Episode 163: In this episode of Critical Thinking - Bug Bounty Podcast It’s that time of year again! We’re looking at the Portswigger Research list of top 10 web hacking techniques of 2025. Follow us on twitter at: <a href="https://x.com/ctbbpodcast" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">https://x.com/ctbbpodcast</a>Got any ideas and suggestions? Feel free to send us any feedback here: <a href="mailto:info@criticalthinkingpodcast.io" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">info@criticalthinkingpodcast.io</a>Shoutout to<a href="https://twitter.com/realytcracker" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"> YTCracker</a> for the awesome intro music! ====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X:&nbsp;<a href="https://x.com/Rhynorater" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">https://x.com/Rhynorater</a><a href="https://x.com/rez0__" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">https://x.com/rez0__</a><a href="https://x.com/gr3pme" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">https://x.com/gr3pme</a> Critical Research Lab:<a href="https://lab.ctbb.show/" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">https://lab.ctbb.show/</a>&nbsp; ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at <a href="https://ctbb.show/discord" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">https://ctbb.show/discord</a>! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at <a href="https://ctbb.show/merch" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">https://ctbb.show/merch</a>! ====== Resources ====== Parser Differentials: When Interpretation Becomes a Vulnerability<a href="https://www.youtube.com/watch?v=Dq_KVLXzxH8" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">https://www.youtube.com/watch?v=Dq_KVLXzxH8</a> XSS-Leak: Leaking Cross-Origin Redirects<a href="https://blog.babelo.xyz/posts/cross-site-subdomain-leak/" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">https://blog.babelo.xyz/posts/cross-site-subdomain-leak/</a> Playing with HTTP/2 CONNECT<a href="https://blog.flomb.net/posts/http2connect/" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">https://blog.flomb.net/posts/http2connect/</a> Next.js, cache, and chains: the stale elixir<a href="https://zhero-web-sec.github.io/research-and-things/nextjs-cache-and-chains-the-stale-elixir" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">https://zhero-web-sec.github.io/research-and-things/nextjs-cache-and-chains-the-stale-elixir</a> SOAPwn: Pwning .NET Framework Apps Through HTTP Client Proxies And WSDL<a href="https://watchtowr.com/wp-content/uploads/SOAPwnwatchtowr_soappwn-research-whitepaper_10-12-2025.pdf" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">https://watchtowr.com/wp-content/uploads/SOAPwnwatchtowr_soappwn-research-whitepaper_10-12-2025.pdf</a> Cross-Site ETag Length Leak<a href="https://blog.arkark.dev/2025/12/26/etag-length-leak" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">https://blog.arkark.dev/2025/12/26/etag-length-leak</a> Lost in Translation: Exploiting Unicode Normalization<a href="https://www.youtube.com/watch?v=ETB2w-f3pM4" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">https://www.youtube.com/watch?v=ETB2w-f3pM4</a> ORM Leaking More Than You Joined For<a href="https://www.elttam.com/blog/leaking-more-than-you-joined-for/" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">https://www.elttam.com/blog/leaking-more-than-you-joined-for/</a> Novel SSRF Technique Involving HTTP Redirect Loops<a href="https://slcyber.io/research-center/novel-ssrf-technique-involving-http-redirect-loops/" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">https://slcyber.io/research-center/novel-ssrf-technique-involving-http-redirect-loops/</a> Successful Errors: New Code Injection and SSTI Techniques<a href="https://github.com/vladko312/Research_Successful_Errors" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">https://github.com/vladko312/Research_Successful_Errors</a> ====== Timestamps ======(00:00:00) Introduction(00:02:33) Parser Differentials: When Interpretation Becomes a Vulnerability(00:11:02) XSS-Leak: Leaking Cross-Origin Redirects(00:18:25) Playing with HTTP/2 CONNECT(00:22:10) Next.js, cache, and chains: the stale elixir(00:29:15) SOAPwn: Pwning .NET Framework Apps Through HTTP Client Proxies And WSDL(00:34:27) Cross-Site ETag Length Leak(00:41:47) Lost in Translation: Exploiting Unicode Normalization(00:47:27) ORM Leaking More Than You Joined For(00:54:07) Novel SSRF Technique Involving HTTP Redirect Loops(00:58:40) Successful Errors: New Code Injection and SSTI Techniques

