Episode 142: In this episode of Critical Thinking - Bug Bounty Podcast Rez0 and Gr3pme join forces to discuss Websocket research, Meta’s $111750 Bug, PROMISQROUTE, and the opportunities afforded by going full time in Bug Bounty.

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater and Rez0 on Twitter:

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today's Sponsor: ThreatLocker. Check out ThreatLocker DAC

Today’s Guest: https://x.com/gr3pme

====== This Week in Bug Bounty ======

New Monthly Dojo challenge and Dojo UI design

The ultimate Bug Bounty guide to exploiting race condition vulnerabilities in web applications

Watch Our boy Brandyn on the TV

====== Resources ======

murtasec

WebSocket Turbo Intruder: Unearthing the WebSocket Goldmine

Remote code execution though vulnerability in Facebook Messenger for Windows

Finding vulnerabilities in modern web apps using Claude Code and OpenAI Codex

Mind the Gap

PROMISQROUTE

====== Timestamps ======

(00:00:00) Introduction

(00:05:16) Full Time Bug Bounty and Business Startups

(00:15:50) Websockets

(00:22:17) Meta’s $111750 Bug

(00:28:38) Finding vulns using Claude Code and OpenAI Codex

(00:39:32) Time-of-Check to Time-of-Use Vulns in LLM-Enabled Agents

(00:45:22) PROMISQROUTE