Episode 161: Cross-Consumer Attacks & DTMF Tone Exfil
Critical Thinking - Bug Bounty Podcast12 Feb

Episode 161: Cross-Consumer Attacks & DTMF Tone Exfil

Episode 161: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gives us some quick hits regarding CSRF and Cross Consumer Attacks, and also touches on some breaking questions surrounding HackerOne


Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!



====== Links ======

Follow your hosts Rhynorater, rez0 and gr3pme on X:

https://x.com/Rhynorater

https://x.com/rez0__

https://x.com/gr3pme


Critical Research Lab:

https://lab.ctbb.show/


====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!


We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.


You can also find some hacker swag at https://ctbb.show/merch!


Today's Sponsor: Join Justin at Zero Trust World in March and get $200 off registration with Code ZTWCTBB26

https://ztw.com/


====== This Week in Bug Bounty ======


AS Watson

https://app.intigriti.com/programs/aswatson/watsons/detail


YesWeHack 2026 Report

https://choose.yeswehack.com/bug-bounty-report-2026-trends-and-key-insights-yeswehack?utm_source=youtube&utm_medium=sponsor-critical-thinking&utm_campaign=yeswehack-report-2026


====== Resources ======


PhoneLeak: Data Exfiltration in Gemini via Phone Call

https://blog.starstrike.ai/posts/phoneleak-data-exfiltration-in-gemini-via-phone-call/


Max's Tweet about decreasing bounties

https://x.com/0xw2w/status/2020788164378427483


HackerOne General Terms and Conditions

https://www.hackerone.com/terms/general


Research Review #-2: RCE in Google's AI code editor Antigravity (sudi)

https://www.youtube.com/watch?v=JqvJSF2UMyY


====== Timestamps ======

(00:00:00) Introduction

(00:03:26) YesWeHack 2026 Report

(00:09:12) CSRF Realizations & Data Exfiltration in Gemini via Phone Call

(00:14:38) 7urb0's Youtube, HackerOne decreasing bounties and Section 3.1 controversy.

(00:19:06) Cross Consumer Attacks



Avsnitt(167)

Episode 103: Getting ANSI about Unicode Normalization

Episode 103: Getting ANSI about Unicode Normalization

Episode 103: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph delve into the vulnerabilities associated with ANSI codes and large language models (LLMs), as well as talk thr...

26 Dec 20241h

Episode 102: Building Web Hacking Micro Agents with Jason Haddix

Episode 102: Building Web Hacking Micro Agents with Jason Haddix

Episode 102: In this episode of Critical Thinking - Bug Bounty Podcast Justin grabs Jason Haddix to help brainstorm the concept of AI micro-agents in hacking, particularly in terms of web fuzzing, WAF...

19 Dec 20241h 2min

Episode 101: CTBB Hijacked: Rez0__ on AI Attack Vectors with Johann Rehberger

Episode 101: CTBB Hijacked: Rez0__ on AI Attack Vectors with Johann Rehberger

Episode 101: In this episode of Critical Thinking - Bug Bounty Podcast we’ve been hijacked! Rez0 takes control of this episode, and sits down with Johann Rehberger to discuss the intricacies of AI app...

12 Dec 202451min

Ep 100 - 8 Fav Bugs of 2024, Farewell Joel, Hello Shift - Cursor of Hacking

Ep 100 - 8 Fav Bugs of 2024, Farewell Joel, Hello Shift - Cursor of Hacking

Episode 100: In this episode of Critical Thinking - Bug Bounty Podcast we have a mixed bag. We celebrate 100 episodes of Critical Thinking, but also bid farewell to Joel, who will be leaving the show ...

5 Dec 20241h 41min

Episode 99: Back to the Basics - Web Fundamental to 100k a Year in Bug Bounty

Episode 99: Back to the Basics - Web Fundamental to 100k a Year in Bug Bounty

Episode 99: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Roni dissect an old thread of Justin's talking about how best to start bug bounty with the goal of making $100k in the ...

28 Nov 20241h 42min

Episode 98: Team 82 Sharon Brizinov - The Live Hacking Polymath

Episode 98: Team 82 Sharon Brizinov - The Live Hacking Polymath

Episode 98: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner sits down with Sharon,to discuss his journey from early iOS development to leading a research team at Claroty. They...

21 Nov 20241h 43min

Episode 97: Bcrypt Hash Input Truncation & Mobile Device Threat Modeling

Episode 97: Bcrypt Hash Input Truncation & Mobile Device Threat Modeling

Episode 97: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel jump into some cool news items, including a recent Okta Bcrypt vulnerability, insights into crypto bugs, and some ...

14 Nov 202453min

Episode 96: Cookies & Caching with MatanBer

Episode 96: Cookies & Caching with MatanBer

Episode 96: In this episode of Critical Thinking - Bug Bounty Podcast we’re back with Matanber to hit some stuff we ran out of time on last episode. We talk about advanced cookie parsing techniques an...

7 Nov 202449min

Populärt inom Teknik

uppgang-och-fall
elbilsveckan
bilar-med-sladd
market-makers
har-vi-akt-till-mars-an
rss-laddstationen-med-elbilen-i-sverige
rss-elektrikerpodden
rss-technokratin
developers-mer-an-bara-kod
rss-uppgang-och-fall
skogsforum-podcast
bli-saker-podden
rss-veckans-ai
rss-snacka-om-ai
hej-bruksbil
rss-en-ai-till-kaffet
rss-milpodden
natets-morka-sida
rss-powerboat-sverige-podcast
rss-ai-med-katarina-gospic-och-viggo-cavling