<description>&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Episode 163: In this episode of Critical Thinking - Bug Bounty Podcast It’s that time of year again! We’re looking at the Portswigger Research list of top 10 web hacking techniques of 2025.&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Follow us on twitter at: &lt;/span&gt;&lt;a href="https://x.com/ctbbpodcast" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;https://x.com/ctbbpodcast&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Got any ideas and suggestions? Feel free to send us any feedback here: &lt;/span&gt;&lt;a href="mailto:info@criticalthinkingpodcast.io" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;info@criticalthinkingpodcast.io&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Shoutout to&lt;/span&gt;&lt;a href="https://twitter.com/realytcracker" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt; YTCracker&lt;/a&gt;&lt;span style="background-color: transparent;"&gt; for the awesome intro music!&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;====== Links ======&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Follow your hosts Rhynorater, rez0 and gr3pme on X:&amp;nbsp;&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;a href="https://x.com/Rhynorater" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;https://x.com/Rhynorater&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;a href="https://x.com/rez0__" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;https://x.com/rez0__&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;a href="https://x.com/gr3pme" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;https://x.com/gr3pme&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Critical Research Lab:&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;a href="https://lab.ctbb.show/" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;https://lab.ctbb.show/&lt;/a&gt;&lt;span style="background-color: transparent;"&gt;&amp;nbsp;&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;====== Ways to Support CTBBPodcast ======&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Hop on the CTBB Discord at &lt;/span&gt;&lt;a href="https://ctbb.show/discord" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;https://ctbb.show/discord&lt;/a&gt;&lt;span style="background-color: transparent;"&gt;!&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;You can also find some hacker swag at &lt;/span&gt;&lt;a href="https://ctbb.show/merch" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;https://ctbb.show/merch&lt;/a&gt;&lt;span style="background-color: transparent;"&gt;!&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;====== Resources ======&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Parser Differentials: When Interpretation Becomes a Vulnerability&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;a href="https://www.youtube.com/watch?v=Dq_KVLXzxH8" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;https://www.youtube.com/watch?v=Dq_KVLXzxH8&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;XSS-Leak: Leaking Cross-Origin Redirects&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;a href="https://blog.babelo.xyz/posts/cross-site-subdomain-leak/" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;https://blog.babelo.xyz/posts/cross-site-subdomain-leak/&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Playing with HTTP/2 CONNECT&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;a href="https://blog.flomb.net/posts/http2connect/" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;https://blog.flomb.net/posts/http2connect/&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Next.js, cache, and chains: the stale elixir&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;a href="https://zhero-web-sec.github.io/research-and-things/nextjs-cache-and-chains-the-stale-elixir" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;https://zhero-web-sec.github.io/research-and-things/nextjs-cache-and-chains-the-stale-elixir&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;SOAPwn: Pwning .NET Framework Apps Through HTTP Client Proxies And WSDL&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;a href="https://watchtowr.com/wp-content/uploads/SOAPwnwatchtowr_soappwn-research-whitepaper_10-12-2025.pdf" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;https://watchtowr.com/wp-content/uploads/SOAPwnwatchtowr_soappwn-research-whitepaper_10-12-2025.pdf&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Cross-Site ETag Length Leak&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;a href="https://blog.arkark.dev/2025/12/26/etag-length-leak" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;https://blog.arkark.dev/2025/12/26/etag-length-leak&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Lost in Translation: Exploiting Unicode Normalization&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;a href="https://www.youtube.com/watch?v=ETB2w-f3pM4" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;https://www.youtube.com/watch?v=ETB2w-f3pM4&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;ORM Leaking More Than You Joined For&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;a href="https://www.elttam.com/blog/leaking-more-than-you-joined-for/" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;https://www.elttam.com/blog/leaking-more-than-you-joined-for/&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Novel SSRF Technique Involving HTTP Redirect Loops&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;a href="https://slcyber.io/research-center/novel-ssrf-technique-involving-http-redirect-loops/" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;https://slcyber.io/research-center/novel-ssrf-technique-involving-http-redirect-loops/&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Successful Errors: New Code Injection and SSTI Techniques&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;a href="https://github.com/vladko312/Research_Successful_Errors" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;https://github.com/vladko312/Research_Successful_Errors&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;====== Timestamps ======&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;(00:00:00) Introduction&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;(00:02:33) Parser Differentials: When Interpretation Becomes a Vulnerability&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;(00:11:02) XSS-Leak: Leaking Cross-Origin Redirects&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;(00:18:25) Playing with HTTP/2 CONNECT&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;(00:22:10) Next.js, cache, and chains: the stale elixir&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;(00:29:15) SOAPwn: Pwning .NET Framework Apps Through HTTP Client Proxies And WSDL&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;(00:34:27) Cross-Site ETag Length Leak&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;(00:41:47) Lost in Translation: Exploiting Unicode Normalization&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;(00:47:27) ORM Leaking More Than You Joined For&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;(00:54:07) Novel SSRF Technique Involving HTTP Redirect Loops&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;(00:58:40) Successful Errors: New Code Injection and SSTI Techniques&lt;/span&gt;&lt;/p&gt;</description>

Episode 163: In this episode of Critical Thinking - Bug Bounty Podcast It’s that time of year again! We’re looking at the Portswigger Research list of top 10 web hacking techniques of 2025.Follow us on twitter at: https://x.com/ctbbpodcastGot any i...

