Podcasts about bug bounties

Episode 133: In this episode of Critical Thinking - Bug Bounty Podcast we're joined by Harley and Ari from H1 to talk some about community management roles within Bug Bounty, as well as discuss the evolution of Bug Bounty Village at DEFCON, and what they've got in store this year.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Guests:x.com/infiniteloginshttps://x.com/Arl_roseToday's Sponsor is Adobe. Use code CTBBP0907 in your first report on Adobe Behance, Portfolio, Fonts or Acrobat Web, and earn a one-time 10% bonus reward!====== This Week in Bug Bounty ======BBV Platform Panel about TriageYesWeHACK Makes Debut at Black Hat USA 2025New Dojo challenge featuring a time-based token prediction combined PyYAML deserializationGMSGadget====== Resources ======Bug Bounty VillageSign up for the Disclosed NewsletterDisclosed OnlineHarley's Youtube Channel====== Timestamps ======(00:00:00) Introduction(00:05:51) Bug Stories and Hacking Journeys(00:32:37) Community Management within Bug Bounty(00:39:43) Bug Bounty Village - Origin & 2025 Plans(01:02:39) Disclosed Online and Harley's Upcoming Ebook

Tommy DeVoss—aka "dawgyg"—is back for round two, and it's even wilder. A former black hat who faced prison four times, Tommy turned his life around and became a legend in the bug bounty world. From max-sec prison cells to flexing a championship belt on stage at HackerOne Live, his story is pure hacker folklore. In this episode, he shares how bug bounties bought him mini donkeys, why he still hunts old-school (no tools, no scripts), and how federal judges, rogue AIs, and childhood IRC wars shaped his chaotic path. Expect redemption arcs, sketchy bets, and a surprise detour into Icelandic youth basketball.

Episode 131: In this episode of Critical Thinking - Bug Bounty Podcast we're covering Christmas in July with several banger articles from Searchlight Cyber, as well as covering things like Raycast for Windows, Third-Person prompting, and touch on the recent McDonalds LeakFollow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor is Adobe. Use code CTBBP0907 in your first report on Adobe Behance, Portfolio, Fonts or Acrobat Web, and earn a one-time 10% bonus reward!====== Resources ======v1 Instance Metadata Service protections bypassWould you like an IDOR with that? Leaking 64 million McDonald's job applicationsHow we got persistent XSS on every AEM cloud site, thriceGoogle docs now supports export as markdownAbusing Windows, .NET quirks, and Unicode Normalization to exploit DNN (DotNetNuke)How I Scanned all of GitHub's “Oops Commits” for Leaked SecretsBug bounty, feedback, strategy and alchemy====== Timestamps ======(00:00:00) Introduction(00:05:39) Metadata Service protections bypass & Mcdonalds Leak(00:12:30) Christmas in July with Searchlight Cyber Pt 1(00:19:43) Export as Markdown, Raycast for Windows, & Third-Person prompting(00:23:56) Christmas in July with Searchlight Cyber Pt 2(00:27:39) GitHub's “Oops Commits” for Leaked Secrets(00:36:53) Bug bounty, feedback, strategy and alchemy

En este episodio, nos sumergimos en el mundo de la seguridad de aplicaciones y los programas de Bug Bounty. Gabriel Tendler, Manager de App Security en Mercado Libre, comparte las claves de su experiencia en Bug Bounty, destacando la evolución del triage de reportes y la importancia de la transparencia en el alcance.

Seth and Ken are _back_ to talk through some recent experiences and news across the industry. To start the episode, Seth highlights the edge cases uncovered during manual code review that require context to understand and identify. Inspired by recent a recent post on AI Slop in the curl bug bounty program, the duo addresses the increase of slop across bug bounty reports and why it happens. Finally, a discussion on McDonald's recent authorization flaw that potentially exposed millions of job applicant's data.

Episode 129: In this episode of Critical Thinking - Bug Bounty Podcast we chat about the future of hack bots and human-AI collaboration, the challenges posed by tokenization, and the need for cybersecurity professionals to adapt to the evolving landscape of hacking in the age of AIFollow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!====== This Week in Bug Bounty ======Improper error handling in async cryptographic operations crashes processhttps://hackerone.com/reports/2817648Recon Series #6: Excavating hidden artifacts with Wayback Machinehttps://www.yeswehack.com/learn-bug-bounty/recon-wayback-machine-web-archive====== Resources ======This is How They Tell Me Bug Bounty Ends https://josephthacker.com/hacking/2025/06/09/this-is-how-they-tell-me-bug-bounty-ends.htmlWelcome, Hackbots: How AI Is Shaping the Future of Vulnerability Discoveryhttps://www.hackerone.com/blog/welcome-hackbots-how-ai-shaping-future-vulnerability-discoveryGlitch Tokenhttps://www.youtube.com/watch?v=WO2X3oZEJOAConducting smarter intelligences than me: new orchestrashttps://southbridge-research.notion.site/conducting-smarter-intelligences-than-me====== Timestamps ======(00:00:00) Introduction(00:04:05) Is this how Bug Bounty Ends?(00:11:14) Hackbots and handling leads(00:20:50) Hacker chain of thought & Tokenization(00:32:54) Context Engineering

In this podcast, my guest is Arthur Aires, part-time bug bounty hunter and cybersecurity pro from Brazil. He has an amazing approach that combines manual hacking with using a lot of tools for recon and fuzzing.Some links mentioned in the video: https://github.com/pwntester/SerialKillerBypassGadgetCollection https://book.hacktricks.wiki/en/index.html https://portswigger.net/bappstore/e4e0f6c4f0274754917dcb5f4937bb9e https://portswigger.net/bappstore/594a49bb233748f2bc80a9eb18a2e08f https://portswigger.net/bappstore/0e61c786db0c4ac787a08c4516d52ccf https://github.com/PortSwigger/403-bypasser https://github.com/projectdiscovery/nuclei https://github.com/SeifElsallamy/Blind-XSS-Manager/tree/main https://github.com/trufflesecurity/xsshunter https://infosecwriteups.com/easy-xsshunter-discord-alerts-33fcff24a8f7 https://github.com/elkokc/reflector https://portswigger.net/burp/documentation/desktop/tools/dom-invader https://urlscan.io/Timestamps:00:00 Intro01:30 Balancing part-time bug bounty with full-time job02:56 Mixing manual bug bounty hunting with automation22:04 The most useful Burp extensions33:25 Fuzzing in bug bounty46:34 Live Hacking Events

