Episode 127: In this episode of Critical Thinking - Bug Bounty Podcast we address some recent bug bounty controversy before jumping into a slew of news items, as well as talking about how to hack efficiently and Hackedin vs. Disclosed Online.

Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to https://twitter.com/realytcracker for the awesome intro music!

====== Links ======
Follow your hosts Rhynorater and Rez0 on Twitter:
https://x.com/Rhynorater
https://x.com/rez0__

====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today’s Sponsor: Adobe: hackerone.com/adobe

====== This Week In Bug Bounty ======

Hackers Guide to Google dorking https://www.yeswehack.com/learn-bug-bounty/recon-hackers-guide-google-dorking?utm_source=twitter&utm_medium=social&utm_campaign=guide-google-dorking

YesWeCaido
https://www.yeswehack.com/learn-bug-bounty/yeswecaido-plugin-bug-bounty-programs?utm_source=sponsor&utm_medium=blog&utm_campaign=blog-tool-yeswecaido

New Dojo challenge
https://dojo-yeswehack.com/challenge-of-the-month/dojo-42?utm_source=twitter&utm_medium=social&utm_campaign=dojo-challenge?

Smart Contract BB tips:
https://www.hackerone.com/blog/smart-contracts-common-vulnerabilities-and-real-world-cases

Red Team AAS
Good addition to the pentest AAS and another chance for hacker to work with/for BC
https://www.bugcrowd.com/blog/introducing-bugcrowd-red-team-as-a-service-rtaas/

====== Resources ======
Disclosed
https://getdisclosed.com/

PDF csp bypass
https://x.com/xssdoctor/status/1932953259339083929

Bypassing File Upload Restrictions To Exploit Client-Side Path Traversal
https://blog.doyensec.com/2025/01/09/cspt-file-upload.html

OBS WebSocket to RCE
https://jorianwoltjer.com/blog/p/research/obs-websocket-rce

Time in a bottle (or knapsack)
https://www.sensecurity.io/time-in-a-bottle-or-knapsack/

How to Differentiate Yourself as a Bug Bounty Hunter
https://www.youtube.com/watch?v=WTH6f0R7uzo

Disclosed. Online
https://www.disclosedonline.com/

hacked-in
https://hackedin.net/

‘EchoLeak’
https://www.aim.security/lp/aim-labs-echoleak-blogpost

Piloting Edge Copilot
https://archive.codeblue.jp/2024/files/cb24_Piloting_Edge_Copilot_by_Jun_Kokatsu.pdf

Newtowner
https://github.com/assetnote/newtowner

Tips for agent prompting
https://x.com/Jhaddix/status/1931834748793655539

Firefox XSS vectors
https://x.com/garethheyes/status/1932066642026012716

Tweet from Masato Kinugawa
https://x.com/kinugawamasato/status/1929635990316146899

Chrome debug() function
https://x.com/J0R1AN/status/1933463155763560881

====== Timestamps ======
(00:00:00) Introduction
(00:07:40) Disclosed
(00:10:57) PDF CSP and OBS Websocket to RCE
(00:17:54) Time in a bottle & and hacking efficiently
(00:27:03) Hackedin vs. Disclosed Online
(00:35:39) ‘EchoLeak’ & Piloting Edge Copilot
(00:46:03) Newtowner & tips for agent prompting
(00:53:57) Firefox XSS trick & AI Training Data
(01:02:23) Chrome debug() function