Episode 112: Interview with Ciarán Cotter (MonkeHack) - Critical Lab Researcher and Full-time Hunter u475

Critical Thinking - A Bug Bounty Podcast

27/02/2025

Episode 112: In this episode of Critical Thinking - Bug Bounty Podcast Joseph Thacker is ed...

Episode 112: In this episode of Critical Thinking - Bug Bounty Podcast Joseph Thacker is ed by Ciarán Cotter (Monke) to share his bug hunting journey and give us the rundown on some recent client-side and server-side bugs. Then they discuss WebSockets, SaaS security, and cover some AI news including Grok 3, Nuclei -AI Flag, and some articles by Johann Rehberger.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any here: [email protected]
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater and Rez0 on Twitter:
https://x.com/Rhynorater
https://x.com/rez0__
====== Ways to CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today’s Guest - Ciarán Cotter
https://x.com/monkehack
====== Resources ======
Msty
https://msty.app/
From Day Zero to Zero Day
https://nostarch.com/zero-day
Nuclei - ai flag
https://x.com/pdiscoveryio/status/1890082913900982763
ChatGPT Operator: Prompt Injection Exploits & Defenses
https://embracethered.com/blog/posts/2025/chatgpt-operator-prompt-injection-exploits/
Hacking Gemini's Memory with Prompt Injection and Delayed Tool Invocation
https://embracethered.com/blog/posts/2025/gemini-memory-persistence-prompt-injection/
====== Timestamps ======
(00:00:00) Introduction
(00:01:04) Bug Rundowns
(00:13:05) Monke's Bug Bounty Background
(00:20:03) Websocket Research
(00:34:01) Connecting Hackers with Companies
(00:34:56) Grok 3, Msty, From Day Zero to Zero Day
(00:42:58) Full time Bug Bounty, SaaS security, and Threat Modeling while AFK
(00:54:49) Nuclei - ai flag, ChatGPT Operator, and Hacking Gemini's Memory

Episode 113: Best Technical Takeaways from Portswigger Top 10 2024 3 meses 01:29:19 Episode 114: Single Page Application Hacking Playbook 3 meses 01:22:25 Episode 115: Mentee to Career Hacker - Mokusou (So Sakaguchi) 3 meses 01:40:58 Episode 116: Auth Byes and Google VRP Writeups 3 meses 26:48 Episode 117: Hacking AI Series: Vulnus ex Machina - Part 1 2 meses 32:20 Ver más en APP Comentarios del episodio 4z1040