Episode 124: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph cover some news from around the community, hitting on Joseph's Anthropic safety testing, Justin's guest appearance on For Crying Out Cloud, and several fascinating tweets. Then they have a quick Full-time Bug Bounty check-in.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor - ThreatLocker Web Controlhttps://www.criticalthinkingpodcast.io/tl-webcontrol====== This Week in Bug Bounty ======Louis Vuitton Public Bug Bounty ProgramCVE-2025-47934 was discovered on one of our Bug Bounty program : OpenPGP.jsStored XSS in File Upload Leads to Privilege Escalation and Full Workspace Takeover====== Resources ======Jorian tweetClipjacking: Hacked by copying text - Clickjacking but betterCrying out Cloud AppearanceWiz Research takes 1st place in Pwn2Own AI categoryNew XSS vector with image tag====== Timestamps ======(00:00:00) Introduction(00:10:50) Supabase(00:13:47) Tweet-research from Jorian and Wyatt Walls.(00:20:24) Anthropic safety testing challenge & Wiz Podcast guest appearance(00:27:44) New XSS vector, Google i/o, and coding agents(00:35:48) Full Time Bug Bounty

Daniel Stenberg, the maintainer of Curl, discusses the increase in AI security reports that are wasting the time of maintainers. We discuss Curl's new policy of banning the bad actors while establishing some pretty sane AI usage guidelines. We chat about how this low-effort, high-impact abuse pattern is a denial-of-service attack on the curl project (and other open source projects too). The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-05-curl_vs_ai_with_daniel_stenberg/

Sponsor by ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠SEC Playground⁠⁠

Interview with Jasmin “JR0ch17” Landry, a former triager and security manager, now a full-time bug bounty hunter. We discuss bug bounty strategy, mindset, and finding high and critical vulnerabilities.

Forecast = Expect scattered AI layoffs, a flurry of bogus bug bounties, and a persistent workforce drought-so keep your firewalls up and your résumés handy! ‍ On this episode of GreyNoise Storm⚡️Watch, we kick things off with our usual round of introductions before diving into the latest cyber weather and threat landscape. If you're new here, Storm⚡️Watch is where we break down what's moving the needle in cybersecurity, spotlighting the people, tools, and trends shaping the field. For today's poll, we're feeling nostalgic and asking: What do you miss most from the Slow Internet days? Whether it's the wild west of Myspace, the quirky chaos of Fark, the creative playground of Wattpad, or the endless flash animations on Albino Blacksheep, we want to know what old-school internet experience you'd revive if you could. We're also talking about the pitfalls of AI in bug bounty programs. The open-source project curl has had enough of users flooding them with AI-generated “slop” vulnerabilities that waste maintainers' time and don't actually move security forward. It's a reminder that, despite the hype, AI isn't a silver bullet for finding real bugs and can actually create more noise than signal. Speaking of AI, the conversation shifts to how major companies are reshaping their workforce in the name of artificial intelligence. CrowdStrike just announced it's cutting 5% of its jobs, citing AI-driven restructuring and the need for efficiency. It's not just CrowdStrike-Duolingo is pushing AI into every corner of its product and workflow, with leadership urging engineers to “start with AI for every task,” even as they admit the tech is still error-prone and often less effective than human effort. The end result? Workers are being asked to manage and troubleshoot clumsy AI tools instead of using their expertise, and users are left with content that's sometimes flat-out wrong or just less engaging than before. But while AI is shaking up tech jobs, the cybersecurity workforce shortage isn't going away. The PIVOTT Act has been revived in Congress to address the growing gap, offering full scholarships for two-year degrees in cyber fields in exchange for government service. It's aimed at making it easier for people to pivot into cyber careers, especially as professionals in other sectors worry about AI-driven job cuts. The Act is being administered by CISA and is designed to streamline the path into government cyber roles, including those requiring security clearances. As always, we spotlight some of the latest developments from Censys, VulnCheck, runZero, and GreyNoise; then wrap up with some quick goodbyes and reminders to check out the latest from all our partners and contributors. Thanks for tuning in to Storm⚡️Watch-where the only thing moving faster than the threats is the conversation. Storm Watch Homepage >> Learn more about GreyNoise >>  

In this episode of the Risk Management Show, we debunk common bug bounty myths and explore what risk managers need to know to enhance their cyber security strategies. Joining us is Will Kapcio, Sales Engineer Manager at HackerOne, the world leader in hacker-powered security. Will shares expert insights into the realities of bug bounty programs, how private initiatives often outperform public ones, and the critical role they play in identifying vulnerabilities that evade traditional testing methods. We also discuss the findings of HackerOne's latest Hacker-Powered Security Report, including the top vulnerabilities organizations still struggle with, the impact of AI on both attackers and defenders, and practical advice for launching and scaling a successful bug bounty program. Whether you're a Chief Risk Officer, cyber security professional, or simply interested in the intersection of risk management and sustainability, this episode is packed with actionable insights. If you want to be our guest or suggest a guest, send your email to info@globalriskconsult.com with the subject line "Guest Proposal." Don't miss this invaluable di

CertiK chief business officer Jason Jiang shares the nitty gritty on how North Korea's Lazarus Group stole $1.4 billion in ETH-related tokens from Bybit, who is ultimately at fault, and what the crypto industry and investors can do to protect themselves against the next major hack. (00:00) Introduction to The Agenda podcast and this week's episode(02:17) How Lazarus Group hacked Bybit (07:17) Are hard wallets and cold wallets safe from hacks?(09:19) How AI and quantum computing could compromise blockchains(12:24) Who is most at fault for the Bybit hack?(16:05) Is THORChain facilitating crime or abiding by the rules of decentralization?(18:46) How smart contract audits work(23:31) Securing AI and planning for the quantum computing Cambrian explosion(26:02) Is there a white hat hacker shortage?(30:34) The future of onchain securityThe Agenda is brought to you by Cointelegraph and hosted/produced by Ray Salmond and Jonathan DeYoung, with post-production by Elena Volkova (Hatch Up). Follow Cointelegraph on X (Twitter) at @Cointelegraph, Jonathan at @maddopemadic and Ray at @HorusHughes. Jonathan is also on Instagram at @maddopemadic, and he made the music for the podcast — hear more at madic.art.Check out Cointelegraph at cointelegraph.com.If you like what you heard, rate us and leave a review!The views, thoughts and opinions expressed in this podcast are its participants' alone and do not necessarily reflect or represent the views and opinions of Cointelegraph. This podcast (and any related content) is for entertainment purposes only and does not constitute financial advice, nor should it be taken as such. Everyone must do their own research and make their own decisions. The podcast's participants may or may not own any of the assets mentioned.

