POPULARITY
Forecast = Expect scattered AI layoffs, a flurry of bogus bug bounties, and a persistent workforce drought-so keep your firewalls up and your résumés handy! On this episode of GreyNoise Storm⚡️Watch, we kick things off with our usual round of introductions before diving into the latest cyber weather and threat landscape. If you're new here, Storm⚡️Watch is where we break down what's moving the needle in cybersecurity, spotlighting the people, tools, and trends shaping the field. For today's poll, we're feeling nostalgic and asking: What do you miss most from the Slow Internet days? Whether it's the wild west of Myspace, the quirky chaos of Fark, the creative playground of Wattpad, or the endless flash animations on Albino Blacksheep, we want to know what old-school internet experience you'd revive if you could. We're also talking about the pitfalls of AI in bug bounty programs. The open-source project curl has had enough of users flooding them with AI-generated “slop” vulnerabilities that waste maintainers' time and don't actually move security forward. It's a reminder that, despite the hype, AI isn't a silver bullet for finding real bugs and can actually create more noise than signal. Speaking of AI, the conversation shifts to how major companies are reshaping their workforce in the name of artificial intelligence. CrowdStrike just announced it's cutting 5% of its jobs, citing AI-driven restructuring and the need for efficiency. It's not just CrowdStrike-Duolingo is pushing AI into every corner of its product and workflow, with leadership urging engineers to “start with AI for every task,” even as they admit the tech is still error-prone and often less effective than human effort. The end result? Workers are being asked to manage and troubleshoot clumsy AI tools instead of using their expertise, and users are left with content that's sometimes flat-out wrong or just less engaging than before. But while AI is shaking up tech jobs, the cybersecurity workforce shortage isn't going away. The PIVOTT Act has been revived in Congress to address the growing gap, offering full scholarships for two-year degrees in cyber fields in exchange for government service. It's aimed at making it easier for people to pivot into cyber careers, especially as professionals in other sectors worry about AI-driven job cuts. The Act is being administered by CISA and is designed to streamline the path into government cyber roles, including those requiring security clearances. As always, we spotlight some of the latest developments from Censys, VulnCheck, runZero, and GreyNoise; then wrap up with some quick goodbyes and reminders to check out the latest from all our partners and contributors. Thanks for tuning in to Storm⚡️Watch-where the only thing moving faster than the threats is the conversation. Storm Watch Homepage >> Learn more about GreyNoise >>
Öfters liest oder hört man, dass Bug Bounty Modelle die bessere Möglichkeit sind, Schwachstellen zu finden. Doch ist das wirklich so? Sandro Müller und Andreas Wisler diskutieren über die Unterschiede, Vor- und Nachteile von Bug Bounty und Penetration Tests.
In this episode of the Risk Management Show, we debunk common bug bounty myths and explore what risk managers need to know to enhance their cyber security strategies. Joining us is Will Kapcio, Sales Engineer Manager at HackerOne, the world leader in hacker-powered security. Will shares expert insights into the realities of bug bounty programs, how private initiatives often outperform public ones, and the critical role they play in identifying vulnerabilities that evade traditional testing methods. We also discuss the findings of HackerOne's latest Hacker-Powered Security Report, including the top vulnerabilities organizations still struggle with, the impact of AI on both attackers and defenders, and practical advice for launching and scaling a successful bug bounty program. Whether you're a Chief Risk Officer, cyber security professional, or simply interested in the intersection of risk management and sustainability, this episode is packed with actionable insights. If you want to be our guest or suggest a guest, send your email to info@globalriskconsult.com with the subject line "Guest Proposal." Don't miss this invaluable di
CertiK chief business officer Jason Jiang shares the nitty gritty on how North Korea's Lazarus Group stole $1.4 billion in ETH-related tokens from Bybit, who is ultimately at fault, and what the crypto industry and investors can do to protect themselves against the next major hack. (00:00) Introduction to The Agenda podcast and this week's episode(02:17) How Lazarus Group hacked Bybit (07:17) Are hard wallets and cold wallets safe from hacks?(09:19) How AI and quantum computing could compromise blockchains(12:24) Who is most at fault for the Bybit hack?(16:05) Is THORChain facilitating crime or abiding by the rules of decentralization?(18:46) How smart contract audits work(23:31) Securing AI and planning for the quantum computing Cambrian explosion(26:02) Is there a white hat hacker shortage?(30:34) The future of onchain securityThe Agenda is brought to you by Cointelegraph and hosted/produced by Ray Salmond and Jonathan DeYoung, with post-production by Elena Volkova (Hatch Up). Follow Cointelegraph on X (Twitter) at @Cointelegraph, Jonathan at @maddopemadic and Ray at @HorusHughes. Jonathan is also on Instagram at @maddopemadic, and he made the music for the podcast — hear more at madic.art.Check out Cointelegraph at cointelegraph.com.If you like what you heard, rate us and leave a review!The views, thoughts and opinions expressed in this podcast are its participants' alone and do not necessarily reflect or represent the views and opinions of Cointelegraph. This podcast (and any related content) is for entertainment purposes only and does not constitute financial advice, nor should it be taken as such. Everyone must do their own research and make their own decisions. The podcast's participants may or may not own any of the assets mentioned.
No episódio de hoje do Podcast Canaltech, o foco está em um dos maiores avanços no campo da segurança digital: o modelo Bug Bounty, uma estratégia que está transformando a maneira como as empresas lidam com as ameaças cibernéticas. A IPV7, uma das líderes em cibersegurança, anunciou recentemente a aquisição da plataforma HuntersPay, trazendo para o Brasil uma solução mais eficaz e colaborativa para identificar e corrigir falhas de segurança antes que se tornem um problema. Para falar sobre essa inovação, convidamos Rudnei Carapinheiro, chefe de estratégia da empresa, que compartilhou sua visão sobre como o modelo de segurança ofensiva pode transformar a proteção digital no Brasil e na América Latina. Entre nas redes sociais do Canaltech buscando por @Canaltech Entre em contato pelo nosso e-mail: podcast@canaltech.com.br Entre no Canaltech Ofertas Acesse a newsletter do Canaltech See omnystudio.com/listener for privacy information.