Episode 163: Best Technical Takeaways from Portswigger Top 10 2025

Episode 162: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph sit down with HackerOne Founder &amp; CTO Alex Rice to discuss concerns of Using Hacker Data for AI and decreasing bounties. Follow us on twitter at: <a href="https://x.com/ctbbpodcast" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">https://x.com/ctbbpodcast</a>Got any ideas and suggestions? Feel free to send us any feedback here: <a href="mailto:info@criticalthinkingpodcast.io" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">info@criticalthinkingpodcast.io</a>Shoutout to<a href="https://twitter.com/realytcracker" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"> YTCracker</a> for the awesome intro music! ====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X:&nbsp;<a href="https://x.com/Rhynorater" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">https://x.com/Rhynorater</a><a href="https://x.com/rez0__" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">https://x.com/rez0__</a><a href="https://x.com/gr3pme" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">https://x.com/gr3pme</a> Critical Research Lab:<a href="https://lab.ctbb.show/" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">https://lab.ctbb.show/</a>&nbsp; ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at <a href="https://ctbb.show/discord" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">https://ctbb.show/discord</a>! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at <a href="https://ctbb.show/merch" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">https://ctbb.show/merch</a>! Today's Sponsor: Join Justin at Zero Trust World in March and get $200 off registration with Code ZTWCTBB26<a href="https://ztw.com/" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">https://ztw.com/</a> Today’s Guest: <a href="https://x.com/senorarroz" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">https://x.com/senorarroz</a> ====== This Week in Bug Bounty ====== XML external entity: The ultimate Bug Bounty guide to exploiting XXE vulnerabilities<a href="https://www.yeswehack.com/learn-bug-bounty/xml-external-entity-guide-xxe?utm_source=Critical_Thinking&amp;utm_medium=Youtube&amp;utm_campaign=XXE_Critical_Thinking&amp;utm_id=XXE_CT" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">https://www.yeswehack.com/learn-bug-bounty/xml-external-entity-guide-xxe?utm_source=Critical_Thinking&amp;utm_medium=Youtube&amp;utm_campaign=XXE_Critical_Thinking&amp;utm_id=XXE_CT</a> Bug Bounty Maturity Framework<a href="https://bugbountymaturity.com/" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">https://bugbountymaturity.com/</a> ====== Resources ======Confidential Information and Confidentiality Obligations<a href="https://www.hackerone.com/terms/general#:~:text=HackerOne%20may%20use%20Confidential%20Information%20to%20develop%20and/or%20improve%20its%20Services%20(for%20example%2C%20to%20identify%20trends%2C%20and%20to%20train%20AI%20models)%20provided%20such%20use%20does%20not%20result%20in%20disclosure%20of%20Confidential%20Information%20to%20unauthorized%20third%20parties" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">https://www.hackerone.com/terms/general#:~:text=HackerOne%20may%20use%20Confidential%20Information%20to%20develop%20and/or%20improve%20its%20Services%20(for%20example%2C%20to%20identify%20trends%2C%20and%20to%20train%20AI%20models)%20provided%20such%20use%20does%20not%20result%20in%20disclosure%20of%20Confidential%20Information%20to%20unauthorized%20third%20parties</a> Ownership and Licenses<a href="https://www.hackerone.com/terms/community#:~:text=8.%20Ownership%20and%20Licenses" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">https://www.hackerone.com/terms/community#:~:text=8.%20Ownership%20and%20Licenses</a> I argued with an AI regarding HackerOne using Hacker reports to train PtaaS<a href="https://bugbounty.forum/post/183ff0fc-eb9e-47f8-991d-c0aa5b0bba71" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">https://bugbounty.forum/post/183ff0fc-eb9e-47f8-991d-c0aa5b0bba71</a> HackerOne PTaaS (likely training their AI on private reports data)<a href="https://www.reddit.com/r/bugbounty/comments/1r5hixk/hackerone_ptaas_likely_training_their_ai_on/" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">https://www.reddit.com/r/bugbounty/comments/1r5hixk/hackerone_ptaas_likely_training_their_ai_on/</a> What Makes Agentic PTaaS Different in Real Environments<a href="https://www.hackerone.com/blog/agentic-penetration-testing-as-a-service#:~:text=Our%20agents%20are,real%20enterprise%20constraints" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">https://www.hackerone.com/blog/agentic-penetration-testing-as-a-service#:~:text=Our%20agents%20are,real%20enterprise%20constraints</a> ====== Timestamps ======(00:00:00) Introduction(00:08:44) HackerOne AI Terms of Service&nbsp;(00:24:56) Agentic PTaaS(00:38:09) Selling data(00:43:49) Decrease in Bounties