No episódio de hoje do Podcast Canaltech, o foco está em um dos maiores avanços no campo da segurança digital: o modelo Bug Bounty, uma estratégia que está transformando a maneira como as empresas lidam com as ameaças cibernéticas. A IPV7, uma das líderes em cibersegurança, anunciou recentemente a aquisição da plataforma HuntersPay, trazendo para o Brasil uma solução mais eficaz e colaborativa para identificar e corrigir falhas de segurança antes que se tornem um problema. Para falar sobre essa inovação, convidamos Rudnei Carapinheiro, chefe de estratégia da empresa, que compartilhou sua visão sobre como o modelo de segurança ofensiva pode transformar a proteção digital no Brasil e na América Latina. Entre nas redes sociais do Canaltech buscando por @Canaltech Entre em contato pelo nosso e-mail: podcast@canaltech.com.br Entre no Canaltech Ofertas Acesse a newsletter do Canaltech See omnystudio.com/listener for privacy information.

Joseph joins us to share about his career as an ethical hacker. First of all, I didn't know that there were good hackers out there. What a relief! You're going to love this conversation. We cover everything from hacking to faith and AI to international adoption.  This stuff is all so fascinating to me, and it was so fun to get to share these thoughts with you! Class is in session. Let's get curious! . . . . . Have a secretly extraordinary life? Apply to be a guest on my podcast in 2025 here: https://forms.gle/Z13WGj63oEfgmtjJ9 . . . . . Order your copy of my new book Reconnected HERE: ReconnectedBook.com  Let's keep in touch! Sign up for my newsletter to be the first to hear ALL my updates. https://app.e2ma.net/app2/audience/signup/1987227/1965424/ Interested in advertising with us? Reach out here. Book me to speak HERE: https://www.carloswhittaker.com/events  . . . . . Visit CatchingWhimsyBook.com to learn more and download a free chapter sampler today! Learn more about your ad choices. Visit megaphone.fm/adchoices

Joseph joins us to share about his career as an ethical hacker. First of all, I didn't know that there were good hackers out there. What a relief! You're going to love this conversation. We cover everything from hacking to faith and AI to international adoption.  This stuff is all so fascinating to me, and it was so fun to get to share these thoughts with you! Class is in session. Let's get curious! . . . . . Have a secretly extraordinary life? Apply to be a guest on my podcast in 2025 here: https://forms.gle/Z13WGj63oEfgmtjJ9 . . . . . Order your copy of my new book Reconnected HERE: ReconnectedBook.com  Let's keep in touch! Sign up for my newsletter to be the first to hear ALL my updates. https://app.e2ma.net/app2/audience/signup/1987227/1965424/ Interested in advertising with us? Reach out here. Book me to speak HERE: https://www.carloswhittaker.com/events  . . . . . Visit CatchingWhimsyBook.com to learn more and download a free chapter sampler today! Learn more about your ad choices. Visit megaphone.fm/adchoices

Episode 112: In this episode of Critical Thinking - Bug Bounty Podcast Joseph Thacker is joined by Ciarán Cotter (Monke) to share his bug hunting journey and give us the rundown on some recent client-side and server-side bugs. Then they discuss WebSockets, SaaS security, and cover some AI news including Grok 3, Nuclei -AI Flag, and some articles by Johann Rehberger.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter:https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Guest - Ciarán Cotterhttps://x.com/monkehack====== Resources ======Mstyhttps://msty.app/From Day Zero to Zero Dayhttps://nostarch.com/zero-dayNuclei - ai flaghttps://x.com/pdiscoveryio/status/1890082913900982763ChatGPT Operator: Prompt Injection Exploits & Defenseshttps://embracethered.com/blog/posts/2025/chatgpt-operator-prompt-injection-exploits/Hacking Gemini's Memory with Prompt Injection and Delayed Tool Invocationhttps://embracethered.com/blog/posts/2025/gemini-memory-persistence-prompt-injection/====== Timestamps ======(00:00:00) Introduction(00:01:04) Bug Rundowns(00:13:05) Monke's Bug Bounty Background(00:20:03) Websocket Research(00:34:01) Connecting Hackers with Companies(00:34:56) Grok 3, Msty, From Day Zero to Zero Day(00:42:58) Full time Bug Bounty, SaaS security, and Threat Modeling while AFK(00:54:49) Nuclei - ai flag, ChatGPT Operator, and Hacking Gemini's Memory

Episode 111: In this episode of Critical Thinking - Bug Bounty Podcast Justin interviews Kevin Mizu to showcase his knowledge regarding DOMPurify and its misconfigurations. We walk through some of Kevin's research, highlighting things like Dangerous allow-lists and URI Attributes, DOMPurify hooks, node manipulation, and DOM Clobbering.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter:https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!====== Resources ======Exploring the DOMPurify library: Bypasses and Fixes (1/2)https://mizu.re/post/exploring-the-dompurify-library-bypasses-and-fixesExploring the DOMPurify library: Hunting for Misconfigurations (2/2)https://mizu.re/post/exploring-the-dompurify-library-hunting-for-misconfigurationsDom-Explorer toolhttps://yeswehack.github.io/Dom-Explorer/shared?id=772a440c-b0c2-4991-be71-3e271cf7954fCT Episode 61: A Hacker on Wall Street - JR0ch17https://www.criticalthinkingpodcast.io/episode-61-a-hacker-on-wall-street-jr0ch17/====== Timestamps ======(00:00:00) Introduction(00:01:44) Kevin Mizu - Background and Bring-a-bug(00:15:09) DOMPurify(00:29:04) Misconfigurations - Dangerous allow-lists(00:39:09) Dangerous URI attributes configuration(00:46:08) Bad usage(00:59:55) DOMPurify Hooks: before, after, and upon SanitizeAttribute(01:29:15) Node manipulation, nodeName namespace case confusion, & DOM Clobbering DOS(01:36:51) Misc concepts for future research