Joseph joins us to share about his career as an ethical hacker. First of all, I didn't know that there were good hackers out there. What a relief! You're going to love this conversation. We cover everything from hacking to faith and AI to international adoption. This stuff is all so fascinating to me, and it was so fun to get to share these thoughts with you! Class is in session. Let's get curious! . . . . . Have a secretly extraordinary life? Apply to be a guest on my podcast in 2025 here: https://forms.gle/Z13WGj63oEfgmtjJ9 . . . . . Order your copy of my new book Reconnected HERE: ReconnectedBook.com Let's keep in touch! Sign up for my newsletter to be the first to hear ALL my updates. https://app.e2ma.net/app2/audience/signup/1987227/1965424/ Interested in advertising with us? Reach out here. Book me to speak HERE: https://www.carloswhittaker.com/events . . . . . Visit CatchingWhimsyBook.com to learn more and download a free chapter sampler today! Learn more about your ad choices. Visit megaphone.fm/adchoices
Joseph joins us to share about his career as an ethical hacker. First of all, I didn't know that there were good hackers out there. What a relief! You're going to love this conversation. We cover everything from hacking to faith and AI to international adoption. This stuff is all so fascinating to me, and it was so fun to get to share these thoughts with you! Class is in session. Let's get curious! . . . . . Have a secretly extraordinary life? Apply to be a guest on my podcast in 2025 here: https://forms.gle/Z13WGj63oEfgmtjJ9 . . . . . Order your copy of my new book Reconnected HERE: ReconnectedBook.com Let's keep in touch! Sign up for my newsletter to be the first to hear ALL my updates. https://app.e2ma.net/app2/audience/signup/1987227/1965424/ Interested in advertising with us? Reach out here. Book me to speak HERE: https://www.carloswhittaker.com/events . . . . . Visit CatchingWhimsyBook.com to learn more and download a free chapter sampler today! Learn more about your ad choices. Visit megaphone.fm/adchoices
Episode 112: In this episode of Critical Thinking - Bug Bounty Podcast Joseph Thacker is joined by Ciarán Cotter (Monke) to share his bug hunting journey and give us the rundown on some recent client-side and server-side bugs. Then they discuss WebSockets, SaaS security, and cover some AI news including Grok 3, Nuclei -AI Flag, and some articles by Johann Rehberger.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter:https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Guest - Ciarán Cotterhttps://x.com/monkehack====== Resources ======Mstyhttps://msty.app/From Day Zero to Zero Dayhttps://nostarch.com/zero-dayNuclei - ai flaghttps://x.com/pdiscoveryio/status/1890082913900982763ChatGPT Operator: Prompt Injection Exploits & Defenseshttps://embracethered.com/blog/posts/2025/chatgpt-operator-prompt-injection-exploits/Hacking Gemini's Memory with Prompt Injection and Delayed Tool Invocationhttps://embracethered.com/blog/posts/2025/gemini-memory-persistence-prompt-injection/====== Timestamps ======(00:00:00) Introduction(00:01:04) Bug Rundowns(00:13:05) Monke's Bug Bounty Background(00:20:03) Websocket Research(00:34:01) Connecting Hackers with Companies(00:34:56) Grok 3, Msty, From Day Zero to Zero Day(00:42:58) Full time Bug Bounty, SaaS security, and Threat Modeling while AFK(00:54:49) Nuclei - ai flag, ChatGPT Operator, and Hacking Gemini's Memory
Sponsor by SEC Playground
En este primer episodio del 2025, hemos comenzado el año de la mejor manera y con una gran entrevista a Gabriel, alias Trelloboy, quien se presenta como Osint Specialist and Bug Bounty Hacker. Hablamos de técnicas, herramientas, recomendaciones, libros y muchas más cosas que no queremos spoilear! Imperdible!
Episode 111: In this episode of Critical Thinking - Bug Bounty Podcast Justin interviews Kevin Mizu to showcase his knowledge regarding DOMPurify and its misconfigurations. We walk through some of Kevin's research, highlighting things like Dangerous allow-lists and URI Attributes, DOMPurify hooks, node manipulation, and DOM Clobbering.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter:https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!====== Resources ======Exploring the DOMPurify library: Bypasses and Fixes (1/2)https://mizu.re/post/exploring-the-dompurify-library-bypasses-and-fixesExploring the DOMPurify library: Hunting for Misconfigurations (2/2)https://mizu.re/post/exploring-the-dompurify-library-hunting-for-misconfigurationsDom-Explorer toolhttps://yeswehack.github.io/Dom-Explorer/shared?id=772a440c-b0c2-4991-be71-3e271cf7954fCT Episode 61: A Hacker on Wall Street - JR0ch17https://www.criticalthinkingpodcast.io/episode-61-a-hacker-on-wall-street-jr0ch17/====== Timestamps ======(00:00:00) Introduction(00:01:44) Kevin Mizu - Background and Bring-a-bug(00:15:09) DOMPurify(00:29:04) Misconfigurations - Dangerous allow-lists(00:39:09) Dangerous URI attributes configuration(00:46:08) Bad usage(00:59:55) DOMPurify Hooks: before, after, and upon SanitizeAttribute(01:29:15) Node manipulation, nodeName namespace case confusion, & DOM Clobbering DOS(01:36:51) Misc concepts for future research
In this episode of the Ardan Labs podcast, Bill Kennedy interviews Julien Cretel, exploring his journey through technology, education, and personal growth. They discuss Julien's early experiences with computers, the influence of his family on his career choices, and his reflections on high school and intensive studies. The conversation highlights the importance of perseverance and the lasting impact of foundational knowledge in software development. The conversation explores Julien's educational journey in engineering, his transition from academia to industry, and his experiences in marine engineering and renewable energy.The discussion also touches on the differences between backend and frontend development, the importance of error handling, and the balance between performance and complexity in software development.00:00 Introduction 00:30 What is Julien Doing Today?05:10 First Memory of a Computer9:00 Family Influence and Early Choices20:00 Deciding on Intense Education31:30 Transition from Academia to Industry42:00 First Programming Job / Code Talk51:41 Performance vs Complexity in Software1:05:00 Transition to Contract Work1:12:00 Debt in the U.S1:19:00 Security Audits / Bug Bounties1:27:00 Open Source Projects Connect with Julien: Julien's Website: https://jub0bs.com/posts/Bluesky: https://bsky.app/profile/jub0bs.comMentioned in this Episode:Iterutil: https://github.com/jub0bs/iterutilCORS: https://github.com/jub0bs/corsWant more from Ardan Labs? You can learn Go, Kubernetes, Docker & more through our video training, live events, or through our blog!Online Courses : https://ardanlabs.com/education/ Live Events : https://www.ardanlabs.com/live-training-events/ Blog : https://www.ardanlabs.com/blog Github : https://github.com/ardanlabs
In this episode, James sits down with Tommy DeVoss (aka Doggy G), who went from a teenage hacker dodging federal prison to becoming one of the most successful ethical hackers in the world. Tommy spills raw, unfiltered stories about his wild days in IRC channels, running with the infamous World of Hell hacking group, and somehow managing to turn his life around to rake in over $4 million in bug bounties. You'll hear how a 10-year computer ban gave him enough pent-up tech energy to power a small country and how his boredom waiting for a friend led to a $180,000 Yahoo bug discovery. Yeah, some people text while waiting—Tommy casually breaks the internet.
