Have you ever wondered how many vulnerabilities you’ve missed by a hair’s breadth, due to a single flawed choice? We’ve just released Shadow Repeater, which enhances your manual testing with AI-pow...

The Pentesting Pastor, Hunting for DOMPurify Misconfigurations, Hack Like a Pirate, Google AI Studio Walkthrough, Speak at 92 Beats Per Minute

A DOMPurify 3.2.3 Bypass, Ophion Security Cisco Webex research, a new postMessage Chrome Extension, and a whole lot of OAuth research. Check it out below.

Unleash your productivity potential! Get an inside look at my custom key bindings for lightning-fast workflows in Obsidian, Raycast, and more. Learn how to create your own personalized setup and wo...

Top 10 Web Hacking Techniques of 2024, Future Lies in Holistic, Full-Stack Engineers, Karpathy: Deep Dive into AI Technology Behind ChatGPT, Agencies Are a Relic of the Past

Talent Isn’t Your Savior, It’s Your Ceiling

In this episode of Critical Thinking - Bug Bounty Podcast we start off with a quick recap of some of the DeepSeek Drama that’s been going down, and discuss AI in CAPTCHA and 2FA as well. Then we s...

Welcome to the Top 10 Web Hacking Techniques of 2024, the 18th edition of our annual community-powered effort to identify the most innovative must-read web security research published in the last y...

How to Escalate XSS, Ghostty 1.1.0, Elevenlabs Scraps Job Titles, Obsidian Dynamic Tables and Collaborative Editing, World’s First MIDI Shellcode, Optimize your WFH lighting.

Justin and Joseph bring on Aaron Costello to discuss SaaS security and misconfigurations as a bug class. He also gives some in-depth examples on research he’s performed on Salesforce, ServiceNow, a...