerns of Using Hacker Data for AI and decreasing bounties.


Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!



====== Links ======

Follow your hosts Rhynorater, rez0 and gr3pme on X:

https://x.com/Rhynorater

https://x.com/rez0__

https://x.com/gr3pme


Critical Research Lab:

https://lab.ctbb.show/


====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!


We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.


You can also find some hacker swag at https://ctbb.show/merch!


Today's Sponsor: Join Justin at Zero Trust World in March and get $200 off registration with Code ZTWCTBB26

https://ztw.com/


Today’s Guest: https://x.com/senorarroz


====== This Week in Bug Bounty ======


XML external entity: The ultimate Bug Bounty guide to exploiting XXE vulnerabilities

https://www.yeswehack.com/learn-bug-bounty/xml-external-entity-guide-xxe?utm_source=Critical_Thinking&utm_medium=Youtube&utm_campaign=XXE_Critical_Thinking&utm_id=XXE_CT


Bug Bounty Maturity Framework

https://bugbountymaturity.com/


====== Resources ======

Confidential Information and Confidentiality Obligations

https://www.hackerone.com/terms/general#:~:text=HackerOne%20may%20use%20Confidential%20Information%20to%20develop%20and/or%20improve%20its%20Services%20(for%20example%2C%20to%20identify%20trends%2C%20and%20to%20train%20AI%20models)%20provided%20such%20use%20does%20not%20result%20in%20disclosure%20of%20Confidential%20Information%20to%20unauthorized%20third%20parties


Ownership and Licenses

https://www.hackerone.com/terms/community#:~:text=8.%20Ownership%20and%20Licenses


I argued with an AI regarding HackerOne using Hacker reports to train PtaaS

https://bugbounty.forum/post/183ff0fc-eb9e-47f8-991d-c0aa5b0bba71


HackerOne PTaaS (likely training their AI on private reports data)

https://www.reddit.com/r/bugbounty/comments/1r5hixk/hackerone_ptaas_likely_training_their_ai_on/


What Makes Agentic PTaaS Different in Real Environments

https://www.hackerone.com/blog/agentic-penetration-testing-as-a-service#:~:text=Our%20agents%20are,real%20enterprise%20constraints


====== Timestamps ======

(00:00:00) Introduction

(00:08:44) HackerOne AI Terms of Service

(00:24:56) Agentic PTaaS

(00:38:09) Selling data

(00:43:49) Decrease in Bounties

Episoder(167)

Episode 55: Popping WordPress Plugins - Methodology Braindump

Episode 55: Popping WordPress Plugins - Methodology Braindump

Episode 55: In this episode of Critical Thinking - Bug Bounty Podcast, Justin is joined by Wordpress Security Researcher Ram Gall to discuss both functionality and vulnerabilities within Wordpress Plu...

25 Jan 20241h 44min

Episode 54: White Box Formulas - Vulnerable Coding Patterns

Episode 54: White Box Formulas - Vulnerable Coding Patterns

Episode 54: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel are back with news items and new projects. Joel shares about his personal scraping project to gather data on bug b...

18 Jan 20241h 12min

Episode 53: 500k/yr as Full-Time Bug Hunter & Content Creator - Nahamsec

Episode 53: 500k/yr as Full-Time Bug Hunter & Content Creator - Nahamsec

Episode 53: In this episode of Critical Thinking - Bug Bounty Podcast,we’re joined by none other than NahamSec. We start by discusses the challenges he faced on his journey in bug bounty hunting and c...

11 Jan 20241h 40min

Episode 52: Best Technical Content from Year 1 of CTBB Podcast

Episode 52: Best Technical Content from Year 1 of CTBB Podcast

Episode 52: In this episode of Critical Thinking - Bug Bounty Podcast we're going back and highlighting some of the best technical moments from the past year! Hope you enjoy this best of 2023 Supercut...

4 Jan 20243h

Episode 51: Hacker Stats 2023 & 2024 Goals

Episode 51: Hacker Stats 2023 & 2024 Goals

Episode 51: In this episode of Critical Thinking - Bug Bounty Podcast, Justin and Joel are back for the last episode of 2023. We discuss some noteworthy news items including a Hacker One Crit, Caido u...

28 Des 20231h 21min

Episode 50: ­Mathias 'Fall in a well' Karlsson - Bug Bounty Prophet

Episode 50: ­Mathias 'Fall in a well' Karlsson - Bug Bounty Prophet

Episode 50: In this episode of Critical Thinking - Bug Bounty Podcast, Justin catches up with hacking master Mathias Karlsson, and talks about burnout, collaboration, and the importance of specializat...

21 Des 20232h 24min

Episode 49: Getting Live Hacking Event Invites & Bug Bounty Collab with Nagli

Episode 49: Getting Live Hacking Event Invites & Bug Bounty Collab with Nagli

Episode 49: In this episode of Critical Thinking - Bug Bounty Podcast, Justin Gardner is once again joined by Nagli to discuss some of their recent hacking discoveries. They talk about finding and exp...

14 Des 202351min

Episode 48: MVH, DEFCON Black Badge, Googler - Sam Erb

Episode 48: MVH, DEFCON Black Badge, Googler - Sam Erb

Episode 48: In this episode, joined by the spectacular Sam Erb, Google Security Engineer and DEFCON Black Badge winner. We talk about the importance of understanding how systems work to find vulnerabi...

7 Des 20231h 36min

Populært innen Teknologi

lydartikler-fra-aftenposten
romkapsel
teknisk-sett
nasjonal-sikkerhetsmyndighet-nsm
tomprat-med-gunnar-tjomlid
energi-og-klima
rss-ki-praten
smart-forklart
rss-impressions-2
elektropodden
rss-alt-vi-kan
fornybaren
rss-polypod
rss-bouvet-bobler
rss-fjorsilkebris-podcast
rss-heis
rss-ai-forklart
rss-teknologioptimistene-energibransjens-it-podcast
rss-digitaliseringspadden
rss-praktisk-proptech