HackerOne's co-founder, Michiel Prins walks us through the latest new offensive security service: AI red teaming. At the same time enterprises are globally trying to figure out how to QA and red team generative AI models like LLMs, early adopters are challenged to scale these tests. Crowdsourced bug bounty platforms are a natural place to turn for assistance with scaling this work, though, as we'll discuss on this episode, it is unlike anything bug hunters have ever tackled before. Segment Resources: https://www.hackerone.com/ai/snap-ai-red-teaming https://www.hackerone.com/thought-leadership/ai-safety-red-teaming This interview is a bit different from our norm. We talk to the founder and CEO of OpenVPN about what it is like to operate a business based on open source, particularly through trying times like the recent pandemic. How do you compete when your competitors are free to build products using your software and IP? It seems like an oxymoron, but an open source-based business actually has some significant advantages over the closed source commercial approach. In this week's enterprise security news, the first cybersecurity IPO in 3.5 years! new companies new tools the fate of CISA and the cyber safety review board things we learned about AI in 2024 is the humanless SOC possible? NGFWs have some surprising vulnerabilities what did generative music sound like in 1996? All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-391
HackerOne's co-founder, Michiel Prins walks us through the latest new offensive security service: AI red teaming. At the same time enterprises are globally trying to figure out how to QA and red team generative AI models like LLMs, early adopters are challenged to scale these tests. Crowdsourced bug bounty platforms are a natural place to turn for assistance with scaling this work, though, as we'll discuss on this episode, it is unlike anything bug hunters have ever tackled before. Segment Resources: https://www.hackerone.com/ai/snap-ai-red-teaming https://www.hackerone.com/thought-leadership/ai-safety-red-teaming This interview is a bit different from our norm. We talk to the founder and CEO of OpenVPN about what it is like to operate a business based on open source, particularly through trying times like the recent pandemic. How do you compete when your competitors are free to build products using your software and IP? It seems like an oxymoron, but an open source-based business actually has some significant advantages over the closed source commercial approach. In this week's enterprise security news, the first cybersecurity IPO in 3.5 years! new companies new tools the fate of CISA and the cyber safety review board things we learned about AI in 2024 is the humanless SOC possible? NGFWs have some surprising vulnerabilities what did generative music sound like in 1996? All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-391
HackerOne's co-founder, Michiel Prins walks us through the latest new offensive security service: AI red teaming. At the same time enterprises are globally trying to figure out how to QA and red team generative AI models like LLMs, early adopters are challenged to scale these tests. Crowdsourced bug bounty platforms are a natural place to turn for assistance with scaling this work, though, as we'll discuss on this episode, it is unlike anything bug hunters have ever tackled before. Segment Resources: https://www.hackerone.com/ai/snap-ai-red-teaming https://www.hackerone.com/thought-leadership/ai-safety-red-teaming Show Notes: https://securityweekly.com/esw-391
HackerOne's co-founder, Michiel Prins walks us through the latest new offensive security service: AI red teaming. At the same time enterprises are globally trying to figure out how to QA and red team generative AI models like LLMs, early adopters are challenged to scale these tests. Crowdsourced bug bounty platforms are a natural place to turn for assistance with scaling this work, though, as we'll discuss on this episode, it is unlike anything bug hunters have ever tackled before. Segment Resources: https://www.hackerone.com/ai/snap-ai-red-teaming https://www.hackerone.com/thought-leadership/ai-safety-red-teaming Show Notes: https://securityweekly.com/esw-391
This episode is the interview with Johan Carlsson, a full-time bug bounty hunter who specialises in client-side bugs and is currently the TOP1 hunter on GitLab.
Learn what ethical hackers can teach us about the next era of artificial intelligence.We speak with Michael Skelton, VP of Operations and Sajeeb Lohani, Global TISO for Bugcrowd on the latest edition of 'Inside The Mind Of A Hacker'.We're also joined by CJ Fairhead who is a Senior Penetration Tester, OSCP Certified, Security obsessed and tinkerer of things. Passionate about combining years of Internal IT experience with his security knowledge for Red Team engagements, CJ is involved in the Bug Bounty scene and works on giving back to the community through tool development, blog posts or just general advice. In the latest edition of ITMOAH, dive inside the minds of 1000 hackers and see your organization from a new perspective, with the latest analysis on security researchers and their transformative use of generative AI.For more information and to access more, including the Bugcrowd Report series - visit https://mysecuritymarketplace.com/bugcrowd-register-to-access/#bugcrowd #cisoseries #mysecuritytv #cybersecurity #ITMOAH #ethicalhackers
Bitcoin OG Charlie Shrem is now the chief evangelist of a project called Digital Gold (DGD). In this episode, I ask him and his business partner Digital Gold Yoda all the important questions about the legitimacy of their new cryptocurrency. Time stamps: Introducing Charlie Shrem & Digital Gold Jedi (00:00:48) Is Charlie Still Bullish on Bitcoin? (00:01:40) From Bitcoin to Digital Gold (00:02:05) Details of the Digital Gold Project (00:04:52) Stability and Value Preservation? (00:05:37) Community Engagement and User Growth (00:08:34) Comparison with BitTorrent (00:09:01) There Are Thousands of Digital Golds (00:14:28) Unique Features of the Digital Gold Project (00:15:08) Which Wallets and Exchanges Support Digital Gold? (00:17:05) Community Engagement and Validation (00:17:55) Initial Feedback and Expectations (00:18:50) Purchasing Process and Coin Distribution (00:19:26) Coin Withdrawal Mechanics (00:20:15) Network Growth and Distribution (00:21:02) Exchanges and Market Dynamics (00:22:57) Stablecoin vs. Price Speculation (00:23:25) Price Determination Mechanism (00:24:27) Infrastructure and Value Creation (00:25:09) Market Dynamics and Adoption (00:26:06) Mining vs. Market Factors (00:26:21) Coin Purchase Process Clarification (00:27:13) Community Participation and Evangelism (00:29:20) Address Reuse Concerns (00:31:16) Price Validation by Community (00:32:38) Selling Coins Among Users (00:34:31) Community Exchange Challenges (00:34:43) Decentralized Exchange Considerations (00:35:44) Arbitrage Opportunities (00:36:00) Side Shift (00:36:43) Treasury and Bitcoin Ownership (00:37:42) Concerns About Bitcoin Reserve Safety (00:38:00) Community Trust and Auditing (00:39:26) Charlie Shrem's Long-Term Vision for Digital Gold (00:40:28) Self-Custody and User Understanding (00:41:51) Value of DGB vs. Bitcoin (00:42:07) Name Change Story (00:44:01) Treasury Transparency and Auditing (00:45:24) Future of Auditing in Crypto (00:46:29) Bullish Prediction for Digital Gold (00:47:18) Understanding User Risks and Backup Solutions (00:51:51) Digital Gold Experiment (00:52:56) Challenges of User Adoption (00:54:10) Centralization Concerns (00:57:42) Node Operation Incentives (00:58:16) Concept of Proof of Participation (01:00:55) Contribution vs. Purchase (01:06:52) Intrinsic Value and Market Parity (01:09:07) Discussion on Gold and Currency Value (01:10:04) Clarifying Payment Terminology (01:10:35) Contributions, Not Investments (01:11:57) White Paper Availability (01:12:44) Smart Currency Concept (01:15:20) Comparison with Bitcoin Cash (01:15:49) Participation in the Network (01:16:40) Digital Gold vs Terra Luna (01:17:47) Claiming Coins Without Purchase (01:19:16) Distribution Model Fairness (01:21:04) Becoming a Staker (01:23:25) Node Connection and Validation (01:25:03) Impact of Node Outages (01:27:25) Core Staking Nodes Explained (01:28:09) Government Threats to Network (01:29:10) Initial Market Cap and Podcast Launch (01:30:25) Security Team: How Does It Get Paid? (01:32:44) Bug Bounty and Security Issues (01:36:00) Distribution of Coins and Participation (01:37:29) Peer-to-Peer Transactions (01:39:33) Transparency of Coin Holdings (01:41:51) Labeling The Team's Staking Wallets (01:42:23) First Dancers (01:45:31) Charlie Shrem's Role in Digital Gold (01:45:39) The Litmus Test (01:46:03) Importance of Charlie's Endorsement (01:46:31) Highlighting Charlie's Character (01:47:31) Addressing Potential Concerns (01:48:03) User-Friendly Exchange Integration (01:48:42) Future Selling of Coins (01:49:44) Saying Goodbye (01:50:13)
How will AI redefine cybersecurity in 2025? According to Marco Figueroa, Program Manager for Gen AI at the ODIN Bug Bounty Program, this year is set to be the "Year of the Agent," where AI systems and integrations take a central role. In this special New Year bonus episode, Ron sits down with Marco to discuss the transformative role of AI in solving cybersecurity challenges. Marco breaks down AI jailbreak techniques, the impact of bug bounty programs on securing AI systems, and why 2025's fast-evolving tech landscape demands creative thinking. Learn how tools like ChatGPT and Gemini 2.0 are reshaping the industry and why staying adaptable is essential. Impactful Moments: 00:00 - Introduction 02:14 - Speed vs. safety: AI system challenges 05:30 - Why experience matters more than information 07:45 - Legal stakes for deepfakes and AI 18:36 - Marco's creative journey in cybersecurity 28:00 - Jailbreaks: Risks and surprising AI findings 37:13 - 2025 predictions: The rise of agents 41:00 - Closing thoughts and the power of community Links: Connect with our guest, Marco Figueroa: https://www.linkedin.com/in/marco-figueroa-re/ Chuck Brooks' 2025 Cybersecurity Predictions article: https://www.forbes.com/sites/chuckbrooks/2024/12/24/cybersecurity-trends-and-priorities-to-watch-for-2025/ Focus Areas for the FaccT Conference News: https://facctconference.org/2025/focusareas “Unreasonable Hospitality” by Will Guidara Book Link: https://www.amazon.com/Unreasonable-Hospitality-Remarkable-Giving-People/dp/0593418573 Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/
As part of our Bugcrowd Leadership Series, we speak with Dave Gerry, Chief Executive Officer of Bugcrowd on his most recent visit to Sydney and the region. His visit for Cybercon in Melbourne also follows with the company recently securing a USD50 million capital growth facility from the Silicon Valley Bank and also appointing Trey Ford, as chief information security officer for the Americas.We also refer to the latest edition of ITMOAH, which dives inside the minds of 1,000 hackers and the latest analysis on security researchers and their transformative use of generative AI.For more on the CxO Perspectives and Hack the Hacker Series with Bugcrowd visit https://mysecuritymarketplace.com/bugcrowd-register-to-access/#bugcrowd #mysecuritytv #cisoseries #bugbounty
Episode 102: In this episode of Critical Thinking - Bug Bounty Podcast Justin grabs Jason Haddix to help brainstorm the concept of AI micro-agents in hacking, particularly in terms of web fuzzing, WAF bypasses, report writing, and more.They discuss the importance of contextual knowledge, the cost implications, and the strengths of different LLM Models.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Check out our new SWAG store at https://ctbb.show/swag!Today's Guest - https://x.com/JhaddixResourcesKeynote: Red, Blue, and Purple AI - Jason Haddixhttps://www.youtube.com/watch?v=XHeTn7uWVQMAttention in transformers,https://www.youtube.com/watch?v=eMlx5fFNoYcShifthttps://shiftwaitlist.com/The Darkest Side of Bug Bountyhttps://www.youtube.com/watch?v=6SNy0u6pYOcTimestamps(00:00:00) Introduction(00:01:25) Micro-agents and Weird Machine Tricks(00:11:05) Web fuzzing with AI(00:18:15) Brainstorming Shift and micro-agents(00:34:40) Strengths of different AI Models, and using AI to write reports(00:54:21) The Darkest Side of Bug Bounty
Josh and Kurt talk about a CWE Top 25 list from MITRE. The list itself is fine, but we discuss why the list looks the way it does (it's because of WordPress). We also discuss why Josh hates lists like this (because they never create any actions). We finish up running through the whole list with a few comments about the findings. Show Notes 2024 CWE Top 25 Most Dangerous Software Weaknesses Set of 9 Unusual Odd Sided dice - D3, D5, D7, D9, D11, D13, D15, D17 & D19
Dr. Sunny Wear began her career as a developer, spending countless hours maintaining others' code—a humbling experience, as she describes it. Realizing she wanted a different path, a friend suggested exploring cybersecurity at just the right time. Together, they tackled the CISSP exam, which Dr. Sunny passed, igniting her passion for application penetration testing. Now […]
