A "by Hackers for Hackers" podcast focused on technical content ranging from bug bounty tips, to write-up explanations, to the latest hacking techniques.
📻 Siste episoder av Critical Thinking - Bug Bounty Podcast
Her er de nyeste episodene tilgjengelige via RSS-feeden:
Laster episoder...
📱 Slik abonnerer du på Critical Thinking - Bug Bounty Podcast
Episode 155: In this episode of Critical Thinking - Bug Bounty Podcast Justin, Joseph, and Brandyn reflect on last year of Bug Bounty, and list their goals and predictions for what 2026 holds.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pme====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!====== Resources ======2024 Hacker Stats & 2025 Goalshttps://blog.criticalthinkingpodcast.io/p/hackernotes-ep-104-2024-hacker-stats-2025-goals====== Timestamps ======(00:00:00) Introduction(00:02:08) 2025 Full Time Hunting Retrospective(00:10:19) Most Fulfilling Moments and Bugs(00:17:56) Satisfaction with 2025 Stats(00:45:28) Automation, Organization, and Collaboration(00:48:55) Time and Motivation(01:08:01) Goals and Predictions for Bug Bounty in 2026
Episode 154: Starting a Pentesting Company on Top of Bug Bounty (00:41:28)
Episode 154: In this episode of Critical Thinking - Bug Bounty Podcast Joseph and Brandyn talk through the transition from Bug Bounty hunting to Pentesting. We cover diversifying income streams, the challenges of pricing for Pentests, legal considerations, and what Bug Hunters can bring to the Pentesting worldFollow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pme====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!====== Timestamps ======(00:00:00) Introduction(00:03:36) Starting a Pentesting Company (00:12:25) Advantages of Pentesting as a Bug Bounty Hunter(00:29:03) Pricing, Sales, and knowing your Market/Worth(00:36:21) Compliance in Pentests & Rapid-Fire Takaways
Episode 153: Hacking the Robots of the Future: Hardware, AI, and Bug Bounties with Matt Brown (01:16:50)
Episode 153: In this episode of Critical Thinking - Bug Bounty Podcast Matt Brown returns to talk with us about hacking robots, IOT hackbots, and his Zero-to-Hero Hardware Hacking Guide.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pme====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today’s Guest: Matt Brownhttps://x.com/nmatt0https://github.com/BrownFineSecurity/iothackbot====== Resources ======KeeYees USB Logic Analyzer DeviceSaleae logic analyzerXGecuHardware Hacking Tutorial by Make Me HackUART and SPI firmware extractionUART Root Shell on Linux RouterUART Shell Jail and Unlocked BootloaderChinese IP Camera Firmware ExtractionChip-Off Firmware Extraction====== Timestamps ======(00:00:00) Introduction(00:01:22) Incremental Session Token Story and Matt Brown Intro (00:10:42) Hardware Bug Bounty Scene & AI on Devices(00:24:30) Hacking Human Robot(00:41:33) Zero-to-Hero Hardware Hacking Guide(01:01:47) IOT Hackbot
Episode 152: GeminiJack and Agentic Security with Sasi Levi (01:21:36)
Episode 152: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Sasi Levi from Noma Security to talk about AI and Agentic Security. We also talk about ForcedLeak, a Google Vertex Bug, and debate if Prompt Injection is a real Vuln.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pme====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.CHeck out our New Christmas Swag at https://ctbb.show/merch!Today's Sponsor: ThreatLocker. Check out ThreatLocker Elevation Controlhttps://ctbb.show/tl-ecAnd Noma Security! https://noma.security/Today’s Guest: https://x.com/sasi2103====== This Week in Bug Bounty ======Vercel Platform ProtectionDedicated HackerOne program for Vercel WAFYesWeHack Open Source ProgramsAndroid recon for Bug Bounty hunters====== Resources ======Sasi's Tweet from 2015ForcedLeak: AI Agent risks exposed in Salesforce AgentForceIs Prompt Injection a Vulnerability?====== Timestamps ======(00:00:00) Introduction(00:09:16) Google Vertex AI Bug(00:29:28) Sasi's Background and Bug Bounty Journey(00:38:55) Resources for AI and Agentic Security Methodology(00:50:34) ForcedLeak(01:02:06) Is Prompt Injection a Vuln?
