Episode 83: In this episode of Critical Thinking - Bug Bounty Podcast Joel and Justin are brainstorming new features and improvements for Caido, such as the implementation of a 403 bypassing workflow, a text expander, Tracing Cookies, and more. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any fee…

Episode 82: In this episode of Critical Thinking - Bug Bounty Podcast Joel Margolis discusses strategies and tips for part-time bug bounty hunting. He covers things like finding (and enforcing) balance, picking programs and goals, and streamlining your process to optimize productivity. Follow us on twitter at: @ctbbpodcast We're new to this podcast…

Episode 81: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by MatanBer to go over some recent bug reports, as well as share some tips and tricks on client-side hacking and using DevTools effectively. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@…

Episode 80: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by Sina Kheirkhah to talk about the start of his hacking journey and explore the differences between the Pwn2Own and HackerOne Events Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@critica…

Episode 79: In this episode of Critical Thinking - Bug Bounty Podcast we deepdive CSS injection, and explore topics like sequential import chaining, font ligatures, and attribute exfiltration. Follow us on twitter at: @ctbbpodcast Send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Li…

Episode 78: In this episode of Critical Thinking - Bug Bounty Podcast we’re talking about writing reports. We share some tips that we’ve learned, and discuss ways that AI can (and can’t) help with that process. We also talk about the benefit of using tools like Fabric, Loom, and ShareX. Follow us on twitter at: @ctbbpodcast We're new to this podcas…

Episode 77: In this episode of Critical Thinking - Bug Bounty Podcast Joel and Justin discuss some fresh writeups including some MongoDB injections, ORMs, and exploits in Kakao and iOS before pivoting into a conversation about staying motivated and avoiding burnout while hunting. Follow us on twitter at: @ctbbpodcast We're new to this podcasting th…

Episode 76: In this episode of Critical Thinking - Bug Bounty Podcast we’re talking about Match and Replace and the often overlooked use cases for it, like bypassing paywalls, modifying host headers, and storing payloads. We also talk about the HackerOne Ambassador World Cup and the issues with dupe submissions, and go through some write-ups. Follo…

Episode 75: In this episode of Critical Thinking - Bug Bounty Podcast, Justin and Joel are sick, So instead of a new full episode, we're going back 30 episodes to review. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the …

Episode 74: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Roni "Lupin" Carta for a deep dive into supply chain attacks and dependency confusion. We explore the supply chain attacks, the ethical considerations surrounding maintainers and hosting packages on public registries, and chat about the vision and uses of hi…

Episode 73: In this episode of Critical Thinking - Bug Bounty Podcast we give a brief recap of Nahamcon and then touch on some topics like WAF bypass tools, sandboxed iframes, and programs redacting your reports. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkin…

Episode 72: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel discuss some hot research from the past couple months. This includes ways to smuggle payloads in phone numbers and IPv6 Addresses, the NextJS SSRF, the PDF.JS PoC drop, and a GitHub Enterprise Indirect Method Information bug. Also, we have an attack vector feature…

Episode 71: In this episode of Critical Thinking - Bug Bounty Podcast Keith Hoodlet joins us to weigh in on the VDP Debate. He shares some of his insights on when VDPs are appropriate in a company's security posture, and the challenges of securing large organizations. Then we switch gears and talk about AI bias bounties, where Keith explains the ap…

Episode 70: In this episode of Critical Thinking - Bug Bounty Podcast we’re once again joined by Ben Sadeghipour to talk about some Nahamcon news, as well as discuss a couple other LHE’s taking place. Then they cover CI/CD and drop some cool CSP Bypasses. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send…

Episode 69: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Johan Carlsson to hear about some updates on his bug hunting journey. We deep-dive a CSP bypass he found in GitHub, a critical he found in GitLab's pipeline, and also talk through his approach to using script gadgets and adapting to highly CSP'd environments. Then…

Episode 68: In this episode of Critical Thinking - Bug Bounty Podcast Mathias is back with some fresh HTMX research, including CSP bypass using HTMX triggers, converting client-side response header injection to XSS, bypassing HTMX disable, and the challenges of using HTMX in larger applications and the potential performance trade-offs. We also talk…

Episode 67: In this episode of Critical Thinking - Bug Bounty Podcast we deepdive on the topic of Vulnerability Disclosure Programs (VDPs) and whether they are beneficial or not. We also touch on the topic of leaderboard accuracy, and continue the Program VS Hacker debate regarding allocating funds for bounties. Follow us on twitter at: @ctbbpodcas…

