Critical Thinking - Bug Bounty Podcast

Episode 174: In this episode of Critical Thinking - Bug Bounty Podcast we follow up from last episode with some advice for BB platforms, as well as cover a slew of writeups from Searchlight Cyber, watchTowr, and Starstrike.

Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!

====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
https://x.com/Rhynorater
https://x.com/rez0__
https://x.com/gr3pme

Critical Research Lab:
https://lab.ctbb.show/

====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Need a Pentest? We just launched CTBB Pentests!
https://pentest.ctbb.show/

Hack full time? Check out the Full-Time Hunter’s Guild!
https://ctbb.show/fthg

====== This Week in Bug Bounty ======
COST, AI frontier models and more: A measured take on the future of security testing
https://www.yeswehack.com/security-best-practices/cost-mythos-future-security-testing

Common AI misconceptions debugged!
https://www.intigriti.com/blog/business-insights/common-misconceptions-debugged#trend-3-validity-ratios-remain-constant-ai-slop-isnt-rising-as-a-proportion

BountySync + Social
https://luma.com/bountysync_social

====== Resources ======
Ghosts of Encryption Past
https://slcyber.io/research-center/ghosts-of-encryption-past-salesforce-exacttarget/

tessl Skill Optimizer
https://tessl.io/registry/tessl/skill-optimizer/0.8.0

The Internet Is Falling Down, Falling Down, Falling Down
https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/

High Fidelity Check for the cPanel Authentication Bypass
https://slcyber.io/research-center/high-fidelity-check-for-the-cpanel-authentication-bypass-cve-2026-41940/

Achieving Deterministic Prompt Injection Through Client-Side Feedback Loops
https://blog.starstrike.ai/posts/achieving-deterministic-prompt-injection-through-client-side-feedback-loops/

GPT-5.5: Mythos-Like Hacking, Open To All
https://xbow.com/blog/mythos-like-hacking-open-to-all

Remote Command Execution in Google Cloud with Single Directory Deletion
https://flatt.tech/research/posts/remote-command-execution-in-google-cloud-with-single-directory-deletion/?utm_source=bugbountydaily.com&utm_medium=referral

====== Timestamps ======
(00:00:00) Introduction
(00:09:20) AMPScript
(00:25:10) Tessl Skill Optimizer
(00:33:07) cPanel & WHM Authentication Bypass
(00:40:46) Advice for Bug Bounty Programs
(00:50:07) Prompt Injection Through Client-Side Feedback Loops
(00:54:37) GPT 5.5
(01:01:00) Remote Command Execution in Google Cloud

Episode 173: In this episode of Critical Thinking - Bug Bounty Podcast we’re talking about the negative effects that AI is having on the Bug Bounty scene as a whole. Is it over, or are we so back?

Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!

====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
https://x.com/Rhynorater
https://x.com/rez0__
https://x.com/gr3pme

Critical Research Lab:
https://lab.ctbb.show/

====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today's Sponsor: Check out Zero Trust Cloud Access:
https://www.criticalthinkingpodcast.io/tl-ztca

====== Resources ======
We want your feedback on this!
https://forms.ctbb.show/future_of_bug_bounty

Evolving the Android & Chrome VRPs for the AI Era
https://bughunters.google.com/blog/evolving-the-android-chrome-vrps-for-the-ai-era

Paid Submissions?
https://x.com/d0rsky/status/2047744193976742120

Keep the Robots Out of the Gym
https://danielmiessler.com/blog/keep-the-robots-out-of-the-gym

Is my data used for model training?
https://privacy.claude.com/en/articles/10023580-is-my-data-used-for-model-training

====== Timestamps ======
(00:00:00) Introduction
(00:06:28) Network effects of Bug Bounty
(00:31:55) Hopium/Copium
(00:47:21) The Great Training Data Debate

Episode 172: In this episode of Critical Thinking - Bug Bounty Podcast trying out a new structure of episode: a Meta Analysis of sorts of many Source Code Review techniques. This episode features tips gathered from Shubs, Rafax, and FSI. Justin highlights best approaches, patterns, and common pitfalls.

Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!

====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
https://x.com/Rhynorater
https://x.com/rez0__
https://x.com/gr3pme

Critical Research Lab:
https://lab.ctbb.show/

====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today’s Sponsor: Adobe - Get 10% bonus for valid AI vulnerabilities in Adobe Stock and Lightroom Web. Use code: CTBB063026 in your report.
Expires June 30, 2026.

====== This Week in Bug Bounty ======

Open-source security testing: the Bug Bounty guide to code analysis
https://www.yeswehack.com/learn-bug-bounty/open-source-guide-code-analysis?utm_source=youtube&utm_medium=sponsor-critical-thinking&utm_campaign=open-source-guide-code-analysis

====== Resources ======
Abusing Windows, .NET quirks, and Unicode Normalization to exploit DNN (DotNetNuke)
https://slcyber.io/research-center/abusing-windows-net-quirks-and-unicode-normalization-to-exploit-dnn-dotnetnuke/#:~:text=across%20different%20languages.-,A%20MUST%2DKNOW%20BEHAVIOUR%20OF%20PATH.COMBINE,-Another%20key%20implementation

====== Timestamps ======
(00:00:00) Introduction
(00:06:49) Tracing Data Flow, knowing where your playload is landing, and developer mistakes.
(00:17:33) Mapping the software
(00:24:46) Sniffing for blood
(00:31:54) Common Patterns and Pitfalls

Episode 171: In this episode of Critical Thinking - Bug Bounty Podcast Justin gives us some quick tips from his own hacking, including some clickjacking, using capital letters, and the potential value of leaking ages

Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!

====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
https://x.com/Rhynorater
https://x.com/rez0__
https://x.com/gr3pme

Critical Research Lab:
https://lab.ctbb.show/

====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today's Sponsor: Check out ThreatLocker Ringfencing
https://www.criticalthinkingpodcast.io/tl-rf

====== Resources ======

The ultimate Bug Bounty guide to OS command injection vulnerabilities
https://www.yeswehack.com/learn-bug-bounty/ultimate-guide-os-command-injection?utm_source=critical-thinking-podcast&utm_medium=youtube&utm_campaign=article-os-command-injection

Critical auth bypass in WordPress Azure AD SSO plugin due to missing OIDC id_token validation
https://www.yeswehack.com/news/auth-bypass-wordpress-azure-plugin?utm_source=critical-thinking-podcast&utm_medium=youtube&utm_campaign=article-wordpress-bypass-plugin

Aituglo featured on YWH
https://www.yeswehack.com/community/developer-aituglo-bug-bounty-story

Adobe will be sponsoring Ekoparty in Miami and hosting a live hacking event on May 21st
https://ekoparty.org/ekoparty-miami-2026-super-live-hacking-event/

====== Resources ======

SVG clickjacking
https://lyra.horse/blog/2025/12/svg-clickjacking/

====== Timestamps ======
(00:00:00) Introduction
(00:06:35) Protobuff XSS
(00:12:51) Leaking Age & CSPTs
(00:15:59) Capital Letters and Clickjacking

Episode 170: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph their trip to Korea with some quick takeaways from the LHE.

Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!

====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
https://x.com/Rhynorater
https://x.com/rez0__
https://x.com/gr3pme

Critical Research Lab:
https://lab.ctbb.show/

====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

====== Timestamps ======
(00:00:00) Introduction
(00:01:41) Google LHE Debrief
(00:09:27) Old AI Exfils & AI report writing
(00:18:14) Human Tokens
(00:26:13) Protoscope & Caido Websocket Repeater