Episode 177: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by BruteCat to talk about his journey hacking Google Cloud, Gmail, Youtube, and Google Phone.

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater, rez0 and gr3pme on X:

https://x.com/Rhynorater

https://x.com/rez0__

https://x.com/gr3pme

Critical Research Lab:

https://lab.ctbb.show/

Need a Pentest? We just launched CTBB Pentests!

https://pentest.ctbb.show/

Hack full time? Check out the Full-Time Hunter’s Guild!

https://ctbb.show/fthg

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today's Sponsor: Check out Zero Trust Cloud Access from ThreatLocker

https://www.criticalthinkingpodcast.io/tl-ztca

Today’s Guest: https://x.com/brutecat

====== Resources ======

StubZero: $148,337 RCE in Google Cloud Production

https://brutecat.com/articles/google-cloud-rce/

Leaking the email of any YouTube user for $10,000

https://brutecat.com/articles/leaking-youtube-emails/

Disclosing YouTube Creator Emails for a $20k Bounty

https://brutecat.com/articles/youtube-creator-emails/

Leaking the phone number of any Google user

https://brutecat.com/articles/leaking-google-phones/

====== Timestamps ======

(00:00:00) Introduction

(00:29:14) 2nd RCE in Application Integration

(00:39:55) BruteCat's Background & RCE Follow-up Questions

(00:48:02) Google VRP and Youtube Bugs

(01:10:17) Google Phone Leak

(01:18:36) Discovery Docs and Episode 178 Teaser