<description>&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Episode 162: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph sit down with HackerOne &lt;/span&gt;Founder &amp;amp; CTO Alex Rice to discuss concerns of Using Hacker Data for AI and decreasing bounties.&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Follow us on twitter at: &lt;/span&gt;&lt;a href="https://x.com/ctbbpodcast" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;https://x.com/ctbbpodcast&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Got any ideas and suggestions? Feel free to send us any feedback here: &lt;/span&gt;&lt;a href="mailto:info@criticalthinkingpodcast.io" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;info@criticalthinkingpodcast.io&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Shoutout to&lt;/span&gt;&lt;a href="https://twitter.com/realytcracker" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt; YTCracker&lt;/a&gt;&lt;span style="background-color: transparent;"&gt; for the awesome intro music!&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;====== Links ======&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Follow your hosts Rhynorater, rez0 and gr3pme on X:&amp;nbsp;&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;a href="https://x.com/Rhynorater" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;https://x.com/Rhynorater&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;a href="https://x.com/rez0__" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;https://x.com/rez0__&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;a href="https://x.com/gr3pme" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;https://x.com/gr3pme&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Critical Research Lab:&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;a href="https://lab.ctbb.show/" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;https://lab.ctbb.show/&lt;/a&gt;&lt;span style="background-color: transparent;"&gt;&amp;nbsp;&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;====== Ways to Support CTBBPodcast ======&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Hop on the CTBB Discord at &lt;/span&gt;&lt;a href="https://ctbb.show/discord" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;https://ctbb.show/discord&lt;/a&gt;&lt;span style="background-color: transparent;"&gt;!&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;You can also find some hacker swag at &lt;/span&gt;&lt;a href="https://ctbb.show/merch" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;https://ctbb.show/merch&lt;/a&gt;&lt;span style="background-color: transparent;"&gt;!&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Today's Sponsor: Join Justin at Zero Trust World in March and get $200 off registration with Code &lt;/span&gt;&lt;strong style="background-color: transparent;"&gt;ZTWCTBB26&lt;/strong&gt;&lt;/p&gt;&lt;p&gt;&lt;a href="https://ztw.com/" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;https://ztw.com/&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Today’s Guest: &lt;/span&gt;&lt;a href="https://x.com/senorarroz" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;https://x.com/senorarroz&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;====== This Week in Bug Bounty ======&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;XML external entity: The ultimate Bug Bounty guide to exploiting XXE vulnerabilities&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;a href="https://www.yeswehack.com/learn-bug-bounty/xml-external-entity-guide-xxe?utm_source=Critical_Thinking&amp;amp;utm_medium=Youtube&amp;amp;utm_campaign=XXE_Critical_Thinking&amp;amp;utm_id=XXE_CT" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;https://www.yeswehack.com/learn-bug-bounty/xml-external-entity-guide-xxe?utm_source=Critical_Thinking&amp;amp;utm_medium=Youtube&amp;amp;utm_campaign=XXE_Critical_Thinking&amp;amp;utm_id=XXE_CT&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Bug Bounty Maturity Framework&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;a href="https://bugbountymaturity.com/" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;https://bugbountymaturity.com/&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;====== Resources ======&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Confidential Information and Confidentiality Obligations&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;a href="https://www.hackerone.com/terms/general#:~:text=HackerOne%20may%20use%20Confidential%20Information%20to%20develop%20and/or%20improve%20its%20Services%20(for%20example%2C%20to%20identify%20trends%2C%20and%20to%20train%20AI%20models)%20provided%20such%20use%20does%20not%20result%20in%20disclosure%20of%20Confidential%20Information%20to%20unauthorized%20third%20parties" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;https://www.hackerone.com/terms/general#:~:text=HackerOne%20may%20use%20Confidential%20Information%20to%20develop%20and/or%20improve%20its%20Services%20(for%20example%2C%20to%20identify%20trends%2C%20and%20to%20train%20AI%20models)%20provided%20such%20use%20does%20not%20result%20in%20disclosure%20of%20Confidential%20Information%20to%20unauthorized%20third%20parties&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Ownership and Licenses&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;a href="https://www.hackerone.com/terms/community#:~:text=8.%20Ownership%20and%20Licenses" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;https://www.hackerone.com/terms/community#:~:text=8.%20Ownership%20and%20Licenses&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;I argued with an AI regarding HackerOne using Hacker reports to train PtaaS&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;a href="https://bugbounty.forum/post/183ff0fc-eb9e-47f8-991d-c0aa5b0bba71" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;https://bugbounty.forum/post/183ff0fc-eb9e-47f8-991d-c0aa5b0bba71&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;HackerOne PTaaS (likely training their AI on private reports data)&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;a href="https://www.reddit.com/r/bugbounty/comments/1r5hixk/hackerone_ptaas_likely_training_their_ai_on/" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;https://www.reddit.com/r/bugbounty/comments/1r5hixk/hackerone_ptaas_likely_training_their_ai_on/&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;What Makes Agentic PTaaS Different in Real Environments&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;a href="https://www.hackerone.com/blog/agentic-penetration-testing-as-a-service#:~:text=Our%20agents%20are,real%20enterprise%20constraints" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;https://www.hackerone.com/blog/agentic-penetration-testing-as-a-service#:~:text=Our%20agents%20are,real%20enterprise%20constraints&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;====== Timestamps ======&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;(00:00:00) Introduction&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;(00:08:44) HackerOne AI Terms of Service&amp;nbsp;&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;(00:24:56) Agentic PTaaS&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;(00:38:09) Selling data&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;(00:43:49) Decrease in Bounties&lt;/span&gt;&lt;/p&gt;</description>

Episode 162: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph sit down with HackerOne Founder & CTO Alex Rice to discuss concerns of Using Hacker Data for AI and decreasing bounties.Follow us on twitter at: https://x.com/...

Episode 162: HackerOne Training AI on Bug Bounty Data?

Episode 161: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gives us some quick hits regarding CSRF and Cross Consumer Attacks, and also touches on some breaking questions surrounding HackerOne Follow us on twitter at: <a href="https://x.com/ctbbpodcast" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">https://x.com/ctbbpodcast</a>Got any ideas and suggestions? Feel free to send us any feedback here: <a href="mailto:info@criticalthinkingpodcast.io" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">info@criticalthinkingpodcast.io</a>Shoutout to<a href="https://twitter.com/realytcracker" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"> YTCracker</a> for the awesome intro music! ====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X:&nbsp;<a href="https://x.com/Rhynorater" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">https://x.com/Rhynorater</a><a href="https://x.com/rez0__" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">https://x.com/rez0__</a><a href="https://x.com/gr3pme" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">https://x.com/gr3pme</a> Critical Research Lab:<a href="https://lab.ctbb.show/" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">https://lab.ctbb.show/</a>&nbsp; ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at <a href="https://ctbb.show/discord" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">https://ctbb.show/discord</a>! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at <a href="https://ctbb.show/merch" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">https://ctbb.show/merch</a>! Today's Sponsor: Join Justin at Zero Trust World in March and get $200 off registration with Code ZTWCTBB26<a href="https://ztw.com/" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">https://ztw.com/</a> ====== This Week in Bug Bounty ====== AS Watson<a href="https://app.intigriti.com/programs/aswatson/watsons/detail" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">https://app.intigriti.com/programs/aswatson/watsons/detail</a> YesWeHack 2026 Report<a href="https://choose.yeswehack.com/bug-bounty-report-2026-trends-and-key-insights-yeswehack?utm_source=youtube&amp;utm_medium=sponsor-critical-thinking&amp;utm_campaign=yeswehack-report-2026" target="_blank" style="color: rgb(0, 120, 212);">https://choose.yeswehack.com/bug-bounty-report-2026-trends-and-key-insights-yeswehack?utm_source=youtube&amp;utm_medium=sponsor-critical-thinking&amp;utm_campaign=yeswehack-report-2026</a>&nbsp; ====== Resources ====== PhoneLeak: Data Exfiltration in Gemini via Phone Call<a href="https://blog.starstrike.ai/posts/phoneleak-data-exfiltration-in-gemini-via-phone-call/" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">https://blog.starstrike.ai/posts/phoneleak-data-exfiltration-in-gemini-via-phone-call/</a> Max's Tweet about decreasing bounties<a href="https://x.com/0xw2w/status/2020788164378427483" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">https://x.com/0xw2w/status/2020788164378427483</a> HackerOne General Terms and Conditions<a href="https://www.hackerone.com/terms/general" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">https://www.hackerone.com/terms/general</a> Research Review #-2: RCE in Google's AI code editor Antigravity (sudi)<a href="https://www.youtube.com/watch?v=JqvJSF2UMyY" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">https://www.youtube.com/watch?v=JqvJSF2UMyY</a> ====== Timestamps ======(00:00:00) Introduction(00:03:26) YesWeHack 2026 Report(00:09:12) CSRF Realizations &amp; Data Exfiltration in Gemini via Phone Call(00:14:38) 7urb0's Youtube, HackerOne decreasing bounties and Section&nbsp; &nbsp; 3.1 controversy.(00:19:06) Cross Consumer Attacks