In this episode of the Ardan Labs podcast, Bill Kennedy interviews Julien Cretel, exploring his journey through technology, education, and personal growth. They discuss Julien's early experiences with computers, the influence of his family on his career choices, and his reflections on high school and intensive studies. The conversation highlights the importance of perseverance and the lasting impact of foundational knowledge in software development. The conversation explores Julien's educational journey in engineering, his transition from academia to industry, and his experiences in marine engineering and renewable energy.The discussion also touches on the differences between backend and frontend development, the importance of error handling, and the balance between performance and complexity in software development.00:00 Introduction 00:30 What is Julien Doing Today?05:10 First Memory of a Computer9:00 Family Influence and Early Choices20:00 Deciding on Intense Education31:30 Transition from Academia to Industry42:00 First Programming Job / Code Talk51:41 Performance vs Complexity in Software1:05:00 Transition to Contract Work1:12:00 Debt in the U.S1:19:00 Security Audits / Bug Bounties1:27:00 Open Source Projects Connect with Julien: Julien's Website: https://jub0bs.com/posts/Bluesky: https://bsky.app/profile/jub0bs.comMentioned in this Episode:Iterutil: https://github.com/jub0bs/iterutilCORS: https://github.com/jub0bs/corsWant more from Ardan Labs? You can learn Go, Kubernetes, Docker & more through our video training, live events, or through our blog!Online Courses : https://ardanlabs.com/education/ Live Events : https://www.ardanlabs.com/live-training-events/ Blog : https://www.ardanlabs.com/blog Github : https://github.com/ardanlabs

In this episode, James sits down with Tommy DeVoss (aka Doggy G), who went from a teenage hacker dodging federal prison to becoming one of the most successful ethical hackers in the world. Tommy spills raw, unfiltered stories about his wild days in IRC channels, running with the infamous World of Hell hacking group, and somehow managing to turn his life around to rake in over $4 million in bug bounties. You'll hear how a 10-year computer ban gave him enough pent-up tech energy to power a small country and how his boredom waiting for a friend led to a $180,000 Yahoo bug discovery. Yeah, some people text while waiting—Tommy casually breaks the internet.

HackerOne's co-founder, Michiel Prins walks us through the latest new offensive security service: AI red teaming. At the same time enterprises are globally trying to figure out how to QA and red team generative AI models like LLMs, early adopters are challenged to scale these tests. Crowdsourced bug bounty platforms are a natural place to turn for assistance with scaling this work, though, as we'll discuss on this episode, it is unlike anything bug hunters have ever tackled before. Segment Resources: https://www.hackerone.com/ai/snap-ai-red-teaming https://www.hackerone.com/thought-leadership/ai-safety-red-teaming This interview is a bit different from our norm. We talk to the founder and CEO of OpenVPN about what it is like to operate a business based on open source, particularly through trying times like the recent pandemic. How do you compete when your competitors are free to build products using your software and IP? It seems like an oxymoron, but an open source-based business actually has some significant advantages over the closed source commercial approach. In this week's enterprise security news, the first cybersecurity IPO in 3.5 years! new companies new tools the fate of CISA and the cyber safety review board things we learned about AI in 2024 is the humanless SOC possible? NGFWs have some surprising vulnerabilities what did generative music sound like in 1996? All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-391

HackerOne's co-founder, Michiel Prins walks us through the latest new offensive security service: AI red teaming. At the same time enterprises are globally trying to figure out how to QA and red team generative AI models like LLMs, early adopters are challenged to scale these tests. Crowdsourced bug bounty platforms are a natural place to turn for assistance with scaling this work, though, as we'll discuss on this episode, it is unlike anything bug hunters have ever tackled before. Segment Resources: https://www.hackerone.com/ai/snap-ai-red-teaming https://www.hackerone.com/thought-leadership/ai-safety-red-teaming This interview is a bit different from our norm. We talk to the founder and CEO of OpenVPN about what it is like to operate a business based on open source, particularly through trying times like the recent pandemic. How do you compete when your competitors are free to build products using your software and IP? It seems like an oxymoron, but an open source-based business actually has some significant advantages over the closed source commercial approach. In this week's enterprise security news, the first cybersecurity IPO in 3.5 years! new companies new tools the fate of CISA and the cyber safety review board things we learned about AI in 2024 is the humanless SOC possible? NGFWs have some surprising vulnerabilities what did generative music sound like in 1996? All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-391

HackerOne's co-founder, Michiel Prins walks us through the latest new offensive security service: AI red teaming. At the same time enterprises are globally trying to figure out how to QA and red team generative AI models like LLMs, early adopters are challenged to scale these tests. Crowdsourced bug bounty platforms are a natural place to turn for assistance with scaling this work, though, as we'll discuss on this episode, it is unlike anything bug hunters have ever tackled before. Segment Resources: https://www.hackerone.com/ai/snap-ai-red-teaming https://www.hackerone.com/thought-leadership/ai-safety-red-teaming Show Notes: https://securityweekly.com/esw-391

HackerOne's co-founder, Michiel Prins walks us through the latest new offensive security service: AI red teaming. At the same time enterprises are globally trying to figure out how to QA and red team generative AI models like LLMs, early adopters are challenged to scale these tests. Crowdsourced bug bounty platforms are a natural place to turn for assistance with scaling this work, though, as we'll discuss on this episode, it is unlike anything bug hunters have ever tackled before. Segment Resources: https://www.hackerone.com/ai/snap-ai-red-teaming https://www.hackerone.com/thought-leadership/ai-safety-red-teaming Show Notes: https://securityweekly.com/esw-391

Learn what ethical hackers can teach us about the next era of artificial intelligence.We speak with Michael Skelton, VP of Operations and Sajeeb Lohani, Global TISO for Bugcrowd on the latest edition of 'Inside The Mind Of A Hacker'.We're also joined by CJ Fairhead who is a Senior Penetration Tester, OSCP Certified, Security obsessed and tinkerer of things. Passionate about combining years of Internal IT experience with his security knowledge for Red Team engagements, CJ is involved in the Bug Bounty scene and works on giving back to the community through tool development, blog posts or just general advice. In the latest edition of ITMOAH, dive inside the minds of 1000 hackers and see your organization from a new perspective, with the latest analysis on security researchers and their transformative use of generative AI.For more information and to access more, including the Bugcrowd Report series - visit https://mysecuritymarketplace.com/bugcrowd-register-to-access/#bugcrowd #cisoseries #mysecuritytv #cybersecurity #ITMOAH #ethicalhackers

