This thread will make your palms sweat 🧵 One mistake costs life. I open thread 🧵

In the previous episode (117), @Rez0__ introduced Vulnus ex Machina, a mini-series we're doing on AI hacking. Here's the TL;DR from our weekly HackerNotes. The link to the post and everything we discussed can be found below! ↓ ►⠀Vulnus ex Machina, Part 1 This is the first

HackerNotes TLDR for episode 119! Link for the entire blog post below. ►⠀iframes iframes let you embed other pages into your site and interact with them. They're useful for clickjacking, OAuth flows, and any scenario where you can benefit from controlling the context of

"não quero normie usando" é foda. Não é como se não existisse distro feita pra só funcionar sem precisar de tweak algum. Imaginem o que passa na cabeça de quem se acha superior só porque usa um sistema que precisa entender um pouco mais de tech.

"The Karnataka High Court on Tuesday directed the Union of India to initiate process to block Proton Mail in India." If you're not paying attention, you need to be.

Today I used a technique that’s probably not widely known in the community. In what cases could code like this lead to a vulnerability? ->

Episode 121 is out! And this week we covered so many stuff. hahah ►⠀slonser’s crazy Chrome 0day ►⠀Tech/security news & research ►⠀New Caido plugin for collaborating ►⠀And much more! youtu.be/Ae4cR00P9LU

Bug bounty, but multiplayer. Drop is a new Caido plugin by Justin that lets you share scopes, replay tabs, and match & replace rules with your friends. No more copy-pasting massive chunks of data. Just head to Plugins > Community Store > Drop, install it and add your

— HackerNotes TLDR for episode 122! — blog.criticalthinkingpodcast.io/p/hackernotes-… ►⠀CTBB Job Board: We've launched a job board, and we already have some exciting positions from Zak! After this episode, you might want to check it out - especially if you're interested in working with him. We

well i have something unfortunate to share last night they gave my bounty an important rating, but marked it out of scope some how all of this is just wildly dishonest. For one its not just information disclosure. I included and addendum that showed how to leak bearer tokens and

The COOLEST tag for SURE! — `🔥CRIT ` — discord.com/invite/ctbb

I spent the last few weeks mentoring two friends. They received their first bounty today, a fantastic Self-XSS, escalated to full account takeover. Congrats Yuji, g3tr0, and special thanks to Kévin GERVOT (Mizu) for the collab :)

Que round insano

I hope AI triaging works. An overloaded triager, exhausted by numerous low-quality reports, may unconsciously treat high-quality reports unfairly. Also, platforms should implement mandatory KYC to prevent spamming.

This is hilarious. you cant post /etc /passwd on X without it getting rejected. good find Yuji

When the vendor markets it as “AI-powered next-gen WAF”

I was watching ep 137 of Critical Thinking - Bug Bounty Podcast and decided to put together a simple script to call ch.at with a quick command. Windows and Linux/Mac versions below if you want to use them

We got a very special episode this week: youtu.be/aVfhWj3z6gk In this episode, Justin is joined by James Kettle! They talk about HTTP Proxys, metagaming research, avoiding burnout, and why HTTP/1.1 must die!

We announced the Critical Research Lab this week. And for our FIRST post, we got Jorian's: - Exploiting Web Worker XSS with Blobs Go check it out! lab.ctbb.show/research/Explo…

Justin got FIRED?! - youtu.be/FdByZdhlSlU In ep. 146, the boys sit down to celebrate the spooky season by telling us their scariest hacking stories. Grab your flashlight, a blanket and come listen to what happens when hacking goes a little too far! 👻