<description>&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Episode 161: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gives us some quick hits regarding CSRF and Cross Consumer Attacks, and also touches on some breaking questions surrounding HackerOne&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Follow us on twitter at: &lt;/span&gt;&lt;a href="https://x.com/ctbbpodcast" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;https://x.com/ctbbpodcast&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Got any ideas and suggestions? Feel free to send us any feedback here: &lt;/span&gt;&lt;a href="mailto:info@criticalthinkingpodcast.io" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;info@criticalthinkingpodcast.io&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Shoutout to&lt;/span&gt;&lt;a href="https://twitter.com/realytcracker" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt; YTCracker&lt;/a&gt;&lt;span style="background-color: transparent;"&gt; for the awesome intro music!&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;====== Links ======&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Follow your hosts Rhynorater, rez0 and gr3pme on X:&amp;nbsp;&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;a href="https://x.com/Rhynorater" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;https://x.com/Rhynorater&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;a href="https://x.com/rez0__" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;https://x.com/rez0__&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;a href="https://x.com/gr3pme" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;https://x.com/gr3pme&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Critical Research Lab:&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;a href="https://lab.ctbb.show/" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;https://lab.ctbb.show/&lt;/a&gt;&lt;span style="background-color: transparent;"&gt;&amp;nbsp;&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;====== Ways to Support CTBBPodcast ======&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Hop on the CTBB Discord at &lt;/span&gt;&lt;a href="https://ctbb.show/discord" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;https://ctbb.show/discord&lt;/a&gt;&lt;span style="background-color: transparent;"&gt;!&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;You can also find some hacker swag at &lt;/span&gt;&lt;a href="https://ctbb.show/merch" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;https://ctbb.show/merch&lt;/a&gt;&lt;span style="background-color: transparent;"&gt;!&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Today's Sponsor: Join Justin at Zero Trust World in March and get $200 off registration with Code &lt;/span&gt;&lt;strong style="background-color: transparent;"&gt;ZTWCTBB26&lt;/strong&gt;&lt;/p&gt;&lt;p&gt;&lt;a href="https://ztw.com/" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;https://ztw.com/&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;====== This Week in Bug Bounty ======&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;AS Watson&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;a href="https://app.intigriti.com/programs/aswatson/watsons/detail" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;https://app.intigriti.com/programs/aswatson/watsons/detail&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;YesWeHack 2026 Report&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;a href="https://choose.yeswehack.com/bug-bounty-report-2026-trends-and-key-insights-yeswehack?utm_source=youtube&amp;amp;utm_medium=sponsor-critical-thinking&amp;amp;utm_campaign=yeswehack-report-2026" target="_blank" style="color: rgb(0, 120, 212);"&gt;https://choose.yeswehack.com/bug-bounty-report-2026-trends-and-key-insights-yeswehack?utm_source=youtube&amp;amp;utm_medium=sponsor-critical-thinking&amp;amp;utm_campaign=yeswehack-report-2026&lt;/a&gt;&lt;span style="color: rgb(0, 120, 212);"&gt;&amp;nbsp;&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;====== Resources ======&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;PhoneLeak: Data Exfiltration in Gemini via Phone Call&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;a href="https://blog.starstrike.ai/posts/phoneleak-data-exfiltration-in-gemini-via-phone-call/" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;https://blog.starstrike.ai/posts/phoneleak-data-exfiltration-in-gemini-via-phone-call/&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Max's Tweet about decreasing bounties&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;a href="https://x.com/0xw2w/status/2020788164378427483" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;https://x.com/0xw2w/status/2020788164378427483&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;HackerOne General Terms and Conditions&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;a href="https://www.hackerone.com/terms/general" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;https://www.hackerone.com/terms/general&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Research Review #-2: RCE in Google's AI code editor Antigravity (sudi)&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;a href="https://www.youtube.com/watch?v=JqvJSF2UMyY" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;https://www.youtube.com/watch?v=JqvJSF2UMyY&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;====== Timestamps ======&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;(00:00:00) Introduction&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;(00:03:26) YesWeHack 2026 Report&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;(00:09:12) CSRF Realizations &amp;amp; Data Exfiltration in Gemini via Phone Call&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;(00:14:38) 7urb0's Youtube, HackerOne decreasing bounties and Section&amp;nbsp; &amp;nbsp; 3.1 controversy.&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;(00:19:06) Cross Consumer Attacks&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;</description>

Episode 161: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gives us some quick hits regarding CSRF and Cross Consumer Attacks, and also touches on some breaking questions surrounding HackerOneFollow us on twitter at: https://x.co...

