Partial Auth, Hackbot GraphQL, and AI's #1 Mission (Ep. 182)
Episode 182: In this episode of Critical Thinking - Bug Bounty Podcast we talk about some recent bugs involving WPM, MCP, and a possible emerging bug class using Wayback. We also talk about some GraphQL Hackbot finds, and what AI’s #1 mission should be. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: [email protected] Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynorater https://x.com/rez0__ https://x.com/gr3pme Critical Research Lab: https://lab.ctbb.show/ Need a Pentest? We just launched CTBB Pentests! https://pentest.ctbb.show/ Hack full time? Check out the Full-Time Hunter’s Guild! https://ctbb.show/fthg ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch! ====== This Week in Bug Bounty ====== LeHack 2026 Recap https://event.yeswehack.com/events/le... Don’t eat the ChocoPoCs! How vulnerability researchers were repeatedly targeted by trojanised exploits https://www.yeswehack.com/fr/news/cho... Navigating the AI Wave: How We're Keeping Security Research Meaningful https://www.hackerone.com/blog/ai-dri... ====== Resources ====== Caido Skills https://github.com/caido/skills/pull/22 Hunting For AWS Cognito Security Misconfigurations https://www.yassineaboukir.com/talks/... X MCP https://docs.x.com/tools/mcp US South Summer Sessions: Hack the Heat https://h1.community/events/details/h... ====== Timestamps ====== (00:00:00) Introduction (00:08:31) WPM Bug & Wayback to Guest Bearer (00:18:42) GraphQL Hackbot Finds, Fable Updates, & AI's #1 Mission (00:29:45) MCP, US South H1 Event, & AI Sandbox Escapes

Bug Bounty Singularity (Ep. 181)

DEF CON 33 - Exploiting Shadow Data from AI Models and Embeddings - Patrick Walsh

Robots, Jobs, and AI's Cheaper New Race Begins

Maintaining Motivation in Post-AI Bug Bounty World (Ep. 179)

Claude is your insider threat now - Dan Tentler - Security Fest 2026

Agentic Security: The Maturity Model — From Wild West to Locked Down | Episode 58

$600k in 6 months - BruteCat's Google Hacking Story (Ep. 178)

Software architecture, human judgment, and AI's limits with Grady Booch

No Boss, No Money: The Raw Reality of China’s Gen-Z Freelancers

State of Bug Bounty Maturity Posture Report (Ep. 180)

Don't Hang Up On AI Scammers. Do THIS Instead.

Top 4 Web hacking demos for aspiring hackers (with labs and CTF)

Rhyno’s Hackbot Setup, Sick Bugs, and ZDI Drama (Ep. 175)

The 'Do-Not-Hire List' Is Real. Here's What Actually Gets You On It.

How The FBI Finds Your REAL IP Address

How to Hide in Plain Sight: Next-Level Digital Privacy | Ivan Banov at BSidesCache 2025

The Future of Hacking is Agentic w/ Jason Haddix

Attacking AI - Jason Haddix - NDC Security 2026

I spent 7 days evading America’s 82 MILLION surveillance cameras