The Cybercrime Magazine Podcast brings you daily cybercrime news on WCYB Digital Radio, the first and only 7x24x365 internet radio station devoted to cybersecurity. Stay updated on the latest cyberattacks, hacks, data breaches, and more with our host. Don't miss an episode, airing every half-hour on WCYB Digital Radio and daily on our podcast. Listen to today's news at https://soundcloud.com/cybercrimemagazine/sets/cybercrime-daily-news. Brought to you by our Partner, Evolution Equity Partners, an international venture capital investor partnering with exceptional entrepreneurs to develop market leading cyber-security and enterprise software companies. Learn more at https://evolutionequity.com
Episode 99: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Roni dissect an old thread of Justin's talking about how best to start bug bounty with the goal of making $100k in the first year.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Today's Sponsor - AssetNote: Check out their ASMR board (no not that kind!)https://assetnote.io/asmrToday's Guest - https://x.com/0xLupinResourcesJustin's Twitter Threadhttps://x.com/Rhynorater/status/1699395452481769867Timestamps(00:00:00) Introduction(00:03:00) Web Fundamentals Education(00:46:01) Threat Modeling and Hacking Goals(01:18:58) Vuln Types and finding Specialization
In this in-depth conversation, Jason Waits, Chief Information Security Officer (CISO) at Inductive Automation, provides a comprehensive exploration of Industrial Control System (ICS) cybersecurity. With decades of experience securing critical infrastructure and navigating the complexities of Operational Technology (OT) environments, Jason offers actionable insights into the current state and future of cybersecurity in industrial sectors like manufacturing, energy, and water treatment.The discussion begins with an overview of what makes ICS cybersecurity distinct from traditional IT security. Jason explains how OT systems prioritize availability and safety, presenting unique challenges compared to the confidentiality-driven focus of IT. The conversation highlights key vulnerabilities in ICS environments, such as legacy systems that lack modern security features, poorly designed protocols without encryption, and the risks posed by IT/OT convergence.Jason dives into common attack vectors, including social engineering (phishing), lateral movement from IT to OT networks, and physical access breaches. He explores real-world case studies like the Colonial Pipeline ransomware attack, the Oldsmar water treatment plant hack, and the Stuxnet worm, illustrating how these vulnerabilities have been exploited and the lessons they offer for building stronger defenses.The video also emphasizes the critical role of compliance and standards, such as ISA/IEC 62443, the NIST Cybersecurity Framework, and CIS Controls. Jason underscores the difference between compliance and real security, advocating for a "security first, compliance second" philosophy to ensure that organizations focus on mitigating actual risks rather than merely checking regulatory boxes.As the conversation unfolds, Jason discusses the role of vendors and OEMs in securing ICS environments, detailing how Inductive Automation uses proactive measures like Pwn2Own competitions, bug bounty programs, and detailed security hardening guides to improve the security of their products. He highlights the importance of collaboration between vendors and customers to address challenges like long equipment lifecycles and the growing adoption of cloud services.Emerging technologies also take center stage, with Jason exploring how artificial intelligence (AI) is transforming threat detection and response, while also enabling more sophisticated attacks like personalized phishing and adaptive malware. He addresses the implications of IT/OT convergence, emphasizing the need for collaboration between traditionally siloed teams and the importance of building shared security frameworks.For organizations looking to strengthen their cybersecurity posture, Jason offers practical steps, starting with foundational measures like asset management and configuration baselines. He explains how leveraging free resources, such as CIS Benchmarks, and creating a roadmap for cybersecurity maturity can help organizations of all sizes navigate these challenges, even with limited budgets.Timestamps0:00 – Introduction and Overview of ICS Cybersecurity3:15 – Meet Jason Waits: Background and Journey to CISO6:45 – What Is ICS Cybersecurity? Key Differences Between IT and OT10:30 – The Importance of Availability and Safety in OT Systems13:50 – Challenges of Legacy Systems and Long Equipment Lifecycles17:20 – Attack Vectors: Social Engineering, Lateral Movement, and Physical Access20:10 – Case Studies: Colonial Pipeline, Oldsmar Water Treatment Plant, and Stuxnet25:35 – Compliance vs. Security: Jason's “Security First, Compliance Second” Philosophy30:00 – The Role of Vendors and OEMs in Cybersecurity34:45 – Inductive Automation's Approach: Pwn2Own, Bug Bounties, and Security Hardening Guides40:00 – Emerging Technologies: AI in Threat Detection and the Risks of Sophisticated Phishing45:10 – The Growing Adoption of Cloud in ICS and Its Implications50:00 – IT/OT Convergence: Opportunities and Challenges55:15 – Practical Steps for Organizations: Asset Management and Roadmaps1:00:10 – Building a Security Culture: Collaboration Between IT and OT Teams1:05:30 – Future Outlook: Increasing Regulations, Ransomware Risks, and Innovation1:10:00 – Using Cybersecurity as a Competitive Advantage1:15:00 – Closing Thoughts: The Need for Continuous Learning and Proactive ActionAbout Manufacturing Hub:Manufacturing Hub Network is an educational show hosted by two longtime industrial practitioners Dave Griffith and Vladimir Romanov. Together they try to answer big questions in the industry while having fun conversations with other interesting people. Come join us weekly! ******Connect with UsVlad RomanovDave GriffithManufacturing HubSolisPLCJoltek
Episode 98: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner sits down with Sharon,to discuss his journey from early iOS development to leading a research team at Claroty. They address the differences between HackerOne and Pwn2Own, and talk through some intricacies of IoT security, and some less common IoT attack surfaces.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Today's Sponsor - ThreatLocker: Check out Network Control!https://www.criticalthinkingpodcast.io/tl-ncAnd AssetNote: Check out their ASMR board (no not that kind!)https://assetnote.io/asmrToday's Guest: https://sharonbrizinov.com/ResourcesThe Claroty Research Teamhttps://claroty.com/team82Pwntoolshttps://github.com/Gallopsled/pwntoolsScan My SMShttp://scanmysms.comGotta Catch 'Em All: Phishing, Smishing, and the birth of ScanMySMShttps://www.youtube.com/watch?v=EhNsXXbDp3UTimestamps(00:00:00) Introduction(00:03:31) Sharon's Origin Story(00:21:58) Transition to Bug Bounty and Pwn2Own vs HackerOne(00:47:05) IoT/ICS Hacking Methodology(01:10:13) Cloud to Device Communication(01:18:15) Bug replication and uncommon attack surfaces(01:30:58) Documentation tracker, reCaptcha bypass, and ScanMySMS