Episode 161: Cross-Consumer Attacks & DTMF Tone Exfil

Episode 160: In this episode of Critical Thinking - Bug Bounty Podcast Joseph and Brandyn. Chat through some news, Including a Cloudflare Zero-day, Turning List-Unsubscribe into an SSRF/XSS Gadget, &amp; Magic String Denial of Service in Claude. Follow us on twitter at: <a href="https://x.com/ctbbpodcast" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">https://x.com/ctbbpodcast</a>Got any ideas and suggestions? Feel free to send us any feedback here: <a href="mailto:info@criticalthinkingpodcast.io" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">info@criticalthinkingpodcast.io</a>Shoutout to<a href="https://twitter.com/realytcracker" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"> YTCracker</a> for the awesome intro music! ====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X:&nbsp;<a href="https://x.com/Rhynorater" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">https://x.com/Rhynorater</a><a href="https://x.com/rez0__" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">https://x.com/rez0__</a><a href="https://x.com/gr3pme" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">https://x.com/gr3pme</a> Critical Research Lab:<a href="https://lab.ctbb.show/" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">https://lab.ctbb.show/</a>&nbsp; ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at <a href="https://ctbb.show/discord" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">https://ctbb.show/discord</a>! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at <a href="https://ctbb.show/merch" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);">https://ctbb.show/merch</a>! Today’s Sponsor: Adobe.Use code CTBB040126, and get a 10% bonus on your bounty for any AI vulnerability which is mapped to the OWASP LLM top 10.Valid on Adobe Acrobat Web - AI Assistant / PDF Spaces / Content Creation and presentation features using ExpressAdobe Express AI Assistant.&nbsp;Valid through April 1st, 2026 Also we have a Google Cloud VRP Swag Bonus! Mention the podcast in any rewarded (cash or credit) VRP report submission before the end of April to receive bonus swag! ====== Resources ======Cloudflare Zero-dayhttps://fearsoff.org/research/cloudflare-acme Turning List-Unsubscribe into an SSRF/XSS Gadgethttps://security.lauritz-holtmann.de/post/xss-ssrf-list-unsubscribe/ Breaking Multi-Tenant Isolation in Heroku Postgreshttps://allistair.sh/blog/breaking-heroku-postgres/ Parse and Parse: MIME Validation Bypass to XSS via Parser Differentialhttps://lab.ctbb.show/research/parse-and-parse-mime-validation-bypass-to-xss-via-parser-differential Claude Magic String Denial of Servicehttps://x.com/Frichette_n/status/2013988503336415522 From WebView to Remote Code Injectionhttps://djini.ai/from-webview-to-remote-code-injection/ DOM XSS Is Not Dead: The Rise of Polyglot Payloadshttps://blogs.jsmon.sh/dom-xss-is-not-dead-the-rise-of-polyglot-payloads/ ====== Timestamps ======(00:00:00) Introduction(00:06:17) Cloudflare Zero-day &amp; Turning List-Unsubscribe into an SSRF/XSS Gadget(00:16:57) Breaking Multi-Tenant Isolation in Heroku Postgres &amp; CTBB Research(00:25:46) Claude Magic String Denial of Service &amp; From WebView to Remote Code Injection

