Episode 177: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by BruteCat to talk about his journey hacking Google Cloud, Gmail, Youtube, and Google Phone.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to https://twitter.com/realytcracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
https://x.com/Rhynorater
https://x.com/rez0__
https://x.com/gr3pme
Critical Research Lab:
https://lab.ctbb.show/
Need a Pentest? We just launched CTBB Pentests!
https://pentest.ctbb.show/
Hack full time? Check out the Full-Time Hunter’s Guild!
https://ctbb.show/fthg
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today's Sponsor: Check out Zero Trust Cloud Access from ThreatLocker
https://www.criticalthinkingpodcast.io/tl-ztca
Today’s Guest: https://x.com/brutecat
====== Resources ======
StubZero: $148,337 RCE in Google Cloud Production
https://brutecat.com/articles/google-cloud-rce/
Leaking the email of any YouTube user for $10,000
https://brutecat.com/articles/leaking-youtube-emails/
Disclosing YouTube Creator Emails for a $20k Bounty
https://brutecat.com/articles/youtube-creator-emails/
Leaking the phone number of any Google user
https://brutecat.com/articles/leaking-google-phones/
====== Timestamps ======
(00:00:00) Introduction
(00:29:14) 2nd RCE in Application Integration
(00:39:55) BruteCat's Background & RCE Follow-up Questions
(00:48:02) Google VRP and Youtube Bugs
(01:10:17) Google Phone Leak
(01:18:36) Discovery Docs and Episode 178 Teaser