Bitcoin OG Charlie Shrem is now the chief evangelist of a project called Digital Gold (DGD). In this episode, I ask him and his business partner Digital Gold Yoda all the important questions about the legitimacy of their new cryptocurrency. Time stamps: Introducing Charlie Shrem & Digital Gold Jedi (00:00:48) Is Charlie Still Bullish on Bitcoin? (00:01:40) From Bitcoin to Digital Gold (00:02:05) Details of the Digital Gold Project (00:04:52) Stability and Value Preservation? (00:05:37) Community Engagement and User Growth (00:08:34) Comparison with BitTorrent (00:09:01) There Are Thousands of Digital Golds (00:14:28) Unique Features of the Digital Gold Project (00:15:08) Which Wallets and Exchanges Support Digital Gold? (00:17:05) Community Engagement and Validation (00:17:55) Initial Feedback and Expectations (00:18:50) Purchasing Process and Coin Distribution (00:19:26) Coin Withdrawal Mechanics (00:20:15) Network Growth and Distribution (00:21:02) Exchanges and Market Dynamics (00:22:57) Stablecoin vs. Price Speculation (00:23:25) Price Determination Mechanism (00:24:27) Infrastructure and Value Creation (00:25:09) Market Dynamics and Adoption (00:26:06) Mining vs. Market Factors (00:26:21) Coin Purchase Process Clarification (00:27:13) Community Participation and Evangelism (00:29:20) Address Reuse Concerns (00:31:16) Price Validation by Community (00:32:38) Selling Coins Among Users (00:34:31) Community Exchange Challenges (00:34:43) Decentralized Exchange Considerations (00:35:44) Arbitrage Opportunities (00:36:00) Side Shift (00:36:43) Treasury and Bitcoin Ownership (00:37:42) Concerns About Bitcoin Reserve Safety (00:38:00) Community Trust and Auditing (00:39:26) Charlie Shrem's Long-Term Vision for Digital Gold (00:40:28) Self-Custody and User Understanding (00:41:51) Value of DGB vs. Bitcoin (00:42:07) Name Change Story (00:44:01) Treasury Transparency and Auditing (00:45:24) Future of Auditing in Crypto (00:46:29) Bullish Prediction for Digital Gold (00:47:18) Understanding User Risks and Backup Solutions (00:51:51) Digital Gold Experiment (00:52:56) Challenges of User Adoption (00:54:10) Centralization Concerns (00:57:42) Node Operation Incentives (00:58:16) Concept of Proof of Participation (01:00:55) Contribution vs. Purchase (01:06:52) Intrinsic Value and Market Parity (01:09:07) Discussion on Gold and Currency Value (01:10:04) Clarifying Payment Terminology (01:10:35) Contributions, Not Investments (01:11:57) White Paper Availability (01:12:44) Smart Currency Concept (01:15:20) Comparison with Bitcoin Cash (01:15:49) Participation in the Network (01:16:40) Digital Gold vs Terra Luna (01:17:47) Claiming Coins Without Purchase (01:19:16) Distribution Model Fairness (01:21:04) Becoming a Staker (01:23:25) Node Connection and Validation (01:25:03) Impact of Node Outages (01:27:25) Core Staking Nodes Explained (01:28:09) Government Threats to Network (01:29:10) Initial Market Cap and Podcast Launch (01:30:25) Security Team: How Does It Get Paid? (01:32:44) Bug Bounty and Security Issues (01:36:00) Distribution of Coins and Participation (01:37:29) Peer-to-Peer Transactions (01:39:33) Transparency of Coin Holdings (01:41:51) Labeling The Team's Staking Wallets (01:42:23) First Dancers (01:45:31) Charlie Shrem's Role in Digital Gold (01:45:39) The Litmus Test (01:46:03) Importance of Charlie's Endorsement (01:46:31) Highlighting Charlie's Character (01:47:31) Addressing Potential Concerns (01:48:03) User-Friendly Exchange Integration (01:48:42) Future Selling of Coins (01:49:44) Saying Goodbye (01:50:13)

How will AI redefine cybersecurity in 2025? According to Marco Figueroa, Program Manager for Gen AI at the ODIN Bug Bounty Program, this year is set to be the "Year of the Agent," where AI systems and integrations take a central role.  In this special New Year bonus episode, Ron sits down with Marco to discuss the transformative role of AI in solving cybersecurity challenges. Marco breaks down AI jailbreak techniques, the impact of bug bounty programs on securing AI systems, and why 2025's fast-evolving tech landscape demands creative thinking. Learn how tools like ChatGPT and Gemini 2.0 are reshaping the industry and why staying adaptable is essential.   Impactful Moments: 00:00 - Introduction 02:14 - Speed vs. safety: AI system challenges 05:30 - Why experience matters more than information 07:45 - Legal stakes for deepfakes and AI 18:36 - Marco's creative journey in cybersecurity 28:00 - Jailbreaks: Risks and surprising AI findings 37:13 - 2025 predictions: The rise of agents 41:00 - Closing thoughts and the power of community Links: Connect with our guest, Marco Figueroa: https://www.linkedin.com/in/marco-figueroa-re/ Chuck Brooks' 2025 Cybersecurity Predictions article: https://www.forbes.com/sites/chuckbrooks/2024/12/24/cybersecurity-trends-and-priorities-to-watch-for-2025/ Focus Areas for the FaccT Conference News: https://facctconference.org/2025/focusareas “Unreasonable Hospitality” by Will Guidara Book Link: https://www.amazon.com/Unreasonable-Hospitality-Remarkable-Giving-People/dp/0593418573 Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

As part of our Bugcrowd Leadership Series, we speak with Dave Gerry, Chief Executive Officer of Bugcrowd on his most recent visit to Sydney and the region. His visit for Cybercon in Melbourne also follows with the company recently securing a USD50 million capital growth facility from the Silicon Valley Bank and also appointing Trey Ford, as chief information security officer for the Americas.We also refer to the latest edition of ITMOAH, which dives inside the minds of 1,000 hackers and the latest analysis on security researchers and their transformative use of generative AI.For more on the CxO Perspectives and Hack the Hacker Series with Bugcrowd visit https://mysecuritymarketplace.com/bugcrowd-register-to-access/#bugcrowd #mysecuritytv #cisoseries #bugbounty

Episode 102: In this episode of Critical Thinking - Bug Bounty Podcast Justin grabs Jason Haddix to help brainstorm the concept of AI micro-agents in hacking, particularly in terms of web fuzzing, WAF bypasses, report writing, and more.They discuss the importance of contextual knowledge, the cost implications, and the strengths of different LLM Models.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Check out our new SWAG store at https://ctbb.show/swag!Today's Guest - https://x.com/JhaddixResourcesKeynote: Red, Blue, and Purple AI - Jason Haddixhttps://www.youtube.com/watch?v=XHeTn7uWVQMAttention in transformers,https://www.youtube.com/watch?v=eMlx5fFNoYcShifthttps://shiftwaitlist.com/The Darkest Side of Bug Bountyhttps://www.youtube.com/watch?v=6SNy0u6pYOcTimestamps(00:00:00) Introduction(00:01:25) Micro-agents and Weird Machine Tricks(00:11:05) Web fuzzing with AI(00:18:15) Brainstorming Shift and micro-agents(00:34:40) Strengths of different AI Models, and using AI to write reports(00:54:21) The Darkest Side of Bug Bounty

