2x Google RCE with VRP Legend Brutecat (Ep. 177)

Episode 177: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by BruteCat to talk about his journey hacking Google Cloud, Gmail, Youtube, and Google Phone. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: [email protected] Shoutout to   / realytcracker   for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynorater https://x.com/rez0__ https://x.com/gr3pme Critical Research Lab: https://lab.ctbb.show/ Need a Pentest? We just launched CTBB Pentests! https://pentest.ctbb.show/ Hack full time? Check out the Full-Time Hunter’s Guild! https://ctbb.show/fthg ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch! Today's Sponsor: Check out Zero Trust Cloud Access from ThreatLocker https://www.criticalthinkingpodcast.i... Today’s Guest: https://x.com/brutecat ====== Resources ====== StubZero: $148,337 RCE in Google Cloud Production https://brutecat.com/articles/google-... Leaking the email of any YouTube user for $10,000 https://brutecat.com/articles/leaking... Disclosing YouTube Creator Emails for a $20k Bounty https://brutecat.com/articles/youtube... Leaking the phone number of any Google user https://brutecat.com/articles/leaking... ====== Timestamps ====== (00:00:00) Introduction (00:29:14) 2nd RCE in Application Integration (00:39:55) BruteCat's Background & RCE Follow-up Questions (00:48:02) Google VRP and Youtube Bugs (01:10:17) Google Phone Leak (01:18:36) Discovery Docs and Episode 178 Teaser