Episode 134: XBOW - AI Hacking Agent and Human in the Loop with Diego Djurado
Episode 134: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Diego Djurado to give us the scoop on XBOW. We cover a little about its architecture and approach to hunting, the challenges with hallucinations, and the future of AI in the BB landscape. Diego also shares some of his own hacking journey and successes in the Ambassador World cup.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today’s Sponsor - ThreatLocker User StoreToday’s Guest: https://x.com/djurado9====== This Week in Bug Bounty ======Announcement of our upcoming live hacking event at Nullcon Berlin, taking place on September 4-5Bug Bounty Village Speakers 2025Talkie Pwnii Caido showcaseCaido Masterclass – From Setup to ExploitsAccess Control vs Account Takeover: What Bug Bounty Hunters Need to Know====== Resources ======CVE-2025-49493: XML External Entity (XXE) Injection in Akamai CloudTest====== Timestamps ======(00:00:00) Introduction(00:05:56) Diego's ATO Bug(00:12:01) H1 Ambassador World Cup and work with XBOW(00:20:57) XBOW's CloudTest XXE Bug(00:49:59) Freedom, Hallucinations, & Validation(01:07:24) XBOW's Architecture(01:23:50) Humans in the Loop, Harnesses, and Xbow's Reception(01:44:21) Ambassador World Cup plans for the future
4 Aug 1h 53min
Episode 133: Building Hacker Communities - Bug Bounty Village, getDisclosed, and the LHE Squad
Episode 133: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Harley and Ari from H1 to talk some about community management roles within Bug Bounty, as well as discuss the evolution of Bug Bounty Village at DEFCON, and what they’ve got in store this year.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today’s Guests:x.com/infiniteloginshttps://x.com/Arl_roseToday’s Sponsor is Adobe. Use code CTBBP0907 in your first report on Adobe Behance, Portfolio, Fonts or Acrobat Web, and earn a one-time 10% bonus reward!====== This Week in Bug Bounty ======BBV Platform Panel about TriageYesWeHACK Makes Debut at Black Hat USA 2025New Dojo challenge featuring a time-based token prediction combined PyYAML deserializationGMSGadget====== Resources ======Bug Bounty VillageSign up for the Disclosed NewsletterDisclosed OnlineHarley's Youtube Channel====== Timestamps ======(00:00:00) Introduction(00:05:51) Bug Stories and Hacking Journeys(00:32:37) Community Management within Bug Bounty(00:39:43) Bug Bounty Village - Origin & 2025 Plans(01:02:39) Disclosed Online and Harley's Upcoming Ebook
31 Juli 1h 16min
Episode 132: Archive Testing Methodology with Mathias Karlsson
Episode 132: In this episode of Critical Thinking - Bug Bounty Podcast, Justin Gardner is joined by Mathias Karlsson to discuss vulnerabilities associated with archives. They talk about his new tool, Archive Alchemist, and explore topics like the significance of Unicode paths, symlinks, and TAR before they end up talking about Charsets again..Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord!You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor: ThreatLocker - Patch ManagementToday’s Guest: Mathias Karlsson====== This Week in Bug Bounty ======Swiss Post's 2025 Public Intrusion Test starts on July 28Intigriti teams with NVIDIABugcrowd Ingenuity AwardsHack the Hacker Series - AI Vulnerabilities and Bug BountiesA Novel Technique for SQL Injection in PDO’s Prepared StatementsHow We Accidentally Discovered a Remote Code Execution Vulnerability in ETQ Reliance====== Resources ======Archive AlchemistHacking Livestream #53: The ZIP file format====== Timestamps ======(00:00:00) Introduction(00:10:04) Archive Alchemist(00:36:05) Unicode Extensions, normalization, and confusion attacks on Zip parsers(00:48:44) Character Sets(01:01:49) 7zip & File Names (01:06:44) Path Traversal, Symlinks & Identifying Techniques(01:36:05) Hardlinks and TAR
24 Juli 1h 49min
Episode 131: SL Cyber Writeups, Bug Bounty Metastrategy, and Orphaned Github Commits
Episode 131: In this episode of Critical Thinking - Bug Bounty Podcast we're covering Christmas in July with several banger articles from Searchlight Cyber, as well as covering things like Raycast for Windows, Third-Person prompting, and touch on the recent McDonalds LeakFollow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today’s Sponsor is Adobe. Use code CTBBP0907 in your first report on Adobe Behance, Portfolio, Fonts or Acrobat Web, and earn a one-time 10% bonus reward!====== Resources ======v1 Instance Metadata Service protections bypassWould you like an IDOR with that? Leaking 64 million McDonald’s job applicationsHow we got persistent XSS on every AEM cloud site, thriceGoogle docs now supports export as markdownAbusing Windows, .NET quirks, and Unicode Normalization to exploit DNN (DotNetNuke)How I Scanned all of GitHub’s “Oops Commits” for Leaked SecretsBug bounty, feedback, strategy and alchemy====== Timestamps ======(00:00:00) Introduction(00:05:39) Metadata Service protections bypass & Mcdonalds Leak(00:12:30) Christmas in July with Searchlight Cyber Pt 1(00:19:43) Export as Markdown, Raycast for Windows, & Third-Person prompting(00:23:56) Christmas in July with Searchlight Cyber Pt 2(00:27:39) GitHub’s “Oops Commits” for Leaked Secrets(00:36:53) Bug bounty, feedback, strategy and alchemy