Josh and Kurt talk about a CWE Top 25 list from MITRE. The list itself is fine, but we discuss why the list looks the way it does (it's because of WordPress). We also discuss why Josh hates lists like this (because they never create any actions). We finish up running through the whole list with a few comments about the findings. Show Notes 2024 CWE Top 25 Most Dangerous Software Weaknesses Set of 9 Unusual Odd Sided dice - D3, D5, D7, D9, D11, D13, D15, D17 & D19

Dr. Sunny Wear began her career as a developer, spending countless hours maintaining others' code—a humbling experience, as she describes it. Realizing she wanted a different path, a friend suggested exploring cybersecurity at just the right time. Together, they tackled the CISSP exam, which Dr. Sunny passed, igniting her passion for application penetration testing. Now […]

The Cybercrime Magazine Podcast brings you daily cybercrime news on WCYB Digital Radio, the first and only 7x24x365 internet radio station devoted to cybersecurity. Stay updated on the latest cyberattacks, hacks, data breaches, and more with our host. Don't miss an episode, airing every half-hour on WCYB Digital Radio and daily on our podcast. Listen to today's news at https://soundcloud.com/cybercrimemagazine/sets/cybercrime-daily-news. Brought to you by our Partner, Evolution Equity Partners, an international venture capital investor partnering with exceptional entrepreneurs to develop market leading cyber-security and enterprise software companies. Learn more at https://evolutionequity.com

Episode 99: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Roni dissect an old thread of Justin's talking about how best to start bug bounty with the goal of making $100k in the first year.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Today's Sponsor - AssetNote: Check out their ASMR board (no not that kind!)https://assetnote.io/asmrToday's Guest - https://x.com/0xLupinResourcesJustin's Twitter Threadhttps://x.com/Rhynorater/status/1699395452481769867Timestamps(00:00:00) Introduction(00:03:00) Web Fundamentals Education(00:46:01) Threat Modeling and Hacking Goals(01:18:58) Vuln Types and finding Specialization

In this in-depth conversation, Jason Waits, Chief Information Security Officer (CISO) at Inductive Automation, provides a comprehensive exploration of Industrial Control System (ICS) cybersecurity. With decades of experience securing critical infrastructure and navigating the complexities of Operational Technology (OT) environments, Jason offers actionable insights into the current state and future of cybersecurity in industrial sectors like manufacturing, energy, and water treatment.The discussion begins with an overview of what makes ICS cybersecurity distinct from traditional IT security. Jason explains how OT systems prioritize availability and safety, presenting unique challenges compared to the confidentiality-driven focus of IT. The conversation highlights key vulnerabilities in ICS environments, such as legacy systems that lack modern security features, poorly designed protocols without encryption, and the risks posed by IT/OT convergence.Jason dives into common attack vectors, including social engineering (phishing), lateral movement from IT to OT networks, and physical access breaches. He explores real-world case studies like the Colonial Pipeline ransomware attack, the Oldsmar water treatment plant hack, and the Stuxnet worm, illustrating how these vulnerabilities have been exploited and the lessons they offer for building stronger defenses.The video also emphasizes the critical role of compliance and standards, such as ISA/IEC 62443, the NIST Cybersecurity Framework, and CIS Controls. Jason underscores the difference between compliance and real security, advocating for a "security first, compliance second" philosophy to ensure that organizations focus on mitigating actual risks rather than merely checking regulatory boxes.As the conversation unfolds, Jason discusses the role of vendors and OEMs in securing ICS environments, detailing how Inductive Automation uses proactive measures like Pwn2Own competitions, bug bounty programs, and detailed security hardening guides to improve the security of their products. He highlights the importance of collaboration between vendors and customers to address challenges like long equipment lifecycles and the growing adoption of cloud services.Emerging technologies also take center stage, with Jason exploring how artificial intelligence (AI) is transforming threat detection and response, while also enabling more sophisticated attacks like personalized phishing and adaptive malware. He addresses the implications of IT/OT convergence, emphasizing the need for collaboration between traditionally siloed teams and the importance of building shared security frameworks.For organizations looking to strengthen their cybersecurity posture, Jason offers practical steps, starting with foundational measures like asset management and configuration baselines. He explains how leveraging free resources, such as CIS Benchmarks, and creating a roadmap for cybersecurity maturity can help organizations of all sizes navigate these challenges, even with limited budgets.Timestamps0:00 – Introduction and Overview of ICS Cybersecurity3:15 – Meet Jason Waits: Background and Journey to CISO6:45 – What Is ICS Cybersecurity? Key Differences Between IT and OT10:30 – The Importance of Availability and Safety in OT Systems13:50 – Challenges of Legacy Systems and Long Equipment Lifecycles17:20 – Attack Vectors: Social Engineering, Lateral Movement, and Physical Access20:10 – Case Studies: Colonial Pipeline, Oldsmar Water Treatment Plant, and Stuxnet25:35 – Compliance vs. Security: Jason's “Security First, Compliance Second” Philosophy30:00 – The Role of Vendors and OEMs in Cybersecurity34:45 – Inductive Automation's Approach: Pwn2Own, Bug Bounties, and Security Hardening Guides40:00 – Emerging Technologies: AI in Threat Detection and the Risks of Sophisticated Phishing45:10 – The Growing Adoption of Cloud in ICS and Its Implications50:00 – IT/OT Convergence: Opportunities and Challenges55:15 – Practical Steps for Organizations: Asset Management and Roadmaps1:00:10 – Building a Security Culture: Collaboration Between IT and OT Teams1:05:30 – Future Outlook: Increasing Regulations, Ransomware Risks, and Innovation1:10:00 – Using Cybersecurity as a Competitive Advantage1:15:00 – Closing Thoughts: The Need for Continuous Learning and Proactive ActionAbout Manufacturing Hub:Manufacturing Hub Network is an educational show hosted by two longtime industrial practitioners Dave Griffith and Vladimir Romanov. Together they try to answer big questions in the industry while having fun conversations with other interesting people. Come join us weekly! ******Connect with UsVlad RomanovDave GriffithManufacturing HubSolisPLCJoltek