A chatty chat in which we discuss the Infinite Backrooms and the extremely profitable shock-meme-cult it spurred, a big update in the McDonald's ice cream machine right to repair story, Apple Bug Bounties, Canadian hackers and so much more. Learn more about your ad choices. Visit podcastchoices.com/adchoices
(Disclaimer: Click 'more' to see ad disclosure) Geobreeze Travel is part of an affiliate sales network and receives compensation for sending traffic to partner sites, such as MileValue.com. This compensation may impact how and where links appear on this site. This site does not include all financial companies or all available financial offers. Terms apply to American Express benefits and offers. Enrollment may be required for select American Express benefits and offers. Visit americanexpress.com to learn more. ➤ Free LIVE training to maximize your points https://geobreezetravel.com/webinar ➤ Free points 101 course (includes hotel upgrade email template) https://geobreezetravel.com/freecourse ➤ Free credit card consultations https://airtable.com/apparEqFGYkas0LHl/shrYFpUr2zutt5515 ➤ Seats.Aero: https://geobreezetravel.com/seatsaero ➤ Request a free personalized award search tutorial: https://go.geobreezetravel.com/ast-form If you are interested in supporting this show when you apply for your next card, check out https://geobreezetravel.com/cards and if you're not sure what card is right for you, I offer free credit card consultations at https://geobreezetravel.com/consultations! Timestamps: 00:00 Introduction / Get to know Ian 01:24 Ian's Cybersecurity Background 02:39 Bug Bounties and Earning Miles 05:12 Hotel Lock Security Flaws 08:44 TSA Known Crew Member Vulnerability 16:08 Building Seats.Aero 20:51 Challenges and Features of Seats.Aero 26:10 Community and Support 30:15 Final Thoughts and Tips You can find Julia at: ➤ Website: https://geobreezetravel.com/ ➤ Instagram: https://www.instagram.com/geobreezetravel/ ➤ Credit card links: https://www.geobreezetravel.com/cards ➤ Patreon: https://www.patreon.com/geobreezetravel Opinions expressed here are the author's alone, not those of any bank, credit card issuer, hotel, airline, or other entity. This content has not been reviewed, approved or otherwise endorsed by any of the entities included within the post. The content of this video is accurate as of the posting date. Some of the offers mentioned may no longer be available.
- Activist Hedge Fund Buys Into Nissan - VinFast Gets Cash Life-Line - Trump Appoints Zeldin to EPA - Cadillac VISTIQ EV Details - Buick Adds Upgrades to Luxurious CENTURY Van - Porsche Holding Regular Bug Bounty Programs - Stellantis Secures Graphite in North America - Japanese Hydrogen JV Goes Racing - Fiat Offers 12-Volt Mild Hybrid
- Activist Hedge Fund Buys Into Nissan - VinFast Gets Cash Life-Line - Trump Appoints Zeldin to EPA - Cadillac VISTIQ EV Details - Buick Adds Upgrades to Luxurious CENTURY Van - Porsche Holding Regular Bug Bounty Programs - Stellantis Secures Graphite in North America - Japanese Hydrogen JV Goes Racing - Fiat Offers 12-Volt Mild Hybrid
We speak with Dina Mathers, Chief Information Security Officer, Carvana alongside Nick Mckenzie, Chief Information & Security Officer with Bugcrowd.Dina Mathers, who leads Information Security at Carvana - was recently awarded the CISOs Top 100 Accelerated CISOs Award which recognizes leaders who are shaping the future of cybersecurity. Carvana engages Bugcrowd for bug bounty and vulnerability assessments, with Dina giving candid insights into the scalability, business value and assurances that the Bugcrowd platform provides.Carvana (NYSE: CVNA) is an industry pioneer for buying and selling used vehicles online. As the fastest growing used automotive retailer in U.S. history, its proven, customer-first ecommerce model has positively impacted millions of people's lives through convenient, accessible and transparent experiences.Carvana allows customers to browse a nationwide inventory and purchase a vehicle from the comfort of their home entirely online, benefiting from a 7-day money back guarantee, home delivery and more. Customers also have the option to sell or trade-in their vehicle online in seconds. For the full interview and more information visit https://mysecuritymarketplace.com/bugcrowd-register-to-access/#bugcrowd #cisoseries #mysecuritytv #cybersecurity
Jailbreaking AI: Behind the Guardrails with Mozilla's Marco Figueroa In this episode of 'Cyber Security Today,' host Jim Love talks with Marco Figueroa, the Gen AI Bug Bounty Program Manager for Mozilla's ODIN project. They explore the challenges and methods of bypassing guardrails in large language models like ChatGPT. Discussion points include jailbreaking, hexadecimal encoding, and the use of techniques like Deceptive Delight. Marco shares insights from his career, including his experiences at DEF CON, the NSA, McAfee, Intel, and Sentinel One. The conversation dives into Mozilla's efforts to build a secure AI landscape through the ODIN bug bounty program and the future implications of AI vulnerabilities. 00:00 Introduction and Guest Introduction 00:22 Understanding Large Language Models and Jailbreaking 01:53 Recent Jailbreaking Techniques and Examples 04:42 Interview with Marco Figueroa: Career Journey 10:12 Marco's Work at Mozilla and the ODIN Project 16:50 Exploring Prompt Injection and Hacking 23:21 Future of AI Security and Final Thoughts
Exposing AI Vulnerabilities with Mozilla's Gen AI Bug Bounty Manager - Marco Figueroa In this special weekend edition of Hashtag Trending, host Jim Love sits down with Marco Figueroa, the Gen AI Bug Bounty Program Manager for Mozilla's ODIN project. They delve into the challenges and intricacies of bypassing security guardrails in large language models like ChatGPT and Claude. Marco shares insights from his storied career in cybersecurity, his role at Mozilla, and the innovative techniques hackers use to jailbreak AI systems. Learn about prompt engineering, prompt injection, and prompt hacking, and discover how Mozilla's ODIN project aims to set new standards in AI security. 00:00 Introduction and Guest Introduction 00:22 Understanding Large Language Models and Jailbreaking 02:02 Recent Jailbreaking Techniques and Discoveries 04:41 Interview with Marco Figueroa: Career Journey 10:12 Marco's Work at Mozilla and the ODIN Project 16:50 Exploring Prompt Injection and Hacking 23:20 Future of AI Security and Final Thoughts 38:00 Conclusion and Contact Information
