Episode 149: DEFCON Debrief: AI Vulns, Unicode Weirdness, and Wild Vulnerability Chains
<p>Episode 149: In this episode of Critical Thinking - Bug Bounty Podcast The DEFCON videos are up, and Justin and Joseph talk through some of their favorites.</p><p>Follow us on <a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/ctbbpodcast">X</a></p><p>Got any ideas and suggestions? Feel free to send us any feedback here: <a target="_blank" rel="noopener noreferrer nofollow" href="mailto:[email protected]">[email protected]</a></p><p>Shoutout to<a target="_blank" rel="noopener noreferrer nofollow" href="https://twitter.com/realytcracker"> YTCracker</a> for the awesome intro music!</p><p>====== Links ======</p><p>Follow your hosts <a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/Rhynorater">Rhynorater</a>, <a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/rez0__">rez0</a> and <a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/gr3pme">gr3pme</a> on X: </p><p>====== Ways to Support CTBBPodcast ======</p><p>Hop on the CTBB <a target="_blank" rel="noopener noreferrer nofollow" href="https://ctbb.show/discord">Discord!</a></p><p>We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.</p><p>You can also find some hacker swag at <a target="_blank" rel="noopener noreferrer nofollow" href="https://ctbb.show/merch">https://ctbb.show/merch</a>!</p><p>====== Resources ======</p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://lab.ctbb.show/research/unicode-surrogates-to-replacement-characters">Unicode surrogates conversion</a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://www.youtube.com/watch?v=y_aQQmDMaY4">Prompt. Scan. Exploit</a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://www.youtube.com/watch?v=RNXCnJvE1Zg&list=PL6rDwEAPMIRSsWupDGpV4bMf7CiLTF0wk">Breaking into thousands of cloud based VPNs with 1 bug</a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://www.youtube.com/watch?v=mPo-an8BUXc">Examining Access Control Vulnerabilities in GraphQL</a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://www.youtube.com/watch?v=AOp0QtUORBc&list=PL6rDwEAPMIRSsWupDGpV4bMf7CiLTF0wk&index=6">Smart Bus Smart Hacking</a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://www.youtube.com/watch?v=LCGm5-ZjKK0">Passkeys Pwned</a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://www.youtube.com/watch?v=kSJBEZkJ4vM&list=PL6rDwEAPMIRSsWupDGpV4bMf7CiLTF0wk&index=3">Bypassing Intent Destination Checks</a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://www.youtube.com/watch?v=CUxbDRR0A8I">Gemini Agents in Google Calendar</a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://www.youtube.com/watch?v=JL2PT1Dac3g">Exploitation of DOM Clobbering Vuln at Scale</a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://github.com/jackfromeast/TheHulk">TheHulk</a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://www.youtube.com/watch?v=rLnlLLKISyY&list=PL6rDwEAPMIRSsWupDGpV4bMf7CiLTF0wk&index=4">Smart Devices, Dumb Resets</a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://www.youtube.com/watch?v=T13YfM8z0lE&list=PL6rDwEAPMIRSsWupDGpV4bMf7CiLTF0wk&index=7">Mac PRT Cookie Theft</a></p><p>====== Timestamps ======</p><p>(00:00:00) Introduction</p><p>(00:10:10) Prompt. Scan. Exploit</p><p>(00:23:52) Breaking into thousands of cloud based VPNs with 1 bug</p><p>(00:33:25) Access Control Vulns in GraphQL, Smart Bus Hacking, & Passkeys Pwned</p><p>(00:44:10) Bypassing Intent Destination Checks & Invoking Gemini Agents</p><p>(00:57:08) DOM Clobbering, Mac PRT Cookie Theft, & Smart Devices, Dumb Resets</p>