Episode 66: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel discuss the recent YesWeHack Louis Vuitton LHE, the importance of failure as growth in bug bounty, and Justin shares his research on CDN CGI. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@…

Welcome to the latest episode of the Dealer Talk Podcast! Today, we're delving deep into the singular focus that dealership decision-makers should prioritize to drive more car sales—hint: not marketing, advertising, sales training, or internal processes. If you're eager to boost vehicle sales at your dealership, you won't want to miss this episode.…

Episode 65: In this episode of Critical Thinking - Bug Bounty Podcast we sit down with Sam Curry to discuss the ethical considerations and effectiveness of hacking, the importance of good intent, and the enjoyment Sam derives from pushing the boundaries to find bugs. He shares stories of his experiences, including hacking Tesla, online casinos,Star…

Welcome to the Dealer Talk Podcast, where we dive deep into strategies for optimizing your dealership's performance. In today's episode, we'll discuss the crucial role of Key Performance Indicators (KPIs) in guiding your advertising efforts and driving success in your dealership's partnerships with vendors. It's essential to inspect what you expect…

If you want to leverage my own personal vendor and advertising strategy for 2024 to help you sell more cars, then tune-in to this episode to learn how I would set up your digital advertising and what vendor partners I would choose in the process. If you want to take advantage of my volume discount and FREE trials for any of the vendors discussed in…

Episode 64: In this episode of Critical Thinking - Bug Bounty Podcast we talk about Justin and Joel delve into .NET remoting and how it can be exploited, a recent bypass in the Dom Purify library and some interesting functionality in the Cloudflare CDN-CGI endpoint. They also touch on the importance of collaboration and knowledge sharing, JavaScrip…

Episode 63: In this episode of Critical Thinking - Bug Bounty Podcast we welcome back Jason Haddix (From Episode 12) to talk about some updates to his The Bug Hunter's Methodology, as well as his own personal life and hacking journey. We talk about the start of his new company, and then venture into topics such as using threat intelligence and buyi…

Discover this episode's ultimate car sales strategy, guaranteed to boost your sales every time! Follow these steps closely and witness a surge in car sales. Harnessing the power of your DMS and CRM data is crucial, especially when combined with the trust established by your service advisors with your customers. This synergy ensures increased sales …

In this episode, I delve into the world of digital retailing in the automotive industry and debunk the misconceptions surrounding its role. Contrary to popular belief, digital retailing isn't intended to replace the traditional car-buying experience exemplified by companies like Carvana. Instead, it is a complementary tool designed to enhance custo…

Episode 62: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel are back with some additional research resources that didn’t make the Portswigger Top-Ten, but that are worth looking at. Follow us on twitter at: @ctbbpodcast Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the aw…

In this episode of the Dealer Talk Podcast, we delve into the elusive realm of marketing attribution. Numerous companies tout their 'secret weapon' for tracking vendor performance, so it's easy to get lost in a sea of promises. But are these methods genuinely effective? Host Herb Anderson shares insights from years of experience, revealing a stark …

Welcome to the Dealer Talk Podcast, where we delve into the essence of marketing and unravel its mysteries. In this episode, we ask the fundamental question: What is marketing? For many, marketing is the quintessential "how" – the strategic roadmap guiding us to influence consumer behavior. It's about understanding the intricate dance between busin…

This episode delves into a critical aspect of online dealership success: customer experience. Despite investing heavily in driving traffic to our websites, many dealerships overlook the importance of ensuring a seamless journey for visitors once they arrive. Join me as we explore the significance of optimizing your SRP (Search Results Page) and VDP…

Episode 61: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by Jasmin Landry to share some stories about startup security, bug bounty, and the challenges of balancing both. He also shares his methodology for discovering OAuth-related bugs, highlights some differences between structured learning and self-teaching, and then…

Welcome to Dealer Talk, where we delve into the ever-evolving landscape of search engine marketing (SEM). For years, SEM has stood as a stalwart method to capture consumer intent, defining our ability to seize consumers' interest and amplify visibility on search engine result pages. SEM operates on a pay-to-play basis, unlike Search Engine Optimiza…

Episode 60: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel review the Portswigger Research list of top 10 web hacking techniques of 2023. Follow us on twitter at: @ctbbpodcast Send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts…

Episode 59: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel discuss the concept of gadgets and how they can be used to escalate the impact of vulnerabilities. We talk through things like HTML injection, image injection, CRLF injection, web cache deception, leaking window location, self-stored XSS, and much more. Follow us …

Episode 58: In this episode of Critical Thinking - Bug Bounty Podcast we finally sit down with Youssef Samouda and grill him on his various techniques for finding and exploiting client-side bugs and postMessage vulnerabilities. He shares some crazy stories about race conditions, exploiting hash change events, and leveraging scroll to text fragments…

