Episode 103: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph delve into the vulnerabilities associated with ANSI codes and large language models (LLMs), as well as talk through some new research and the value of micro-blogging in general.

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord!

We offer Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Check out our new SWAG store!

Join our Shift waitlist!

Today’s Sponsor - ThreatLocker. Check out their Elevation Control! https://www.criticalthinkingpodcast.io/tl-ec

Resources

_json Juggling Attack

Cross-Site POST Requests Without a Content-Type Header

Worst Fit

Orange Tsai on Worst Fit

Handling Cookies is a Minefield

Terminal DiLLMa

XS-Leaking flags with CSS: A CTFd 0day

Hacking Back the AI-Hacker

Johann Computer use demo

How I Became The Most Valuable Hacker

Timestamps

(00:00:00) Introduction

(00:01:39) _json Juggling Attack and Cross-Site POST Requests Without a Content-Type Header

(00:10:55) Worst Fit and Unicode Mapping

(00:20:08) Handling Cookies is a Minefield

(00:28:11) Terminal DiLLMa & CTFd 0day

(00:41:18) Hacking Back the AI-Hacker

(00:47:30) Becoming Most Valuable Hacker

Episode 102: In this episode of Critical Thinking - Bug Bounty Podcast Justin grabs Jason Haddix to help brainstorm the concept of AI micro-agents in hacking, particularly in terms of web fuzzing, WAF bypasses, report writing, and more.They discuss the importance of contextual knowledge, the cost implications, and the strengths of different LLM Models.

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Check out our new SWAG store at https://ctbb.show/swag!

Today’s Guest - https://x.com/Jhaddix

Resources

Keynote: Red, Blue, and Purple AI - Jason Haddix

https://www.youtube.com/watch?v=XHeTn7uWVQM

Attention in transformers,

https://www.youtube.com/watch?v=eMlx5fFNoYc

Shift

https://shiftwaitlist.com/

The Darkest Side of Bug Bounty

https://www.youtube.com/watch?v=6SNy0u6pYOc

Timestamps

(00:00:00) Introduction

(00:01:25) Micro-agents and Weird Machine Tricks

(00:11:05) Web fuzzing with AI

(00:18:15) Brainstorming Shift and micro-agents

(00:34:40) Strengths of different AI Models, and using AI to write reports

(00:54:21) The Darkest Side of Bug Bounty

Episode 101: In this episode of Critical Thinking - Bug Bounty Podcast we’ve been hijacked! Rez0 takes control of this episode, and sits down with Johann Rehberger to discuss the intricacies of AI application vulnerabilities. They talk through the importance of understanding system prompts, and various obfuscation techniques used to bypass security measures, the best AI platforms, and the evolving landscape of AI security.

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Today’s Sponsor - ThreatLocker. Check out their Elevation Control! https://www.criticalthinkingpodcast.io/tl-ec

Today’s Guest: https://x.com/wunderwuzzi23

Resources

Johann's blog

https://embracethered.com/blog/

zombais

https://embracethered.com/blog/posts/2024/claude-computer-use-c2-the-zombais-are-coming/

Copirate

https://embracethered.com/blog/posts/2024/m365-copilot-prompt-injection-tool-invocation-and-data-exfil-using-ascii-smuggling/

Timestamps

(00:00:00) Introduction

(00:01:59) Biggest things to look for in AI hacking

(00:11:58) Best AI companies to hack on

(00:15:59) URL Redirects and Obfuscation Techniques

(00:24:05) Copirate

(00:35:50) prompt injection guardrails and threats