After spending a decade working for appsec vendors, Grant McKracken wanted to give something back. He saw a gap in the market for free or low-cost services for smaller organizations that have real appsec needs, but not a lot of means to pay for it. He founded DarkHorse, who offers VDPs and bug bounties to organizations of all sizes for free, or for as low of cost as possible. While not a non-profit, the company's goal is to make these services as cheap as possible to increase accessibility for smaller or more budget-constrained organizations. The company has also introduced the concept of "fractional pentesting", access to cyber talent when and how you need it, based on what you can afford. This implies services beyond just offensive security, something we'll dive deeper into in the interview. We don't see DarkHorse ever competing with the larger Bug Bounty platforms, but rather providing services to the organizations too small for the larger platforms to sell to. Microsoft delays Recall AGAIN, Project Zero uses an LLM to find a bugger underflow in SQLite, the scourge of infostealer malware, zero standing privileges is easy if you have unlimited time (but no one does), reverse engineering Nintendo's Alarmo and RedBox's... boxes. Bonus: the book series mentioned in this episode The Lost Fleet by Jack Campbell. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-306
After spending a decade working for appsec vendors, Grant McKracken wanted to give something back. He saw a gap in the market for free or low-cost services for smaller organizations that have real appsec needs, but not a lot of means to pay for it. He founded DarkHorse, who offers VDPs and bug bounties to organizations of all sizes for free, or for as low of cost as possible. While not a non-profit, the company's goal is to make these services as cheap as possible to increase accessibility for smaller or more budget-constrained organizations. The company has also introduced the concept of "fractional pentesting", access to cyber talent when and how you need it, based on what you can afford. This implies services beyond just offensive security, something we'll dive deeper into in the interview. We don't see DarkHorse ever competing with the larger Bug Bounty platforms, but rather providing services to the organizations too small for the larger platforms to sell to. Show Notes: https://securityweekly.com/asw-306
After spending a decade working for appsec vendors, Grant McKracken wanted to give something back. He saw a gap in the market for free or low-cost services for smaller organizations that have real appsec needs, but not a lot of means to pay for it. He founded DarkHorse, who offers VDPs and bug bounties to organizations of all sizes for free, or for as low of cost as possible. While not a non-profit, the company's goal is to make these services as cheap as possible to increase accessibility for smaller or more budget-constrained organizations. The company has also introduced the concept of "fractional pentesting", access to cyber talent when and how you need it, based on what you can afford. This implies services beyond just offensive security, something we'll dive deeper into in the interview. We don't see DarkHorse ever competing with the larger Bug Bounty platforms, but rather providing services to the organizations too small for the larger platforms to sell to. Microsoft delays Recall AGAIN, Project Zero uses an LLM to find a bugger underflow in SQLite, the scourge of infostealer malware, zero standing privileges is easy if you have unlimited time (but no one does), reverse engineering Nintendo's Alarmo and RedBox's... boxes. Bonus: the book series mentioned in this episode The Lost Fleet by Jack Campbell. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-306
In today's episode of Cybersecurity Today, host Jim Love covers stories including, Cisco releases an emergency patch for a vulnerability exploited in brute force attacks, Delta Airlines sues CrowdStrike over a problematic software update leading to flight disruptions, UnitedHealth confirms the massive data breach at Change Healthcare affecting 100 million people, and Apple announces a $1 million bug bounty for hacking Apple Intelligence servers. Stay informed on these pivotal issues impacting the tech and cybersecurity landscape. 00:00 Emergency Patch for Cisco Vulnerability 02:02 Delta Sues CrowdStrike Over Flight Disruptions 03:48 Apple's $1 Million Bug Bounty Program 05:14 UnitedHealth Data Breach Impact 07:17 Show Wrap-Up and Contact Information
Apple is offering a ‘bug bounty' of $1 million for anyone able to hack into the tech giant's AI intelligence network. Over 120 dead in Tropical Storm Trami in the Philippines as Vietnam braces. Nasa astronaut released from hospital after eight months in space.Also in this episode:New chronic pain treatments for childhood cancer patients investigatedGreenhouse gas levels surge to new record - UN‘Major success' as endangered bongo calf born at UK safari parkLondon Zoo's escaped parrots recaptured 60 miles away Hosted on Acast. See acast.com/privacy for more information.
Get your FREE 2024 Cybersecurity Salary Guide: https://www.infosecinstitute.com/form/cybersecurity-salary-guide-podcast/?utm_source=youtube&utm_medium=podcast&utm_campaign=podcastJoin us on this episode of Cyber Work with Katie Paxton-Fear, an API hacker and technical marketing manager at Traceable, known for her YouTube channel InsiderPhD. Dive into API security, common defense mistakes and bug bounty insights. Listen as Paxton-Fear shares her academic journey blending tech and linguistics, her pioneering NLP work on insider threats and tips on becoming an API security expert. Learn about detecting insider cyber threats, the role of AI in securing APIs and essential resources to enhance your cybersecurity skills. Plus, explore the dynamic world of freelance ethical hacking, the role of a technical marketer and the significance of resonant content creation. Stay tuned for a comprehensive guide to elevating your API security know-how and cybersecurity career!View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast/?utm_source=audio&utm_medium=podcast&utm_campaign=podcast00:00 - Introduction to Katie Paxton-Fear01:48 - Katie's journey into tech and cybersecurity05:23 - Combining tech and language15:34 - From academia to YouTube21:30 - API security: challenges and insights26:38 - The role of AI in API security30:28 - API key management and security31:08 - Common API key breaches32:15 - Preventing API key leaks33:39 - The importance of key rotation34:31 - Getting started in API security35:36 - Recommended resources for API security37:32 - Hands-on API hacking45:28 - The bug bounty community50:32 - Role of a technical marketing manager53:45 - Career advice and final thoughtsAbout InfosecInfosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ's security awareness training. Learn more at infosecinstitute.com.