Episode 57: In this episode of Critical Thinking - Bug Bounty Podcast, Justin and Joel are live from Miami, and recap their experience and share takeaways from the live hacking event. They highlight the importance of paying attention to client-side routing and the growing bug class of client-side path traversal. They also discuss the challenges of …

Episode 56: Using Data Science to win Bug Bounty - Mayonaise (aka Jon Colston) Episode 56: In this episode of Critical Thinking - Bug Bounty Podcast, Justin sits down with Jon Colston to discuss how his background in digital marketing and data science has influenced his hunting methodology. We dive into subjects like data sources, automation, worki…

In this episode, hosts Herb Anderson and Zack explore the unparalleled allure of Tesla ownership, transcending the mere realm of electric vehicles. They unravel the captivating narrative behind Tesla's meteoric rise in the automotive industry, attributing its success not solely to electric propulsion but to a revolutionary ownership experience. Fro…

Embark on a riveting journey as I team up with Kerri Wise of Autofi to unravel the mysteries surrounding digital retailing. We unravel its evolution since the seismic shift spurred by the pandemic, charting its trajectory into the future. Yet, amidst its undeniable potential, why do dealers hesitate to make Digital Retail the ultimate call-to-actio…

Welcome to the Dealer Talk podcast, where insightful conversations unfold on the cutting edge of automotive retail. In today's episode, Curt and Herb dive deep into the dynamic world of e-commerce and its transformative impact on automotive retail. Join us as we dissect the latest developments, including the groundbreaking partnership between Hyund…

Welcome to Dealer Talk Podcast, where you're getting an unfiltered piece of my mind today! Join me as we delve into the ever-evolving automotive industry and dissect some critical shifts that demand our attention. In this episode, I address a pressing concern: the industry's overwhelming embrace of digital solutions at the expense of traditional av…

Tune in as Tim and Herb dissect why traditional methods are still incredibly potent despite the allure of digital avenues. They unravel insights, strategies, and actionable ideas you can seamlessly integrate into your dealership today.This episode is not just a conversation—it's a blueprint for success. Don't miss the opportunity to revolutionize y…

Welcome to Dealer Talk Podcast! In this episode, we delve into the dynamic world of transportation within the automotive space with none other than Trent Broberg, CEO of Acertus. Join us as we explore the current landscape and how dealers can strategically leverage innovative solutions like Acertus to gain a competitive edge in 2024 and beyond. Fro…

Join Shawn, known as "The BDC Alchemist," and Herb as they delve into the controversial theory surrounding the true essence of BDC (Business Development Center) departments. Are BDCs in the automotive space genuinely cultivating business or merely elevated call centers? Explore, from Shawn's perspective, the pivotal role of coaching as a crucial in…

In this engaging conversation, Darren and I thoroughly explore the captivating evolution of chat functionality on automotive dealers' websites. Our discussion delves into its remarkable potential to transform ordinary website visitors into enthusiastic and decisive buyers seamlessly. Be sure to tune in until the end for an exclusive offer from Darr…

Don't miss the inaugural episode of Season 9, where I engage in an insightful discussion with the visionary founder of Simple Recon. Together, we delve into innovative strategies for decision-makers within the automotive industry to optimize their recon process, ultimately reducing the time it takes to get cars on the front line.Be sure to tune in …

Join Herb and Lizz in this engaging podcast episode as they dissect Microsoft's innovative strategies that empower dealers to elevate their game. Delve into the future of car buying from the consumer's perspective, exploring the impact of cutting-edge technologies like ChatGPT. Will consumers invest over 15 hours in research, and how can dealers ad…

Christian and I are delving into the crucial realm of first-party data, unraveling its essence, exploring its implications for advertising strategies within the automotive industry, and, most notably, deciphering how to harness its power in 2024 amidst the unpredictable market landscape. Ensure you stay tuned until the end to glean insights into my…

We released this episode ahead of schedule to provide you with an exclusive opportunity to take advantage of the deal Peter offered. Act fast, as the offer concludes during NADA 2024. Don't miss out! In this compelling episode, Herb and Peter Dufy from Dealer Image Pro engage in a candid conversation, delving into some of the industry's pivotal iss…

Episode 55: In this episode of Critical Thinking - Bug Bounty Podcast, Justin is joined by Wordpress Security Researcher Ram Gall to discuss both functionality and vulnerabilities within Wordpress Plugins. Follow us on twitter Send us any feedback here: Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynora…