Episode 136: In this episode of Critical Thinking - Bug Bounty Podcast, Joseph Thacker sits down with Jack Cable to get the scoop on a significant bug in Cluely’s desktop application, as well as the resulting drama. They also talk about Jack’s background in government cybersecurity initiatives, and the legal risks faced by security researchers.

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater and Rez0 on Twitter:

https://x.com/Rhynorater

https://x.com/rez0__

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today’s Sponsor - ThreatLocker. Checkout ThreatLocker Detect! https://www.criticalthinkingpodcast.io/tl-detect

Today’s Guest: https://x.com/jackhcable?lang=en

====== This Week in Bug Bounty ======

Nullcon Berlin

https://www.yeswehack.com/page/yeswehack-live-hacking-nullcon-berlin-2025?utm_source=sponsor&utm_medium=blog&utm_campaign=lhe-nullcon-berlin

BB Bulletin #15

https://www.linkedin.com/pulse/bug-bounty-bulletin-15-yes-we-hack-dntue/

2x Bounty on Grab

https://hackerone.com/grab?type=team

====== Resources ======

Corridor

https://corridor.dev/

disclose.io

https://disclose.io/

====== Timestamps ======

(00:00:00) Introduction

(00:03:33) Cluely Bug, Government involvement, & Disclosed.io

(00:12:33) AI in security & Corridor.dev

(00:29:23) Cluely Bug Fallout & Ethics of hacking outside of Programs

(00:41:20) Shift Agents

Episode 135: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Ryan Barnett for a deep dive on WAFs. We also recap his Exploiting Unicode Normalization talk from DEFCON, and get his perspective on bug hunting from his time at Akamai.

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater and Rez0 on Twitter:

https://x.com/Rhynorater

https://x.com/rez0__

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today’s Sponsor - ThreatLocker. Checkout ThreatLocker Detect! https://www.criticalthinkingpodcast.io/tl-detect

Today’s Guest: https://x.com/ryancbarnett

====== Resources ======

Accidental Stored XSS Flaw in Zemanta 'Related Posts' Plugin for TypePad

https://webappdefender.blogspot.com/2013/04/accidental-stored-xss-flaw-in-zemanta.html

XSS Street-Fight

https://media.blackhat.com/bh-dc-11/Barnett/BlackHat_DC_2011_Barnett_XSS%20Streetfight-Slides.pdf

Blackhat USA 2025 - Lost in Translation: Exploiting Unicode Normalization

https://www.blackhat.com/us-25/briefings/schedule/#lost-in-translation-exploiting-unicode-normalization-44923

====== Timestamps ======

(00:00:00) Introduction

(00:02:49) Accidental Stored XSS in Typepad Plugin

(00:06:34) Chatscatter & Abusing third party Analytics

(00:11:42) Ryan Barnett Introduction

(00:21:11) Virtual Patching & WAF Challenges

(00:40:39) AWS API Gateways & Whitelisting Bug Hunter Traffic

(00:49:59) Lost in Translation: Exploiting Unicode Normalization

(01:11:29) CSPs at the WAF level & 'Bounties for Bypass'

Episode 134: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Diego Djurado to give us the scoop on XBOW. We cover a little about its architecture and approach to hunting, the challenges with hallucinations, and the future of AI in the BB landscape. Diego also shares some of his own hacking journey and successes in the Ambassador World cup.

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater and Rez0 on Twitter:

https://x.com/Rhynorater

https://x.com/rez0__

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today’s Sponsor - ThreatLocker User Store

Today’s Guest: https://x.com/djurado9

====== This Week in Bug Bounty ======

Announcement of our upcoming live hacking event at Nullcon Berlin, taking place on September 4-5

Bug Bounty Village Speakers 2025

Talkie Pwnii Caido showcase

Caido Masterclass – From Setup to Exploits

Access Control vs Account Takeover: What Bug Bounty Hunters Need to Know

====== Resources ======

CVE-2025-49493: XML External Entity (XXE) Injection in Akamai CloudTest

====== Timestamps ======

(00:00:00) Introduction

(00:05:56) Diego's ATO Bug

(00:12:01) H1 Ambassador World Cup and work with XBOW

(00:20:57) XBOW's CloudTest XXE Bug

(00:49:59) Freedom, Hallucinations, & Validation

(01:07:24) XBOW's Architecture

(01:23:50) Humans in the Loop, Harnesses, and Xbow's Reception

(01:44:21) Ambassador World Cup plans for the future