Episode 98: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner sits down with Sharon,to discuss his journey from early iOS development to leading a research team at Claroty. They address the differences between HackerOne and Pwn2Own, and talk through some intricacies of IoT security, and some less common IoT attack surfaces.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Today's Sponsor - ThreatLocker: Check out Network Control!https://www.criticalthinkingpodcast.io/tl-ncAnd AssetNote: Check out their ASMR board (no not that kind!)https://assetnote.io/asmrToday's Guest: https://sharonbrizinov.com/ResourcesThe Claroty Research Teamhttps://claroty.com/team82Pwntoolshttps://github.com/Gallopsled/pwntoolsScan My SMShttp://scanmysms.comGotta Catch 'Em All: Phishing, Smishing, and the birth of ScanMySMShttps://www.youtube.com/watch?v=EhNsXXbDp3UTimestamps(00:00:00) Introduction(00:03:31) Sharon's Origin Story(00:21:58) Transition to Bug Bounty and Pwn2Own vs HackerOne(00:47:05) IoT/ICS Hacking Methodology(01:10:13) Cloud to Device Communication(01:18:15) Bug replication and uncommon attack surfaces(01:30:58) Documentation tracker, reCaptcha bypass, and ScanMySMS

A chatty chat in which we discuss the Infinite Backrooms and the extremely profitable shock-meme-cult it spurred, a big update in the McDonald's ice cream machine right to repair story, Apple Bug Bounties, Canadian hackers and so much more. Learn more about your ad choices. Visit podcastchoices.com/adchoices

(Disclaimer: Click 'more' to see ad disclosure) Geobreeze Travel is part of an affiliate sales network and receives compensation for sending traffic to partner sites, such as MileValue.com. This compensation may impact how and where links appear on this site. This site does not include all financial companies or all available financial offers. Terms apply to American Express benefits and offers. Enrollment may be required for select American Express benefits and offers. Visit americanexpress.com to learn more.  ➤ Free LIVE training to maximize your points https://geobreezetravel.com/webinar   ➤ Free points 101 course (includes hotel upgrade email template) https://geobreezetravel.com/freecourse   ➤ Free credit card consultations https://airtable.com/apparEqFGYkas0LHl/shrYFpUr2zutt5515   ➤ Seats.Aero: https://geobreezetravel.com/seatsaero   ➤ Request a free personalized award search tutorial: https://go.geobreezetravel.com/ast-form If you are interested in supporting this show when you apply for your next card, check out https://geobreezetravel.com/cards and if you're not sure what card is right for you, I offer free credit card consultations at https://geobreezetravel.com/consultations! Timestamps: 00:00 Introduction / Get to know Ian 01:24 Ian's Cybersecurity Background 02:39 Bug Bounties and Earning Miles 05:12 Hotel Lock Security Flaws 08:44 TSA Known Crew Member Vulnerability 16:08 Building Seats.Aero 20:51 Challenges and Features of Seats.Aero 26:10 Community and Support 30:15 Final Thoughts and Tips You can find Julia at:  ➤ Website: https://geobreezetravel.com/  ➤ Instagram: https://www.instagram.com/geobreezetravel/  ➤ Credit card links: https://www.geobreezetravel.com/cards  ➤ Patreon: https://www.patreon.com/geobreezetravel   Opinions expressed here are the author's alone, not those of any bank, credit card issuer, hotel, airline, or other entity. This content has not been reviewed, approved or otherwise endorsed by any of the entities included within the post. The content of this video is accurate as of the posting date. Some of the offers mentioned may no longer be available.

- Activist Hedge Fund Buys Into Nissan - VinFast Gets Cash Life-Line - Trump Appoints Zeldin to EPA - Cadillac VISTIQ EV Details - Buick Adds Upgrades to Luxurious CENTURY Van - Porsche Holding Regular Bug Bounty Programs - Stellantis Secures Graphite in North America - Japanese Hydrogen JV Goes Racing - Fiat Offers 12-Volt Mild Hybrid

- Activist Hedge Fund Buys Into Nissan - VinFast Gets Cash Life-Line - Trump Appoints Zeldin to EPA - Cadillac VISTIQ EV Details - Buick Adds Upgrades to Luxurious CENTURY Van - Porsche Holding Regular Bug Bounty Programs - Stellantis Secures Graphite in North America - Japanese Hydrogen JV Goes Racing - Fiat Offers 12-Volt Mild Hybrid

Jailbreaking AI: Behind the Guardrails with Mozilla's Marco Figueroa In this episode of 'Cyber Security Today,' host Jim Love talks with Marco Figueroa, the Gen AI Bug Bounty Program Manager for Mozilla's ODIN project. They explore the challenges and methods of bypassing guardrails in large language models like ChatGPT. Discussion points include jailbreaking, hexadecimal encoding, and the use of techniques like Deceptive Delight. Marco shares insights from his career, including his experiences at DEF CON, the NSA, McAfee, Intel, and Sentinel One. The conversation dives into Mozilla's efforts to build a secure AI landscape through the ODIN bug bounty program and the future implications of AI vulnerabilities. 00:00 Introduction and Guest Introduction 00:22 Understanding Large Language Models and Jailbreaking 01:53 Recent Jailbreaking Techniques and Examples 04:42 Interview with Marco Figueroa: Career Journey 10:12 Marco's Work at Mozilla and the ODIN Project 16:50 Exploring Prompt Injection and Hacking 23:21 Future of AI Security and Final Thoughts

After spending a decade working for appsec vendors, Grant McKracken wanted to give something back. He saw a gap in the market for free or low-cost services for smaller organizations that have real appsec needs, but not a lot of means to pay for it. He founded DarkHorse, who offers VDPs and bug bounties to organizations of all sizes for free, or for as low of cost as possible. While not a non-profit, the company's goal is to make these services as cheap as possible to increase accessibility for smaller or more budget-constrained organizations. The company has also introduced the concept of "fractional pentesting", access to cyber talent when and how you need it, based on what you can afford. This implies services beyond just offensive security, something we'll dive deeper into in the interview. We don't see DarkHorse ever competing with the larger Bug Bounty platforms, but rather providing services to the organizations too small for the larger platforms to sell to. Microsoft delays Recall AGAIN, Project Zero uses an LLM to find a bugger underflow in SQLite, the scourge of infostealer malware, zero standing privileges is easy if you have unlimited time (but no one does), reverse engineering Nintendo's Alarmo and RedBox's... boxes. Bonus: the book series mentioned in this episode The Lost Fleet by Jack Campbell. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-306

