Episode 137: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner and Joseph Thacker reunite to talk about AI Hacking Assistants, CSPT and cache deception, and a bunch of tools like ch.at, Slice, Ebka, and more.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to https://twitter.com/realytcracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater and Rez0 on Twitter:
https://x.com/Rhynorater
https://x.com/rez0__
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today’s Sponsor - ThreatLocker. Checkout ThreatLocker DAC!
https://www.criticalthinkingpodcast.io/tl-dac
====== This Week in Bug Bounty ======
Vulnerability vectors: SQL injection for Bug Bounty hunters
https://www.yeswehack.com/learn-bug-bounty/vulnerability-vectors-sql-injection?utm_source=sponsor&utm_medium=blog&utm_campaign=sqli-vuln-vectors
Mozilla VPN Clients: RCE via file write and path traversal
https://hackerone.com/reports/2995025
====== Resources ======
Cache Deception + CSPT:
https://zere.es/posts/cache-deception-cspt-account-takeover/
dig @ch.at
https://x.com/Arxiv_Daily/status/1952452878716805172
Searchlight Cyber Tools
http://Tools.slcyber.io
Slice
https://github.com/noperator/slice
Ebka-Caido-AI
https://github.com/Slonser/Ebka-Caido-AI
postMessage targetOrigin bypass
https://bughunters.google.com/reports/vrp/wG2bN8vZr
====== Timestamps ======
(00:00:00) Introduction
(00:01:26) Claude, Gemini, and Hacking Assistants
(00:11:08) AI Safety
(00:18:09) CSPT
(00:23:26) Dig, Slice, Ebka, & Searchlight Cyber Tools
(00:45:19) postMessage targetOrigin bypass
