Episode 34: Program vs Hacker Debate
Critical Thinking - Bug Bounty Podcast31 Aug 2023

Episode 34: Program vs Hacker Debate

Episode 34: In this episode of Critical Thinking - Bug Bounty Podcast, Justin and Joel have both beaten COVID and now square off against each other in a mega-debate representing hackers and program managers respectively. Among the topics included are Disclosures, Dupes, Zero-Day Policy, payouts, budgets, Triage and Retesting. So, if you want blood-pumping, insult-hurling opinion-invalidating debate…then maybe look somewhere else. But if a thought-provoking discussion about bug bounty is more your style, then take a seat and get ready!

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

Prompt Injection Primer for Engineers

https://twitter.com/rez0__/status/1695078576104833291

Portswigger on XSS

https://twitter.com/PortSwiggerRes/status/1691812241375424983

Gunner Andrews talk

https://www.youtube.com/watch?v=aaDe1ADh5KM

Jhaddix live training Givaway

https://tbhmlive.com/

ctbb.show/giveaway

New Website

ctbb.show

Fight music composed by Dayn Leonardson

https://www.daynleo.com/

Timestamps:

(00:00:00) Introduction

(00:02:00) Joel’s DEFCON Recap

(00:04:45) Prompt Injection Primer for Engineers by Rez0

(00:07:00) Portswigger Research and XSS

(00:08:36) Gunnar Andrews' talk on serverless architecture

(00:10:10) ‘Bug Hunter Methodology’ Course Giveaway

The Debate

(00:13:34) Zero-Day Policy and Payment for Vulnerabilities

(00:25:40) Disclosure

(00:33:52) Dupes (00:51:23) CVSS

(01:02:25) Budgets and Payouts

(01:15:00) Triage and Retesting

(01:34:55) Withholding Reports

(01:41:50) Root Cause Analysis

(01:52:25) Interacting with hacker reports from a security standpoint.

(01:58:50) Internal Activity on a Report

(02:01:15) Cost of running Bug Bounty Programs and LHE’s

Episoder(166)

Episode 166: Rez0’s Top Claude Skill Secrets

Episode 166: Rez0’s Top Claude Skill Secrets

Episode 166: In this episode of Critical Thinking - Bug Bounty Podcast we talk about Rez0’s Claude Skill Secrets, when AI Generated reports fall apart, and agents vs filters.Follow us on twitter at: h...

19 Mar 53min

Episode 165: Protobuf Hacking, AI-Powered Bug Hunting, and Self-Improving Claude Workflows

Episode 165: Protobuf Hacking, AI-Powered Bug Hunting, and Self-Improving Claude Workflows

Episode 165: In this episode of Critical Thinking - Bug Bounty Podcast Justin recaps his Zero Trust World experience, before we dive into Permissions issues client-side bugs, New Hardware Hacking Clas...

12 Mar 44min

Episode 164: Tommy DeVoss: From Black Hat to Bug Bounty LEGEND

Episode 164: Tommy DeVoss: From Black Hat to Bug Bounty LEGEND

Episode 164: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Tommy DeVoss to talk about his origin story, Yahoo bugs, and how Tommy first got Justin into Bug BountyFoll...

5 Mar 1h 11min

Episode 163: Best Technical Takeaways from Portswigger Top 10 2025

Episode 163: Best Technical Takeaways from Portswigger Top 10 2025

Episode 163: In this episode of Critical Thinking - Bug Bounty Podcast It’s that time of year again! We’re looking at the Portswigger Research list of top 10 web hacking techniques of 2025.Follow us o...

26 Feb 1h 8min

Episode 162: HackerOne Training AI on Bug Bounty Data?

Episode 162: HackerOne Training AI on Bug Bounty Data?

Episode 162: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph sit down with HackerOne Founder & CTO Alex Rice to discuss concerns of Using Hacker Data for AI and decreasing ...

19 Feb 53min

Episode 161: Cross-Consumer Attacks & DTMF Tone Exfil

Episode 161: Cross-Consumer Attacks & DTMF Tone Exfil

Episode 161: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gives us some quick hits regarding CSRF and Cross Consumer Attacks, and also touches on some breaking questions surroundin...

12 Feb 24min

Episode 160: Cloudflare Zero-days & Mail Unsubscribing for XSS

Episode 160: Cloudflare Zero-days & Mail Unsubscribing for XSS

Episode 160: In this episode of Critical Thinking - Bug Bounty Podcast Joseph and Brandyn. Chat through some news, Including a Cloudflare Zero-day, Turning List-Unsubscribe into an SSRF/XSS Gadget, & ...

5 Feb 45min

Episode 159: Avoiding Downgrades on Google Cloud VRP with Cote and Darby Hopkins

Episode 159: Avoiding Downgrades on Google Cloud VRP with Cote and Darby Hopkins

Episode 159: In this episode of Critical Thinking - Bug Bounty Podcast we sit down with the Google Cloud VRP Team to deep-dive policy and reward changes, what the panel process looks like, and how to ...

29 Jan 1h 46min

Populært innen Teknologi

lydartikler-fra-aftenposten
romkapsel
teknisk-sett
nasjonal-sikkerhetsmyndighet-nsm
smart-forklart
elektropodden
energi-og-klima
rss-ki-praten
fornybaren
rss-impressions-2
tomprat-med-gunnar-tjomlid
shifter
rss-alt-vi-kan
rss-heis
rss-ai-forklart
rss-bouvet-bobler
rss-fjorsilkebris-podcast
rss-alt-som-gar-pa-strom
rss-praktisk-proptech
rss-anleggspraten