Episode 149: DEFCON Debrief: AI Vulns, Unicode Weirdness, and Wild Vulnerability Chains

Episode 149: In this episode of Critical Thinking - Bug Bounty Podcast The DEFCON videos are up, and Justin and Joseph talk through some of their favorites.Follow us on XGot any ideas and suggestions? Feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!====== Resources ======Unicode surrogates conversionPrompt. Scan. ExploitBreaking into thousands of cloud based VPNs with 1 bugExamining Access Control Vulnerabilities in GraphQLSmart Bus Smart HackingPasskeys PwnedBypassing Intent Destination ChecksGemini Agents in Google CalendarExploitation of DOM Clobbering Vuln at ScaleTheHulkSmart Devices, Dumb ResetsMac PRT Cookie Theft====== Timestamps ======(00:00:00) Introduction(00:10:10) Prompt. Scan. Exploit(00:23:52) Breaking into thousands of cloud based VPNs with 1 bug(00:33:25) Access Control Vulns in GraphQL, Smart Bus Hacking, & Passkeys Pwned(00:44:10) Bypassing Intent Destination Checks & Invoking Gemini Agents(00:57:08) DOM Clobbering, Mac PRT Cookie Theft, & Smart Devices, Dumb Resets

There are no comments yet.

Please log in to write the first comment.