Episode 34: Program vs Hacker Debate
Critical Thinking - Bug Bounty Podcast31 Aug 2023

Episode 34: Program vs Hacker Debate

Episode 34: In this episode of Critical Thinking - Bug Bounty Podcast, Justin and Joel have both beaten COVID and now square off against each other in a mega-debate representing hackers and program managers respectively. Among the topics included are Disclosures, Dupes, Zero-Day Policy, payouts, budgets, Triage and Retesting. So, if you want blood-pumping, insult-hurling opinion-invalidating debate…then maybe look somewhere else. But if a thought-provoking discussion about bug bounty is more your style, then take a seat and get ready!

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

Prompt Injection Primer for Engineers

https://twitter.com/rez0__/status/1695078576104833291

Portswigger on XSS

https://twitter.com/PortSwiggerRes/status/1691812241375424983

Gunner Andrews talk

https://www.youtube.com/watch?v=aaDe1ADh5KM

Jhaddix live training Givaway

https://tbhmlive.com/

ctbb.show/giveaway

New Website

ctbb.show

Fight music composed by Dayn Leonardson

https://www.daynleo.com/

Timestamps:

(00:00:00) Introduction

(00:02:00) Joel’s DEFCON Recap

(00:04:45) Prompt Injection Primer for Engineers by Rez0

(00:07:00) Portswigger Research and XSS

(00:08:36) Gunnar Andrews' talk on serverless architecture

(00:10:10) ‘Bug Hunter Methodology’ Course Giveaway

The Debate

(00:13:34) Zero-Day Policy and Payment for Vulnerabilities

(00:25:40) Disclosure

(00:33:52) Dupes (00:51:23) CVSS

(01:02:25) Budgets and Payouts

(01:15:00) Triage and Retesting

(01:34:55) Withholding Reports

(01:41:50) Root Cause Analysis

(01:52:25) Interacting with hacker reports from a security standpoint.

(01:58:50) Internal Activity on a Report

(02:01:15) Cost of running Bug Bounty Programs and LHE’s

Avsnitt(172)

Episode 12: JHaddix on Hacker->Hacker CISO, OG Hacking Techniques, and Crazy Reports

Episode 12: JHaddix on Hacker->Hacker CISO, OG Hacking Techniques, and Crazy Reports

Episode 12: In this episode of Critical Thinking - Bug Bounty Podcast we talk with Jason Haddix about his eclectic hacking techniques, Hacker -> Hacker CISO life, and some crazy vulns he found. This e...

23 Mars 20231h 46min

Episode 11: CV$$, Web Cache Deception, and SSTI

Episode 11: CV$$, Web Cache Deception, and SSTI

Episode 11: In this episode of Critical Thinking - Bug Bounty Podcast we talk about CVSS (the good, the bad, and the ugly), Web Cache Deception (an underrated vuln class) and a sick SSTI Joel and Fish...

16 Mars 20231h 3min

Episode 10: The Life of a Full-Time Bug Bounty Hunter + BB News + Reports from Mentees

Episode 10: The Life of a Full-Time Bug Bounty Hunter + BB News + Reports from Mentees

Episode 10: In this episode of Critical Thinking - Bug Bounty Podcast we talk about what its like to be a full-time bug bounty hunter, a tonne of bug bounty news, and some great report summaries from ...

9 Mars 20231h 16min

Episode 9: Headless Browser SSRF & RebindMultiA Tool Release + Web3 Bug

Episode 9: Headless Browser SSRF & RebindMultiA Tool Release + Web3 Bug

Episode 9: In this episode of Critical Thinking - Bug Bounty Podcast we talk about Headless Browser SSRF and drop a tool called RebindMultiA. Joel also walks us through a web3 bug and we cover some bu...

2 Mars 20231h 8min

Episode 8: PostMessage Bugs, CSS Injection, and Bug Drops

Episode 8: PostMessage Bugs, CSS Injection, and Bug Drops

Episode 8: In this episode of Critical Thinking - Bug Bounty Podcast we drop some critical bugs which leak raw credit card info. We also discuss some CSS Injection & PostMessage related techniques. It...

22 Feb 202335min

Episode 7: PortSwigger Top 10, TruffleSecurity Drama, and More!

Episode 7: PortSwigger Top 10, TruffleSecurity Drama, and More!

Episode 7: In this episode of Critical Thinking - Bug Bounty Podcast we talk about PortSwigger's Top 10 Web Hacking Techniques of 2022 (link below), some drama surrounding TruffleSecurity's XSS Hunter...

16 Feb 202356min

Episode 6: Mobile Hacking Attack Vectors with Teknogeek (Joel Margolis)

Episode 6: Mobile Hacking Attack Vectors with Teknogeek (Joel Margolis)

Episode 6: In this episode of Critical Thinking - Bug Bounty Podcast we sit down with mobile hacking legend Joel Margolis and get the scoop on his approach to popping bugs on Android.Follow us on twit...

9 Feb 20231h 39min

Episode 4: H1-407 Event Madness & Takeaways Part 2 w/ Special Guest Spaceraccoon

Episode 4: H1-407 Event Madness & Takeaways Part 2 w/ Special Guest Spaceraccoon

Episode 4: In this episode of Critical Thinking - Bug Bounty Podcast we have part two of our series on the H1-407 HackerOne Live Hacking Event. This time, we have a special guest SpaceRaccoon (@spacer...

2 Feb 202345min

Populärt inom Teknik

natets-morka-sida
uppgang-och-fall
elbilsveckan
rss-technokratin
bilar-med-sladd
skogsforum-podcast
market-makers
har-vi-akt-till-mars-an
bli-saker-podden
rss-elektrikerpodden
rss-laddstationen-med-elbilen-i-sverige
rss-powerboat-sverige-podcast
rss-it-sakerhetspodden
rss-veckans-ai
rss-uppgang-och-fall
rss-fabriken-2
rss-snacka-om-ai
developers-mer-an-bara-kod
hej-bruksbil
dom-kallar-oss-krypto