Episode 174: Saving Bug Bounty Programs + AMPScript, tessl & GPT-5.5 - podcast episode cover

Episode 174: Saving Bug Bounty Programs + AMPScript, tessl & GPT-5.5

Critical Thinking - Bug Bounty Podcast
May 14, 20261 hr 10 minSeason 1Ep. 174
--:--
--:--
Listen in podcast apps:
Apple Podcasts
Spotify
Download
YouTube
Overcast
Pocket Casts
Episodes.fm
Download Metacast podcast app
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

Episode 174: In this episode of Critical Thinking - Bug Bounty Podcast we follow up from last episode with some advice for BB platforms, as well as cover a slew of writeups from Searchlight Cyber, watchTowr, and Starstrike.


Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!


====== Links ======

Follow your hosts Rhynorater, rez0 and gr3pme on X: 

https://x.com/Rhynorater

https://x.com/rez0__

https://x.com/gr3pme


Critical Research Lab:

https://lab.ctbb.show/ 


====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!


We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.


You can also find some hacker swag at https://ctbb.show/merch!


Need a Pentest? We just launched CTBB Pentests!

https://pentest.ctbb.show/


Hack full time? Check out the Full-Time Hunter’s Guild!

https://ctbb.show/fthg


====== This Week in Bug Bounty ======

COST, AI frontier models and more: A measured take on the future of security testing

https://www.yeswehack.com/security-best-practices/cost-mythos-future-security-testing


Common AI misconceptions debugged!

https://www.intigriti.com/blog/business-insights/common-misconceptions-debugged#trend-3-validity-ratios-remain-constant-ai-slop-isnt-rising-as-a-proportion


BountySync + Social

https://luma.com/bountysync_social


====== Resources ======

Ghosts of Encryption Past

https://slcyber.io/research-center/ghosts-of-encryption-past-salesforce-exacttarget/


tessl Skill Optimizer

https://tessl.io/registry/tessl/skill-optimizer/0.8.0


The Internet Is Falling Down, Falling Down, Falling Down

https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/


High Fidelity Check for the cPanel Authentication Bypass

https://slcyber.io/research-center/high-fidelity-check-for-the-cpanel-authentication-bypass-cve-2026-41940/


Achieving Deterministic Prompt Injection Through Client-Side Feedback Loops

https://blog.starstrike.ai/posts/achieving-deterministic-prompt-injection-through-client-side-feedback-loops/


GPT-5.5: Mythos-Like Hacking, Open To All

https://xbow.com/blog/mythos-like-hacking-open-to-all


Remote Command Execution in Google Cloud with Single Directory Deletion

https://flatt.tech/research/posts/remote-command-execution-in-google-cloud-with-single-directory-deletion/?utm_source=bugbountydaily.com&utm_medium=referral


====== Timestamps ======

(00:00:00) Introduction

(00:09:20) AMPScript

(00:25:10) Tessl Skill Optimizer

(00:33:07) cPanel & WHM Authentication Bypass

(00:40:46) Advice for Bug Bounty Programs

(00:50:07) Prompt Injection Through Client-Side Feedback Loops

(00:54:37) GPT 5.5

(01:01:00) Remote Command Execution in Google Cloud

For the best experience, listen in Metacast app for iOS or Android