Episode 71: More VDP Chats & AI Bias Bounty Strats with Keith Hoodlet
Critical Thinking - Bug Bounty Podcast16 Mai 2024

Episode 71: More VDP Chats & AI Bias Bounty Strats with Keith Hoodlet

Episode 71: In this episode of Critical Thinking - Bug Bounty Podcast Keith Hoodlet joins us to weigh in on the VDP Debate. He shares some of his insights on when VDPs are appropriate in a company's security posture, and the challenges of securing large organizations. Then we switch gears and talk about AI bias bounties, where Keith explains the approach he takes to identify bias in chatbots and highlights the importance of understanding human biases and heuristics to better hack AI.

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.

Today's Sponsor - Project Discovery: https://nux.gg/podcast

Today’s guest: Keith Hoodlet

https://securing.dev/

Resources:

Daniel Miessler's article about the security poverty line

https://danielmiessler.com/p/the-cybersecurity-skills-gap-is-another-instance-of-late-stage-capitalism/

Hacking AI Bias

https://securing.dev/posts/hacking-ai-bias/

Hacking AI Bias Video

https://youtu.be/AeFZA7xGIbE?si=TLQ7B3YtzPWXS4hq

Sarah's Hoodlet's new book

https://sarahjhoodlet.com

Link to Amazon Page

https://a.co/d/c0LTM8U

Timestamps:

(00:00:00) Introduction

(00:04:09) Keith's Appsec Journey

(00:16:24) The Great VDP Debate Redux

(00:47:18) Platform/Hunter Incentives and Government Regulation

(01:06:24) AI Bias Bounties

(01:26:27) AI Techniques and Bugcrowd Contest

Episoder(165)

Episode 117: Hacking AI Series: Vulnus ex Machina - Part 1

Episode 117: Hacking AI Series: Vulnus ex Machina - Part 1

Episode 117: In this episode of Critical Thinking - Bug Bounty Podcast Joseph introduces Vulus Ex Machina: A 3-part mini-series on hacking AI applications. In this part, he lays the groundwork and foc...

3 Apr 202532min

Episode 116: Auth Bypasses and Google VRP Writeups

Episode 116: Auth Bypasses and Google VRP Writeups

Episode 116: In this episode of Critical Thinking - Bug Bounty Podcast Justin gives a quick rundown of Portswigger’s SAML Roulette writeup, as well as some Google VRP reports, and a Next.js middleware...

27 Mar 202526min

Episode 115: Mentee to Career Hacker - Mokusou (So Sakaguchi)

Episode 115: Mentee to Career Hacker - Mokusou (So Sakaguchi)

Episode 115: In this episode of Critical Thinking - Bug Bounty Podcast Justin and So Sakaguchi sit down to walk through some recent bugs, before having a live mentorship session. They also talk about ...

20 Mar 20251h 40min

Episode 114: Single Page Application Hacking Playbook

Episode 114: Single Page Application Hacking Playbook

Episode 114: In this episode of Critical Thinking - Bug Bounty Podcast we’re diving into SPA and how to attack them.We also cover a host of news items, including some bug write-ups, AI updates, and a ...

13 Mar 20251h 22min

Episode 113: Best Technical Takeaways from Portswigger Top 10 2024

Episode 113: Best Technical Takeaways from Portswigger Top 10 2024

Episode 113: In this episode of Critical Thinking - Bug Bounty Podcast we’re breaking down the Portswigger Top 10 from 2024. There’s some bangers in here!Follow us on X at: https://x.com/ctbbpodcastGo...

6 Mar 20251h 29min

Episode 112: Interview with Ciarán Cotter (MonkeHack) - Critical Lab Researcher and Full-time Hunter

Episode 112: Interview with Ciarán Cotter (MonkeHack) - Critical Lab Researcher and Full-time Hunter

Episode 112: In this episode of Critical Thinking - Bug Bounty Podcast Joseph Thacker is joined by Ciarán Cotter (Monke) to share his bug hunting journey and give us the rundown on some recent client-...

27 Feb 20251h 7min

Episode 111: How to Bypass DOMPurify in Bug Bounty with Kevin Mizu

Episode 111: How to Bypass DOMPurify in Bug Bounty with Kevin Mizu

Episode 111: In this episode of Critical Thinking - Bug Bounty Podcast Justin interviews Kevin Mizu to showcase his knowledge regarding DOMPurify and its misconfigurations. We walk through some of Kev...

20 Feb 20251h 49min

Episode 110: Oauth Gadget Correlation and Common Attacks

Episode 110: Oauth Gadget Correlation and Common Attacks

Episode 110: In this episode of Critical Thinking - Bug Bounty Podcast we hit some quick news items including a DOMPurify 3.2.3 Bypass, O3 mini updates, and a cool postLogger Chrome Extension. Then, w...

13 Feb 202549min

Populært innen Teknologi

lydartikler-fra-aftenposten
romkapsel
smart-forklart
teknisk-sett
tomprat-med-gunnar-tjomlid
energi-og-klima
nasjonal-sikkerhetsmyndighet-nsm
rss-impressions-2
elektropodden
rss-ki-praten
shifter
rss-praktisk-proptech
pedagogisk-intelligens
hans-petter-og-co
rss-ki-til-kaffen
i-loopen
kunstig-intelligens-med-morten-goodwin
rss-heis
teknologi-og-mennesker
rss-nerding-med-netlife