Episode 48: MVH, DEFCON Black Badge, Googler - Sam Erb
Critical Thinking - Bug Bounty Podcast7 Dec 2023

Episode 48: MVH, DEFCON Black Badge, Googler - Sam Erb

Episode 48: In this episode, joined by the spectacular Sam Erb, Google Security Engineer and DEFCON Black Badge winner. We talk about the importance of understanding how systems work to find vulnerabilities, and how his engineering background influences his hunting style and methodologies. Then we jump over to his Career Development and his work with Google, and then chat about some of the recent Google Vulnerability Programs.

This episode is sponsored by Wordfence! Wordfence recently launched a game-changer of a bug bounty program with ALL WordPress plugins over 50k installs are in-scope. They are currently paying 6.25x their normal bounty amounts, and have agreed to give CT listeners a 10% bonus on top of that! Head over to https://ctbb.show/wf for more info and keep an eye on the CTBB Discord for inspiration/collabs.

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

—— Links ——

Follow your hosts Rhynorater & Teknogeek on twitter:

—— Ways to Support CTBBPodcast ——

Sign up for Caido using code CTBBPODCAST for a 10% discount.

Hop on the CTBB Discord

Discord premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Today’s Guest:

https://twitter.com/erbbysam

Sam Erbs Static Secret

Security Now Podcast

BIMI:

And

https://bimigroup.org/

Google Device Vulnerability Reward Program Initiatives

Google Invalid Reports

Hacking Google

Transcripts

(00:00:00) Introduction

(00:02:50) Hacker Methodology with Sam Erb

(00:12:20) Balancing Bug Hunting and Personal Life

(00:15:53) Deep Diving on a program and using automation.

(00:27:00) Optimizing Bug Hunting and Understanding Attack Vectors

(00:39:22) Collaboration and Boundaries

(00:45:42) Career Development and Entrepreneurship

(00:55:13) Winning Black Badges at DEFCON

(00:58:02) BufferOver

(01:09:11) Working at Google

(01:19:23) Google Bug Bounty Programs

(01:31:41) BONUS Cool Bugs

Avsnitt(161)

Episode 153: Hacking the Robots of the Future: Hardware, AI, and Bug Bounties with Matt Brown

Episode 153: Hacking the Robots of the Future: Hardware, AI, and Bug Bounties with Matt Brown

Episode 153: In this episode of Critical Thinking - Bug Bounty Podcast Matt Brown returns to talk with us about hacking robots, IOT hackbots, and his Zero-to-Hero Hardware Hacking Guide.Follow us on t...

18 Dec 20251h 16min

Episode 152: GeminiJack and Agentic Security with Sasi Levi

Episode 152: GeminiJack and Agentic Security with Sasi Levi

Episode 152: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Sasi Levi from Noma Security to talk about AI and Agentic Security. We also talk about ForcedLeak, a Google Verte...

11 Dec 20251h 21min

Episode 151: Client-side Advanced Topics

Episode 151: Client-side Advanced Topics

Episode 151: In this episode of Critical Thinking - Bug Bounty Podcast we’re covering Client-side advanced topics. Justin talks Joseph (and us) through Third-Party Cookie Nuances, Iframe Tricks, URL P...

4 Dec 20251h 7min

Episode 150: ASP.NET MVC Patterns, Popping Oracle Identity, and Esoteric Subdomain Enumeration

Episode 150: ASP.NET MVC Patterns, Popping Oracle Identity, and Esoteric Subdomain Enumeration

Episode 150: In this episode of Critical Thinking - Bug Bounty Podcast we're highlighting some cool news and research, but not before expressing our gratitude to the Hacker community. We are so thankf...

27 Nov 202557min

Episode 149: DEFCON Debrief: AI Vulns, Unicode Weirdness, and Wild Vulnerability Chains

Episode 149: DEFCON Debrief: AI Vulns, Unicode Weirdness, and Wild Vulnerability Chains

Episode 149: In this episode of Critical Thinking - Bug Bounty Podcast The DEFCON videos are up, and Justin and Joseph talk through some of their favorites.Follow us on XGot any ideas and suggestions?...

20 Nov 20251h 2min

Episode 148: MCP Hacking Guide

Episode 148: MCP Hacking Guide

Episode 148: In this episode of Critical Thinking - Bug Bounty Podcast Justin gives us a crash course on Model Context Protocol.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and sugg...

13 Nov 202532min

Episode 147: Stupid Simple Hacking Workflow Tips

Episode 147: Stupid Simple Hacking Workflow Tips

Episode 147: In this episode of Critical Thinking - Bug Bounty Podcast we're talking tips and tricks that help us in hacking that we really should’ve learned sooner.Follow us on twitter at: https://x....

6 Nov 202558min

Episode 146: Hacking Horror Stories

Episode 146: Hacking Horror Stories

Episode 146: In this episode of Critical Thinking - Bug Bounty Podcast Justin, Joseph, and Brandyn all sit down to celebrate the spooky season by swapping their scariest bug stories. From frightening ...

30 Okt 20251h 50min

Populärt inom Teknik

uppgang-och-fall
market-makers
elbilsveckan
bilar-med-sladd
rss-elektrikerpodden
skogsforum-podcast
rss-veckans-ai
rss-laddstationen-med-elbilen-i-sverige
natets-morka-sida
bli-saker-podden
bosse-bildoktorn-och-hasse-p
rss-en-ai-till-kaffet
rss-uppgang-och-fall
rss-ai-med-katarina-gospic-och-viggo-cavling
rss-technokratin
developers-mer-an-bara-kod
rss-it-sakerhetspodden
rss-fabriken-2
rss-digitala-influencer-podden
garagehang