17 Juli 50min
Episode 130: Minecraft Hacks to Google Hacking Star - Valentino
Episode 130: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by Valentino, who shares his journey from hacking Minecraft to becoming a Google hunter. He talks us through several bugs, including an HTML Sanitizer bypass and .NET deserialization, and highlights the hyper creative approaches he tends to employ.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter:https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor: ThreatLocker - Patch Managementhttps://www.criticalthinkingpodcast.io/TL-patch-managementToday’s Guest: Valentino - https://blog.3133700.xyz/====== Resources ======JMX ManagerStored XSS in reclamosCommand Injection in Vertex AIwhitepaper-net-deser.pdffree-after-use.goA Journey Into Finding Vulnerabilities in the PMB Library Management Systememulated-register_globals.php====== Timestamps ======(00:00:00) Introduction(00:02:38) JMXProxy Bug Story(00:09:46) Intro to Valentino(00:29:08) HTML Sanitizer bypass on MercadoLibre(00:37:16) Command injection in Vertex AI(00:44:10) .NET deserialization, & Argument injection to LFR, & Free after use(00:51:33) Luck, creativity, and evolution as Hacker(00:59:31) Issues in file extension validation components, Emulated register_globals, & AI Hacking
10 Juli 1h 8min
Episode 129: Is this how Bug Bounty Ends?
Episode 129: In this episode of Critical Thinking - Bug Bounty Podcast we chat about the future of hack bots and human-AI collaboration, the challenges posed by tokenization, and the need for cybersecurity professionals to adapt to the evolving landscape of hacking in the age of AIFollow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!====== This Week in Bug Bounty ======Improper error handling in async cryptographic operations crashes processhttps://hackerone.com/reports/2817648Recon Series #6: Excavating hidden artifacts with Wayback Machinehttps://www.yeswehack.com/learn-bug-bounty/recon-wayback-machine-web-archive====== Resources ======This is How They Tell Me Bug Bounty Ends https://josephthacker.com/hacking/2025/06/09/this-is-how-they-tell-me-bug-bounty-ends.htmlWelcome, Hackbots: How AI Is Shaping the Future of Vulnerability Discoveryhttps://www.hackerone.com/blog/welcome-hackbots-how-ai-shaping-future-vulnerability-discoveryGlitch Tokenhttps://www.youtube.com/watch?v=WO2X3oZEJOAConducting smarter intelligences than me: new orchestrashttps://southbridge-research.notion.site/conducting-smarter-intelligences-than-me====== Timestamps ======(00:00:00) Introduction(00:04:05) Is this how Bug Bounty Ends?(00:11:14) Hackbots and handling leads(00:20:50) Hacker chain of thought & Tokenization(00:32:54) Context Engineering
3 Juli 36min
Episode 128: New Research in Blind SSRF and Self-XSS, and How to Architect Source-code Review AI Bots
Episode 128: In this episode of Critical Thinking - Bug Bounty Podcast we talking Blind SSRF and Self-XSS, as well as Reversing massive minified JS with AI and a wild Google Logo Ligature BugFollow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor: ThreatLocker - Patch Management====== This Week in Bug Bounty ======BitK's "Payload plz" challenge at LeHack====== Resources ======Make Self-XSS Great AgainNovel SSRF Technique Involving HTTP Redirect LoopsSurf - Escalate your SSRF vulnerabilities on Modern Cloud EnvironmentsGecko: Intent to prototype: Framebusting InterventionConducting smarter intelligences than me: new orchestrasMandarkLumentisjscollabGoogle Logo Ligature Bug====== Timestamps ======(00:00:00) Introduction(00:03:55) Self-XSS and credentialless iframe (00:16:50) Novel SSRF Technique Involving HTTP Redirect Loops(00:25:02) Framebusting(00:29:13) Reversing massive minified JS with AI(00:53:12) Google Logo Ligature Bug
26 Juni 58min
Episode 127: Drama, PDF as JS Chaos, Bounty Profile Apps, And More
Episode 127: In this episode of Critical Thinking - Bug Bounty Podcast we address some recent bug bounty controversy before jumping into a slew of news itemsFollow us on XShoutout to YTCracker for the awesome intro music!Today's Sponsor: Adobe====== This Week In Bug Bounty ======Hackers Guide to Google dorkingYesWeCaidoNew Dojo ChallengeSmart Contract BB tipsRed Team AAS====== Resources ======DisclosedPDF csp bypassBypassing File Upload Restrictions To Exploit Client-Side Path TraversalOBS WebSocket to RCETime in a bottle (or knapsack)How to Differentiate Yourself as a Bug Bounty HunterDisclosed. Onlinehacked-in‘EchoLeak’Piloting Edge CopilotNewtownerTips for agent promptingFirefox XSS vectorsTweet from Masato KinugawaChrome debug() function
19 Juni 1h 7min
