
Sign up to save your podcasts
Or


Episode 149: In this episode of Critical Thinking - Bug Bounty Podcast The DEFCON videos are up, and Justin and Joseph talk through some of their favorites.
Follow us on X
Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
====== Resources ======
Unicode surrogates conversion
Prompt. Scan. Exploit
Breaking into thousands of cloud based VPNs with 1 bug
Examining Access Control Vulnerabilities in GraphQL
Smart Bus Smart Hacking
Passkeys Pwned
Bypassing Intent Destination Checks
Gemini Agents in Google Calendar
Exploitation of DOM Clobbering Vuln at Scale
TheHulk
Smart Devices, Dumb Resets
Mac PRT Cookie Theft
====== Timestamps ======
(00:00:00) Introduction
(00:10:10) Prompt. Scan. Exploit
(00:23:52) Breaking into thousands of cloud based VPNs with 1 bug
(00:33:25) Access Control Vulns in GraphQL, Smart Bus Hacking, & Passkeys Pwned
(00:44:10) Bypassing Intent Destination Checks & Invoking Gemini Agents
(00:57:08) DOM Clobbering, Mac PRT Cookie Theft, & Smart Devices, Dumb Resets
By Justin Gardner (Rhynorater), Joseph Thacker (Rez0), & Brandyn Murtagh (gr3pme)5
5353 ratings
Episode 149: In this episode of Critical Thinking - Bug Bounty Podcast The DEFCON videos are up, and Justin and Joseph talk through some of their favorites.
Follow us on X
Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
====== Resources ======
Unicode surrogates conversion
Prompt. Scan. Exploit
Breaking into thousands of cloud based VPNs with 1 bug
Examining Access Control Vulnerabilities in GraphQL
Smart Bus Smart Hacking
Passkeys Pwned
Bypassing Intent Destination Checks
Gemini Agents in Google Calendar
Exploitation of DOM Clobbering Vuln at Scale
TheHulk
Smart Devices, Dumb Resets
Mac PRT Cookie Theft
====== Timestamps ======
(00:00:00) Introduction
(00:10:10) Prompt. Scan. Exploit
(00:23:52) Breaking into thousands of cloud based VPNs with 1 bug
(00:33:25) Access Control Vulns in GraphQL, Smart Bus Hacking, & Passkeys Pwned
(00:44:10) Bypassing Intent Destination Checks & Invoking Gemini Agents
(00:57:08) DOM Clobbering, Mac PRT Cookie Theft, & Smart Devices, Dumb Resets

43,953 Listeners

14,356 Listeners

188 Listeners

2,008 Listeners

3,718 Listeners

372 Listeners

1,025 Listeners

417 Listeners

8,091 Listeners

9,561 Listeners

11,988 Listeners

177 Listeners

2,667 Listeners

139 Listeners

16,446 Listeners