<description>&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Episode 160: In this episode of Critical Thinking - Bug Bounty Podcast Joseph and Brandyn. Chat through some news, Including a Cloudflare Zero-day, Turning List-Unsubscribe into an SSRF/XSS Gadget, &amp;amp; Magic String Denial of Service in Claude.&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Follow us on twitter at: &lt;/span&gt;&lt;a href="https://x.com/ctbbpodcast" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;https://x.com/ctbbpodcast&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Got any ideas and suggestions? Feel free to send us any feedback here: &lt;/span&gt;&lt;a href="mailto:info@criticalthinkingpodcast.io" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;info@criticalthinkingpodcast.io&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Shoutout to&lt;/span&gt;&lt;a href="https://twitter.com/realytcracker" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt; YTCracker&lt;/a&gt;&lt;span style="background-color: transparent;"&gt; for the awesome intro music!&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;====== Links ======&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Follow your hosts Rhynorater, rez0 and gr3pme on X:&amp;nbsp;&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;a href="https://x.com/Rhynorater" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;https://x.com/Rhynorater&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;a href="https://x.com/rez0__" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;https://x.com/rez0__&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;a href="https://x.com/gr3pme" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;https://x.com/gr3pme&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Critical Research Lab:&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;a href="https://lab.ctbb.show/" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;https://lab.ctbb.show/&lt;/a&gt;&lt;span style="background-color: transparent;"&gt;&amp;nbsp;&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;====== Ways to Support CTBBPodcast ======&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Hop on the CTBB Discord at &lt;/span&gt;&lt;a href="https://ctbb.show/discord" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;https://ctbb.show/discord&lt;/a&gt;&lt;span style="background-color: transparent;"&gt;!&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;You can also find some hacker swag at &lt;/span&gt;&lt;a href="https://ctbb.show/merch" target="_blank" style="background-color: transparent; color: rgb(17, 85, 204);"&gt;https://ctbb.show/merch&lt;/a&gt;&lt;span style="background-color: transparent;"&gt;!&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Today’s Sponsor: Adobe.&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Use code CTBB040126, and get a 10% bonus on your bounty for any AI vulnerability which is mapped to the OWASP LLM top 10.&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Valid on Adobe Acrobat Web - AI Assistant / PDF Spaces / Content Creation and presentation features using Express&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Adobe Express AI Assistant.&amp;nbsp;&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Valid through April 1st, 2026&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Also we have a Google Cloud VRP Swag Bonus! Mention the podcast in any rewarded (cash or credit) VRP report submission before the end of April to receive bonus swag!&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;====== Resources ======&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Cloudflare Zero-day&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;https://fearsoff.org/research/cloudflare-acme&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Turning List-Unsubscribe into an SSRF/XSS Gadget&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;https://security.lauritz-holtmann.de/post/xss-ssrf-list-unsubscribe/&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Breaking Multi-Tenant Isolation in Heroku Postgres&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;https://allistair.sh/blog/breaking-heroku-postgres/&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Parse and Parse: MIME Validation Bypass to XSS via Parser Differential&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;https://lab.ctbb.show/research/parse-and-parse-mime-validation-bypass-to-xss-via-parser-differential&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;Claude Magic String Denial of Service&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;https://x.com/Frichette_n/status/2013988503336415522&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;From WebView to Remote Code Injection&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;https://djini.ai/from-webview-to-remote-code-injection/&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;DOM XSS Is Not Dead: The Rise of Polyglot Payloads&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;https://blogs.jsmon.sh/dom-xss-is-not-dead-the-rise-of-polyglot-payloads/&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;====== Timestamps ======&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;(00:00:00) Introduction&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;(00:06:17) Cloudflare Zero-day &amp;amp; Turning List-Unsubscribe into an SSRF/XSS Gadget&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;(00:16:57) Breaking Multi-Tenant Isolation in Heroku Postgres &amp;amp; CTBB Research&lt;/span&gt;&lt;/p&gt;&lt;p&gt;&lt;span style="background-color: transparent;"&gt;(00:25:46) Claude Magic String Denial of Service &amp;amp; From WebView to Remote Code Injection&lt;/span&gt;&lt;/p&gt;</description>

Episode 160: In this episode of Critical Thinking - Bug Bounty Podcast Joseph and Brandyn. Chat through some news, Including a Cloudflare Zero-day, Turning List-Unsubscribe into an SSRF/XSS Gadget, & Magic String Denial of Service in Claude.Follow ...

Episode 160: Cloudflare Zero-days & Mail Unsubscribing for XSS

Episode 159: In this episode of Critical Thinking - Bug Bounty Podcast we sit down with the Google Cloud VRP Team to deep-dive policy and reward changes, what the panel process looks like, and how to best configure for success. <a href="https://x.com/ctbbpodcast" target="_blank">Follow us on X</a> Got any ideas and suggestions? Feel free to send us any feedback here: <a href="mailto:info@criticalthinkingpodcast.io" target="_blank">info@criticalthinkingpodcast.io</a> Shoutout to<a href="https://twitter.com/realytcracker" target="_blank"> YTCracker</a> for the awesome intro music! ====== Links ====== Follow your hosts <a href="https://x.com/Rhynorater" target="_blank">Rhynorater</a>, <a href="https://x.com/rez0__" target="_blank">rez0</a> and <a href="https://x.com/gr3pme" target="_blank">gr3pme</a> on X: ====== Ways to Support CTBBPodcast ====== Hop on the <a href="https://ctbb.show/discord" target="_blank">CTBB Discord</a> We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. Get some <a href="https://ctbb.show/merch" target="_blank">hacker swag</a> Today's Sponsor: Join Justin at Zero Trust World in March and get $200 off registration with Code ZTWCTBB26<a href="https://ztw.com/" target="_blank">https://ztw.com/</a> Google Cloud VRP Swag Bonus! Mention the podcast in any rewarded (cash or credit) VRP report submission before the end of April to receive bonus swag! Today’s Guests:<a href="https://www.linkedin.com/in/darbyhopkins/" target="_blank">Darby Hopkins</a><a href="https://www.linkedin.com/in/michaelpatrickcote/" target="_blank">Michael Cote</a> ====== This Week in Bug Bounty ======<a href="https://www.hackerone.com/blog/ai-red-teaming-explained-by-red-teamers" target="_blank">AI Red Teaming Explained by AI Red Teamers</a> <a href="https://www.hackerone.com/press-release/hackerone-sets-standard-ai-era-testing-good-faith-ai-research-safe-harbor" target="_blank">Good Faith AI Research Safe Harbor</a> <a href="https://nullcon.net/goa-2026" target="_blank">Join the Adobe LHE at NULLCON GOA</a> ====== Resources ====== <a href="https://x.com/GoogleVRP/status/2013660670076555418" target="_blank">‘Legendary Guy’ - Jakub Domeracki</a> <a href="https://bughunters.google.com/about/rules/google-friends/cloud-vulnerability-reward-program-rules#reward-amounts" target="_blank">Google Cloud VRP rewards rules</a> <a href="https://github.com/google/bughunters/blob/main/cloud-tiers/cloud-tiers.text" target="_blank">Google Cloud VRP product tiers</a> <a href="https://bughunters.google.com/blog/hardening-google-cloud-insights-from-the-latest-cloud-vrp-bugswat" target="_blank">Bug Hunters blog on the 2025 Google Cloud VRP bugSWAT</a> <a href="https://discord.com/invite/bzA9gc6Z" target="_blank">Google VRP Discord</a> <a href="https://x.com/GoogleVRP" target="_blank">Google VRP on X</a> ====== Timestamps ====== (00:00:00) Introduction(00:10:03) CloudVRP Bugswat Event Breakdown(00:16:40) VRP Policy &amp; Rewards Changes(00:04:50) Panel Process(01:00:08) Configuring for Success &amp; Avoiding Downgrades(01:33:47) Scenarios for Success