After spending a decade working for appsec vendors, Grant McKracken wanted to give something back. He saw a gap in the market for free or low-cost services for smaller organizations that have real appsec needs, but not a lot of means to pay for it. He founded DarkHorse, who offers VDPs and bug bounties to organizations of all sizes for free, or for as low of cost as possible. While not a non-profit, the company's goal is to make these services as cheap as possible to increase accessibility for smaller or more budget-constrained organizations. The company has also introduced the concept of "fractional pentesting", access to cyber talent when and how you need it, based on what you can afford. This implies services beyond just offensive security, something we'll dive deeper into in the interview. We don't see DarkHorse ever competing with the larger Bug Bounty platforms, but rather providing services to the organizations too small for the larger platforms to sell to. Show Notes: https://securityweekly.com/asw-306

In today's episode of Cybersecurity Today, host Jim Love covers stories including, Cisco releases an emergency patch for a vulnerability exploited in brute force attacks, Delta Airlines sues CrowdStrike over a problematic software update leading to flight disruptions, UnitedHealth confirms the massive data breach at Change Healthcare affecting 100 million people, and Apple announces a $1 million bug bounty for hacking Apple Intelligence servers. Stay informed on these pivotal issues impacting the tech and cybersecurity landscape. 00:00 Emergency Patch for Cisco Vulnerability 02:02 Delta Sues CrowdStrike Over Flight Disruptions 03:48 Apple's $1 Million Bug Bounty Program 05:14 UnitedHealth Data Breach Impact 07:17 Show Wrap-Up and Contact Information

Get your FREE 2024 Cybersecurity Salary Guide: https://www.infosecinstitute.com/form/cybersecurity-salary-guide-podcast/?utm_source=youtube&utm_medium=podcast&utm_campaign=podcastJoin us on this episode of Cyber Work with Katie Paxton-Fear, an API hacker and technical marketing manager at Traceable, known for her YouTube channel InsiderPhD. Dive into API security, common defense mistakes and bug bounty insights. Listen as Paxton-Fear shares her academic journey blending tech and linguistics, her pioneering NLP work on insider threats and tips on becoming an API security expert. Learn about detecting insider cyber threats, the role of AI in securing APIs and essential resources to enhance your cybersecurity skills. Plus, explore the dynamic world of freelance ethical hacking, the role of a technical marketer and the significance of resonant content creation. Stay tuned for a comprehensive guide to elevating your API security know-how and cybersecurity career!View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast/?utm_source=audio&utm_medium=podcast&utm_campaign=podcast00:00 - Introduction to Katie Paxton-Fear01:48 - Katie's journey into tech and cybersecurity05:23 - Combining tech and language15:34 - From academia to YouTube21:30 - API security: challenges and insights26:38 - The role of AI in API security30:28 - API key management and security31:08 - Common API key breaches32:15 - Preventing API key leaks33:39 - The importance of key rotation34:31 - Getting started in API security35:36 - Recommended resources for API security37:32 - Hands-on API hacking45:28 - The bug bounty community50:32 - Role of a technical marketing manager53:45 - Career advice and final thoughtsAbout InfosecInfosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ's security awareness training. Learn more at infosecinstitute.com.

Episode 91: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner sits down with Critical Thinking's own HackerNotes writer Brandyn Murtagh (gr3pme) to talk about his journey with Bug Bounty. We cover mentorship, networking and LHEs, ecosystem hacking, emotional regulation, and the need for self-care. Then we wrap up with some fun bugs.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Find the Hackernotes: https://blog.criticalthinkingpodcast.io/Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Shop our new swag store at ctbb.show/swagToday's Sponsor: Project Discovery - tldfinder: https://www.criticalthinkingpodcast.io/tldfinderToday's guest: https://x.com/gr3pmeResources:Lessons Learned for LHEshttps://x.com/Rhynorater/status/1579499221954473984Timestamps:(00:00:00) Introduction(00:07:02) Mentorship in Bug Bounty(00:16:30) LHE lessons, takeaways, and the benefit of feedback and networking(00:41:28) Choosing Targets(00:49:03) Vuln Classes(00:58:54) Bug Reports

Episode 89: In this episode of Critical Thinking - Bug Bounty Podcast We're joined live by Matt Brown to talk about his journey with hacking in the IoT. We cover the specializations and challenges in hardware hacking, and Matt's personal Methodology. Then we switch over to touch on BGA Reballing, Certificate Pinning and Validation, and some of his own bug stories.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Find the Hackernotes: https://blog.criticalthinkingpodcast.io/Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Today's Sponsor: Project Discovery - tldfinder: https://www.criticalthinkingpodcast.io/tldfinderToday's Guess Matt Brown: https://x.com/nmatt0Resources:Decrypting SSL to Chinese Cloud Servershttps://www.youtube.com/watch?v=3qSxxNvuEtgmitmrouterhttps://github.com/nmatt0/mitmroutercertmitm Automatic Exploitation of TLS Certificate Validation Vulnshttps://www.youtube.com/watch?v=w_l2q_Gyqfoandhttps://media.defcon.org/DEF%20CON%2031/DEF%20CON%2031%20presentations/Aapo%20Oksman%20-%20certmitm%20automatic%20exploitation%20of%20TLS%20certificate%20validation%20vulnerabilities.pdfhttps://github.com/aapooksman/certmitmHackerOne Detailed Platform Standardshttps://docs.hackerone.com/en/articles/8369826-detailed-platform-standardsTimestamps:(00:00:00) Introduction(00:13:33) Specialization and Challenges of IOT Hacking(00:33:03) Decrypting SSL to Chinese Cloud Servers(00:47:00) General IoT Hacking Methodology(01:26:00) Certificate Pinning and Certificate Validation(01:34:35) BGA Reballing(01:43:26) Bug Stories

Lawfare Editor-in-Chief Benjamin Wittes sits down with Katie Moussouris of Luta Security to talk bug bounties. Where do they come from? What is their proper role in cybersecurity? What are they good for, and most importantly, what are they not good for? Moussouris was among the hackers who first did bug bounties at scale—for Microsoft, and then for the Pentagon. Now she helps companies set up bug bounty programs and is dismayed by how they are being used.To receive ad-free podcasts, become a Lawfare Material Supporter at www.patreon.com/lawfare. You can also support Lawfare by making a one-time donation at https://givebutter.com/c/trumptrials.Support this show http://supporter.acast.com/lawfare. Hosted on Acast. See acast.com/privacy for more information.