Episode 91: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner sits down with Critical Thinking's own HackerNotes writer Brandyn Murtagh (gr3pme) to talk about his journey with Bug Bounty. We cover mentorship, networking and LHEs, ecosystem hacking, emotional regulation, and the need for self-care. Then we wrap up with some fun bugs.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Find the Hackernotes: https://blog.criticalthinkingpodcast.io/Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Shop our new swag store at ctbb.show/swagToday's Sponsor: Project Discovery - tldfinder: https://www.criticalthinkingpodcast.io/tldfinderToday's guest: https://x.com/gr3pmeResources:Lessons Learned for LHEshttps://x.com/Rhynorater/status/1579499221954473984Timestamps:(00:00:00) Introduction(00:07:02) Mentorship in Bug Bounty(00:16:30) LHE lessons, takeaways, and the benefit of feedback and networking(00:41:28) Choosing Targets(00:49:03) Vuln Classes(00:58:54) Bug Reports
Episode 89: In this episode of Critical Thinking - Bug Bounty Podcast We're joined live by Matt Brown to talk about his journey with hacking in the IoT. We cover the specializations and challenges in hardware hacking, and Matt's personal Methodology. Then we switch over to touch on BGA Reballing, Certificate Pinning and Validation, and some of his own bug stories.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Find the Hackernotes: https://blog.criticalthinkingpodcast.io/Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Today's Sponsor: Project Discovery - tldfinder: https://www.criticalthinkingpodcast.io/tldfinderToday's Guess Matt Brown: https://x.com/nmatt0Resources:Decrypting SSL to Chinese Cloud Servershttps://www.youtube.com/watch?v=3qSxxNvuEtgmitmrouterhttps://github.com/nmatt0/mitmroutercertmitm Automatic Exploitation of TLS Certificate Validation Vulnshttps://www.youtube.com/watch?v=w_l2q_Gyqfoandhttps://media.defcon.org/DEF%20CON%2031/DEF%20CON%2031%20presentations/Aapo%20Oksman%20-%20certmitm%20automatic%20exploitation%20of%20TLS%20certificate%20validation%20vulnerabilities.pdfhttps://github.com/aapooksman/certmitmHackerOne Detailed Platform Standardshttps://docs.hackerone.com/en/articles/8369826-detailed-platform-standardsTimestamps:(00:00:00) Introduction(00:13:33) Specialization and Challenges of IOT Hacking(00:33:03) Decrypting SSL to Chinese Cloud Servers(00:47:00) General IoT Hacking Methodology(01:26:00) Certificate Pinning and Certificate Validation(01:34:35) BGA Reballing(01:43:26) Bug Stories
Episode 87: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with none other than his wife Mariah to talk about Bug Bounty from the perspective of a Significant Other. They share how they've traversed travel and Live Hacking Events, household chores, hobbies, goals, rewards, as well as how best to encourage and support the hacker/non-hacker in your life.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Find the Hackernotes: https://blog.criticalthinkingpodcast.io/Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Shop our new swag store at ctbb.show/swagToday's Guest: https://x.com/MariahG017Resources:Ruby Nealon's songhttps://x.com/_ruby/status/835306502546149376Don't Force Yourself to Become a Bug Bounty Hunterhttps://samcurry.net/dont-force-yourself-to-become-a-bug-bounty-hunterTimestamps(00:00:00) Introduction(00:03:12) Technical Questions for a Bug Bounty Wife(00:16:11) Mariah's First LHE experience(00:31:12) LHEs as a Couple(00:41:57) Encouragement and Risk(00:55:55) Hacker Family Dynamics, goals, and keeping promises(01:17:35) How to care for your Hacker/Hacker Wife
Stopping Chinese AI/Robot imports, Substrate for political platforms, sun vs. smoking, and more... Subscribe to the newsletter at: https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://twitter.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler See you in the next one!Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.
Lawfare Editor-in-Chief Benjamin Wittes sits down with Katie Moussouris of Luta Security to talk bug bounties. Where do they come from? What is their proper role in cybersecurity? What are they good for, and most importantly, what are they not good for? Moussouris was among the hackers who first did bug bounties at scale—for Microsoft, and then for the Pentagon. Now she helps companies set up bug bounty programs and is dismayed by how they are being used.To receive ad-free podcasts, become a Lawfare Material Supporter at www.patreon.com/lawfare. You can also support Lawfare by making a one-time donation at https://givebutter.com/c/trumptrials.Support this show http://supporter.acast.com/lawfare. Hosted on Acast. See acast.com/privacy for more information.
Episode 82: In this episode of Critical Thinking - Bug Bounty Podcast Joel Margolis discusses strategies and tips for part-time bug bounty hunting. He covers things like finding (and enforcing) balance, picking programs and goals, and streamlining your process to optimize productivity.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Resources:Evernote RCE Posthttps://0reg.dev/blog/evernote-rceServiceNow Bug Chainhttps://www.assetnote.io/resources/research/chaining-three-bugs-to-access-all-your-servicenow-dataDouglas Day's Talk on finding 'no's'https://youtu.be/G1RHa7l1Ys4?si=TY16ULsEIfJ9CMKkTimestamps:(00:01:37) Introduction(00:02:24) Evernote RCE Post(00:06:47) AssetNote ServiceNow Bug Chain(00:12:16) Part-Time Bug Bounty: Balance and Accountability(00:18:04) Picking programs: Impact and Payout(00:28:46) Streamline your process
In this week's “Throwback Thursday / Where are they now?” segment, we hear from an ethical hacker who carved out a niche in cybersecurity by safeguarding small businesses. Today, we're updating you on his pivot to earning through bug bounties. Side Hustle School features a new episode EVERY DAY, featuring detailed case studies of people who earn extra money without quitting their job. This year, the show includes free guided lessons and listener Q&A several days each week. Show notes: SideHustleSchool.com Email: team@sidehustleschool.com Be on the show: SideHustleSchool.com/questions Connect on Instagram: @193countries Visit Chris's main site: ChrisGuillebeau.com Read A Year of Mental Health: yearofmentalhealth.substack.com If you're enjoying the show, please pass it along! It's free and has been published every single day since January 1, 2017. We're also very grateful for your five-star ratings—it shows that people are listening and looking forward to new episodes.