Episode 34: Program vs Hacker Debate
Critical Thinking - Bug Bounty Podcast31 Aug 2023

Episode 34: Program vs Hacker Debate

Episode 34: In this episode of Critical Thinking - Bug Bounty Podcast, Justin and Joel have both beaten COVID and now square off against each other in a mega-debate representing hackers and program managers respectively. Among the topics included are Disclosures, Dupes, Zero-Day Policy, payouts, budgets, Triage and Retesting. So, if you want blood-pumping, insult-hurling opinion-invalidating debate…then maybe look somewhere else. But if a thought-provoking discussion about bug bounty is more your style, then take a seat and get ready!

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

Prompt Injection Primer for Engineers

https://twitter.com/rez0__/status/1695078576104833291

Portswigger on XSS

https://twitter.com/PortSwiggerRes/status/1691812241375424983

Gunner Andrews talk

https://www.youtube.com/watch?v=aaDe1ADh5KM

Jhaddix live training Givaway

https://tbhmlive.com/

ctbb.show/giveaway

New Website

ctbb.show

Fight music composed by Dayn Leonardson

https://www.daynleo.com/

Timestamps:

(00:00:00) Introduction

(00:02:00) Joel’s DEFCON Recap

(00:04:45) Prompt Injection Primer for Engineers by Rez0

(00:07:00) Portswigger Research and XSS

(00:08:36) Gunnar Andrews' talk on serverless architecture

(00:10:10) ‘Bug Hunter Methodology’ Course Giveaway

The Debate

(00:13:34) Zero-Day Policy and Payment for Vulnerabilities

(00:25:40) Disclosure

(00:33:52) Dupes (00:51:23) CVSS

(01:02:25) Budgets and Payouts

(01:15:00) Triage and Retesting

(01:34:55) Withholding Reports

(01:41:50) Root Cause Analysis

(01:52:25) Interacting with hacker reports from a security standpoint.

(01:58:50) Internal Activity on a Report

(02:01:15) Cost of running Bug Bounty Programs and LHE’s

Avsnitt(167)

Episode 87: 'Hacker Wife' Mariah Gardner on Bug Bounty mentality and relationships

Episode 87: 'Hacker Wife' Mariah Gardner on Bug Bounty mentality and relationships

Episode 87: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with none other than his wife Mariah to talk about Bug Bounty from the perspective of a Significant Other. They s...

5 Sep 20241h 26min

Episode 86: The X-Correlation between Frans & RCE - Research Drop

Episode 86: The X-Correlation between Frans & RCE - Research Drop

Episode 86: In this episode of Critical Thinking - Bug Bounty Podcast Frans blows Justin’s mind with a sneak peak of his new presentation. Note: This is a little different from our normal episode, and...

29 Aug 202442min

Episode 85: Practical Applications of DEFCON 32 Web Research

Episode 85: Practical Applications of DEFCON 32 Web Research

Episode 85: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel talk through some of the research coming out of DEFCON, mainly from the PortSwigger team. Web timing attacks, cach...

22 Aug 20241h 30min

Episode 84: 0xLupin & Takeaways from Google's Las Vegas BugSwat

Episode 84: 0xLupin & Takeaways from Google's Las Vegas BugSwat

Episode 84: In this episode of Critical Thinking - Bug Bounty Podcast, Justin is joined by Roni Carta (@0xLupin) to discuss their MVH win at the recent Google LHE, and share some technical observation...

15 Aug 202427min

Episode 83: Brainstorming Proxy Plugins

Episode 83: Brainstorming Proxy Plugins

Episode 83: In this episode of Critical Thinking - Bug Bounty Podcast Joel and Justin are brainstorming new features and improvements for Caido, such as the implementation of a 403 bypassing workflow,...

8 Aug 202454min

Episode 82: Part-Time Bug Bounty

Episode 82: Part-Time Bug Bounty

Episode 82: In this episode of Critical Thinking - Bug Bounty Podcast Joel Margolis discusses strategies and tips for part-time bug bounty hunting. He covers things like finding (and enforcing) balanc...

1 Aug 202436min

Episode 81: Crushing Client-Side on Any Scope with MatanBer

Episode 81: Crushing Client-Side on Any Scope with MatanBer

Episode 81: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by MatanBer to go over some recent bug reports, as well as share some tips and tricks on client-side hacking and ...

25 Juli 20242h 4min

Episode 80: Pwn2Own VS H1 Live Hacking Event (feat SinSinology)

Episode 80: Pwn2Own VS H1 Live Hacking Event (feat SinSinology)

Episode 80: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by Sina Kheirkhah to talk about the start of his hacking journey and explore the differences between the Pwn2Own ...

18 Juli 20242h 49min

Populärt inom Teknik

uppgang-och-fall
bilar-med-sladd
elbilsveckan
market-makers
rss-technokratin
har-vi-akt-till-mars-an
skogsforum-podcast
rss-laddstationen-med-elbilen-i-sverige
rss-veckans-ai
rss-elektrikerpodden
developers-mer-an-bara-kod
bli-saker-podden
hej-bruksbil
rss-milpodden
rss-uppgang-och-fall
rss-en-ai-till-kaffet
rss-snacka-om-ai
natets-morka-sida
rss-it-sakerhetspodden
rss-powerboat-sverige-podcast