Artwork

Content provided by Justin Gardner (Rhynorater) & Joseph Thacker (Rez0), Justin Gardner (Rhynorater), and Joseph Thacker (Rez0). All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Justin Gardner (Rhynorater) & Joseph Thacker (Rez0), Justin Gardner (Rhynorater), and Joseph Thacker (Rez0) or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
Player FM - Podcast App
Go offline with the Player FM app!

Episode 112: Interview with Ciarán Cotter (MonkeHack) - Critical Lab Researcher and Full-time Hunter

1:07:37
 
Share
 

Manage episode 468714784 series 3435922
Content provided by Justin Gardner (Rhynorater) & Joseph Thacker (Rez0), Justin Gardner (Rhynorater), and Joseph Thacker (Rez0). All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Justin Gardner (Rhynorater) & Joseph Thacker (Rez0), Justin Gardner (Rhynorater), and Joseph Thacker (Rez0) or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.

Episode 112: In this episode of Critical Thinking - Bug Bounty Podcast Joseph Thacker is joined by Ciarán Cotter (Monke) to share his bug hunting journey and give us the rundown on some recent client-side and server-side bugs. Then they discuss WebSockets, SaaS security, and cover some AI news including Grok 3, Nuclei -AI Flag, and some articles by Johann Rehberger.

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater and Rez0 on Twitter:

https://x.com/Rhynorater

https://x.com/rez0__

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today’s Guest - Ciarán Cotter

====== Resources ======

Msty

https://msty.app/

From Day Zero to Zero Day

https://nostarch.com/zero-day

Nuclei - ai flag

https://x.com/pdiscoveryio/status/1890082913900982763

ChatGPT Operator: Prompt Injection Exploits & Defenses

https://embracethered.com/blog/posts/2025/chatgpt-operator-prompt-injection-exploits/

Hacking Gemini's Memory with Prompt Injection and Delayed Tool Invocation

https://embracethered.com/blog/posts/2025/gemini-memory-persistence-prompt-injection/

====== Timestamps ======

(00:00:00) Introduction

(00:01:04) Bug Rundowns

(00:13:05) Monke's Bug Bounty Background

(00:20:03) Websocket Research

(00:34:01) Connecting Hackers with Companies

(00:34:56) Grok 3, Msty, From Day Zero to Zero Day

(00:42:58) Full time Bug Bounty, SaaS security, and Threat Modeling while AFK

(00:54:49) Nuclei - ai flag, ChatGPT Operator, and Hacking Gemini's Memory

  continue reading

120 episodes

Artwork
iconShare
 
Manage episode 468714784 series 3435922
Content provided by Justin Gardner (Rhynorater) & Joseph Thacker (Rez0), Justin Gardner (Rhynorater), and Joseph Thacker (Rez0). All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Justin Gardner (Rhynorater) & Joseph Thacker (Rez0), Justin Gardner (Rhynorater), and Joseph Thacker (Rez0) or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.

Episode 112: In this episode of Critical Thinking - Bug Bounty Podcast Joseph Thacker is joined by Ciarán Cotter (Monke) to share his bug hunting journey and give us the rundown on some recent client-side and server-side bugs. Then they discuss WebSockets, SaaS security, and cover some AI news including Grok 3, Nuclei -AI Flag, and some articles by Johann Rehberger.

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater and Rez0 on Twitter:

https://x.com/Rhynorater

https://x.com/rez0__

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today’s Guest - Ciarán Cotter

====== Resources ======

Msty

https://msty.app/

From Day Zero to Zero Day

https://nostarch.com/zero-day

Nuclei - ai flag

https://x.com/pdiscoveryio/status/1890082913900982763

ChatGPT Operator: Prompt Injection Exploits & Defenses

https://embracethered.com/blog/posts/2025/chatgpt-operator-prompt-injection-exploits/

Hacking Gemini's Memory with Prompt Injection and Delayed Tool Invocation

https://embracethered.com/blog/posts/2025/gemini-memory-persistence-prompt-injection/

====== Timestamps ======

(00:00:00) Introduction

(00:01:04) Bug Rundowns

(00:13:05) Monke's Bug Bounty Background

(00:20:03) Websocket Research

(00:34:01) Connecting Hackers with Companies

(00:34:56) Grok 3, Msty, From Day Zero to Zero Day

(00:42:58) Full time Bug Bounty, SaaS security, and Threat Modeling while AFK

(00:54:49) Nuclei - ai flag, ChatGPT Operator, and Hacking Gemini's Memory

  continue reading

120 episodes

All episodes

×
 
Loading …

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Quick Reference Guide

Listen to this show while you explore
Play