Justin Gardner (Rhynorater) & Joseph Thacker (Rez0)
Episode 112: Interview with Ciarán Cotter (MonkeHack) - Critical Lab Researcher and Full-time Hunter
FEB 27, 202567 MIN
Episode 112: Interview with Ciarán Cotter (MonkeHack) - Critical Lab Researcher and Full-time Hunter
FEB 27, 202567 MIN
Description
<p>Episode 112: In this episode of Critical Thinking - Bug Bounty Podcast Joseph Thacker is joined by Ciarán Cotter (Monke) to share his bug hunting journey and give us the rundown on some recent client-side and server-side bugs. Then they discuss WebSockets, SaaS security, and cover some AI news including Grok 3, Nuclei -AI Flag, and some articles by Johann Rehberger.</p><p>Follow us on twitter at: <a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/ctbbpodcast">https://x.com/ctbbpodcast</a></p><p>Got any ideas and suggestions? Feel free to send us any feedback here: <a target="_blank" rel="noopener noreferrer nofollow" href="mailto:info@criticalthinkingpodcast.io">info@criticalthinkingpodcast.io</a></p><p>Shoutout to<a target="_blank" rel="noopener noreferrer nofollow" href="https://twitter.com/realytcracker"> YTCracker</a> for the awesome intro music!</p><p><strong>====== Links ======</strong></p><p>Follow your hosts Rhynorater and Rez0 on Twitter:</p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/Rhynorater"><strong>https://x.com/Rhynorater</strong></a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/rez0__"><strong>https://x.com/rez0__</strong></a></p><p><strong>====== Ways to Support CTBBPodcast ======</strong></p><p>Hop on the CTBB Discord at <a target="_blank" rel="noopener noreferrer nofollow" href="https://ctbb.show/discord">https://ctbb.show/discord</a>!</p><p>We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.</p><p>You can also find some hacker swag at <a target="_blank" rel="noopener noreferrer nofollow" href="https://ctbb.show/merch">https://ctbb.show/merch</a>!</p><p>Today’s Guest - Ciarán Cotter</p><ul><li><a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/monkehack">https://x.com/monkehack</a></li></ul><p><strong>====== Resources ======</strong></p><p>Msty</p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://msty.app/">https://msty.app/</a></p><p>From Day Zero to Zero Day</p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://nostarch.com/zero-day">https://nostarch.com/zero-day</a></p><p>Nuclei - ai flag</p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/pdiscoveryio/status/1890082913900982763">https://x.com/pdiscoveryio/status/1890082913900982763</a></p><p>ChatGPT Operator: Prompt Injection Exploits & Defenses</p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://embracethered.com/blog/posts/2025/chatgpt-operator-prompt-injection-exploits/">https://embracethered.com/blog/posts/2025/chatgpt-operator-prompt-injection-exploits/</a></p><p>Hacking Gemini's Memory with Prompt Injection and Delayed Tool Invocation</p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://embracethered.com/blog/posts/2025/gemini-memory-persistence-prompt-injection/">https://embracethered.com/blog/posts/2025/gemini-memory-persistence-prompt-injection/</a></p><p><strong>====== Timestamps ======</strong></p><p>(00:00:00) Introduction</p><p>(00:01:04) Bug Rundowns</p><p>(00:13:05) Monke's Bug Bounty Background</p><p>(00:20:03) Websocket Research</p><p>(00:34:01) Connecting Hackers with Companies</p><p>(00:34:56) Grok 3, Msty, From Day Zero to Zero Day</p><p>(00:42:58) Full time Bug Bounty, SaaS security, and Threat Modeling while AFK</p><p>(00:54:49) Nuclei - ai flag, ChatGPT Operator, and Hacking Gemini's Memory</p>
Sign In
Sign In