<description>&lt;p&gt;Episode 159: In this episode of Critical Thinking - Bug Bounty Podcast we sit down with the Google Cloud VRP Team to deep-dive policy and reward changes, what the panel process looks like, and how to best configure for success.&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;a href="https://x.com/ctbbpodcast" target="_blank"&gt;Follow us on X&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;Got any ideas and suggestions? Feel free to send us any feedback here: &lt;a href="mailto:info@criticalthinkingpodcast.io" target="_blank"&gt;info@criticalthinkingpodcast.io&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;Shoutout to&lt;a href="https://twitter.com/realytcracker" target="_blank"&gt; YTCracker&lt;/a&gt; for the awesome intro music!&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;====== Links ======&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;Follow your hosts &lt;a href="https://x.com/Rhynorater" target="_blank"&gt;Rhynorater&lt;/a&gt;, &lt;a href="https://x.com/rez0__" target="_blank"&gt;rez0&lt;/a&gt; and &lt;a href="https://x.com/gr3pme" target="_blank"&gt;gr3pme&lt;/a&gt; on X:&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;====== Ways to Support CTBBPodcast ======&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;Hop on the &lt;a href="https://ctbb.show/discord" target="_blank"&gt;CTBB Discord&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;Get some &lt;a href="https://ctbb.show/merch" target="_blank"&gt;hacker swag&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;Today's Sponsor: Join Justin at Zero Trust World in March and get $200 off registration with Code &lt;strong&gt;ZTWCTBB26&lt;/strong&gt;&lt;/p&gt;&lt;p&gt;&lt;a href="https://ztw.com/" target="_blank"&gt;https://ztw.com/&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;strong&gt;Google Cloud VRP Swag Bonus!&lt;/strong&gt; Mention the podcast in any rewarded (cash or credit) VRP report submission before the end of April to receive bonus swag!&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;Today’s Guests:&lt;/p&gt;&lt;p&gt;&lt;a href="https://www.linkedin.com/in/darbyhopkins/" target="_blank"&gt;Darby Hopkins&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;a href="https://www.linkedin.com/in/michaelpatrickcote/" target="_blank"&gt;Michael Cote&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;====== This Week in Bug Bounty ======&lt;/p&gt;&lt;p&gt;&lt;a href="https://www.hackerone.com/blog/ai-red-teaming-explained-by-red-teamers" target="_blank"&gt;AI Red Teaming Explained by AI Red Teamers&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;a href="https://www.hackerone.com/press-release/hackerone-sets-standard-ai-era-testing-good-faith-ai-research-safe-harbor" target="_blank"&gt;Good Faith AI Research Safe Harbor&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;a href="https://nullcon.net/goa-2026" target="_blank"&gt;Join the Adobe LHE at NULLCON GOA&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;====== Resources ======&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;a href="https://x.com/GoogleVRP/status/2013660670076555418" target="_blank"&gt;‘Legendary Guy’ - Jakub Domeracki&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;a href="https://bughunters.google.com/about/rules/google-friends/cloud-vulnerability-reward-program-rules#reward-amounts" target="_blank"&gt;Google Cloud VRP rewards rules&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;a href="https://github.com/google/bughunters/blob/main/cloud-tiers/cloud-tiers.text" target="_blank"&gt;Google Cloud VRP product tiers&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;a href="https://bughunters.google.com/blog/hardening-google-cloud-insights-from-the-latest-cloud-vrp-bugswat" target="_blank"&gt;Bug Hunters blog on the 2025 Google Cloud VRP bugSWAT&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;a href="https://discord.com/invite/bzA9gc6Z" target="_blank"&gt;Google VRP Discord&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;&lt;a href="https://x.com/GoogleVRP" target="_blank"&gt;Google VRP on X&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;====== Timestamps ======&lt;/p&gt;&lt;p&gt;&lt;br&gt;&lt;/p&gt;&lt;p&gt;(00:00:00) Introduction&lt;/p&gt;&lt;p&gt;(00:10:03) CloudVRP Bugswat Event Breakdown&lt;/p&gt;&lt;p&gt;(00:16:40) VRP Policy &amp;amp; Rewards Changes&lt;/p&gt;&lt;p&gt;(00:04:50) Panel Process&lt;/p&gt;&lt;p&gt;(01:00:08) Configuring for Success &amp;amp; Avoiding Downgrades&lt;/p&gt;&lt;p&gt;(01:33:47) Scenarios for Success&lt;/p&gt;</description>

Episode 159: In this episode of Critical Thinking - Bug Bounty Podcast we sit down with the Google Cloud VRP Team to deep-dive policy and reward changes, what the panel process looks like, and how to best configure for success.Follow us on XGot any...

Episode 159: Avoiding Downgrades on Google Cloud VRP with Cote and Darby Hopkins

A "by Hackers for Hackers" podcast focused on technical content ranging from bug bounty tips, to write-up explanations, to the latest hacking techniques.

Critical Thinking - Bug Bounty Podcast

Details

Recent Episodes