Episode 151: In this episode of Critical Thinking - Bug Bounty Podcast we’re covering Client-side advanced topics. Justin talks Joseph (and us) through Third-Party Cookie Nuances, Iframe Tricks, URL Parsing, and more.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X:https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pme====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor: ThreatLocker. Check out ThreatLocker Elevation Controlhttps://ctbb.show/tl-ec====== Resources ======Nowasky's Tweet #1https://x.com/nowaskyjr/status/1993421017381744974Nowasky's Tweet #2https://x.com/nowaskyjr/status/1992717862398800081rep+ in Chrome DevToolshttps://x.com/BourAbdelhadi/status/1992622964077179229Terjanq Post from 2021https://x.com/terjanq/status/1421093136022048775====== Timestamps ======(00:00:00) Introduction(00:02:58) Client-side news & AI Updates(00:12:02) Third-Party Cookie Nuances & PostMessages(00:30:09) Iframe Tricks(00:47:43) URL Parsing, CSPTS, and Client-side Routes
Episode 150: ASP.NET MVC Patterns, Popping Oracle Identity, and Esoteric Subdomain Enumeration (00:57:20)
Episode 150: In this episode of Critical Thinking - Bug Bounty Podcast we're highlighting some cool news and research, but not before expressing our gratitude to the Hacker community. We are so thankful for you all!Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pme====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor: ThreatLocker. Check out ThreatLocker Elevation Controlhttps://ctbb.show/tl-ec====== This Week in Bug Bounty ======Cache Overflow on Cloudflare====== Resources ======Breaking Oracle’s Identity ManagerWho Needs a Blind XSS?ASP.NET MVC View Engine Search PatternsHereticLesser known techniques for large-scale subdomain enumAntigravity – Known IssuesBug Bounty DailyCaido version of AssetNote Surf====== Timestamps ======(00:00:00) Introduction(00:09:47) Breaking Oracle’s Identity Manager & Who Needs a Blind XSS?(00:20:37) ASP.NET MVC View Engine Search Patterns & Heretic(00:29:04) Lesser known techniques for large-scale subdomain enum(00:35:29) Gemini 3 & Antigravity.(00:45:57) Bug Bounty Daily (00:52:42) Surf for Caido
Episode 149: DEFCON Debrief: AI Vulns, Unicode Weirdness, and Wild Vulnerability Chains (01:02:33)
Episode 149: In this episode of Critical Thinking - Bug Bounty Podcast The DEFCON videos are up, and Justin and Joseph talk through some of their favorites.Follow us on XGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!====== Resources ======Unicode surrogates conversionPrompt. Scan. ExploitBreaking into thousands of cloud based VPNs with 1 bugExamining Access Control Vulnerabilities in GraphQLSmart Bus Smart HackingPasskeys PwnedBypassing Intent Destination ChecksGemini Agents in Google CalendarExploitation of DOM Clobbering Vuln at ScaleTheHulkSmart Devices, Dumb ResetsMac PRT Cookie Theft====== Timestamps ======(00:00:00) Introduction(00:10:10) Prompt. Scan. Exploit(00:23:52) Breaking into thousands of cloud based VPNs with 1 bug(00:33:25) Access Control Vulns in GraphQL, Smart Bus Hacking, & Passkeys Pwned(00:44:10) Bypassing Intent Destination Checks & Invoking Gemini Agents(00:57:08) DOM Clobbering, Mac PRT Cookie Theft, & Smart Devices, Dumb Resets
Episode 148: MCP Hacking Guide (00:32:26)
Episode 148: In this episode of Critical Thinking - Bug Bounty Podcast Justin gives us a crash course on Model Context Protocol.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pme====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!====== Timestamps ======(00:00:00) Introduction(00:02:51) MCP Architecture & Authentication(00:13:08) Roots, Sampling, & Elicitation(00:19:15) Tools and Resources
Episode 147: In this episode of Critical Thinking - Bug Bounty Podcast we're talking tips and tricks that help us in hacking that we really should’ve learned sooner.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pme====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor: ThreatLocker. Check out ThreatLocker Network Controlhttps://www.criticalthinkingpodcast.io/tl-nc====== This Week in Bug Bounty ======Netscaler's new programhttps://hackerone.com/netscaler_public_program?type=teamThe ultimate Bug Bounty guide to HTTP request smuggling vulnerabilitieshttps://www.yeswehack.com/learn-bug-bounty/http-request-smuggling-guide-vulnerabilitiesHackers now have 2 Request-a-Responsehttps://docs.bugcrowd.com/changelog/researchers/request-a-response-researcher/Evan Connelly Spotlighthttps://www.bugcrowd.com/blog/hacker-spotlight-evan-connelly/Epic Games Jobs OpeningsJobs.ctbb.show====== Timestamps ======(00:00:00) Introduction(00:09:23) Command Palette, Auto-decoding, & Evenbetter(00:17:28) Chrome Devtools Edit as html & Raycast(00:33:23) ffuf -request flag(00:41:33) JXScout(00:48:55) Conditional Breakpoints in Devtools & Lightning round tips
Episode 146: Hacking Horror Stories (01:50:38)
Episode 146: In this episode of Critical Thinking - Bug Bounty Podcast Justin, Joseph, and Brandyn all sit down to celebrate the spooky season by swapping their scariest bug stories. From frightening fails and firings to hacks with chilling and critical consequences. Grab your flashlight and a blanket for this one!Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pme====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor: ThreatLocker. Check out ThreatLocker Network Controlhttps://www.criticalthinkingpodcast.io/tl-nc====== This Week in Bug Bounty ======Methodology tips from top Bug Bounty huntersYesWeHack marks first year of partnership with Singapore’s GovernmentHackerOne Hacker-Powered Security Report====== Resources ======Critical Research LabHacking the World Poker Tour: Inside ClubWPT Gold’s Back OfficeFile Creation via SQLite Injection====== Timestamps ======(00:00:00) Introduction(00:10:11) Crit Research Lab News(00:21:31) Hacking the World Poker Tour & File Creation via SQLite Injection(00:30:40) Brandyn's Spooky Bug(00:38:02) Joseph's Spooky Bug(00:44:18) Justin's Spooky Bug(00:54:44) Banking Bugs, LHE Scares, and Workday weirdness.(01:14:52) Firings and failures(01:22:49) Bank Bug Redux(01:35:55) Wedding planning/registry app & Amazon Rufus bugs(01:40:52) New Relic bug
Episode 145: In this episode of Critical Thinking - Bug Bounty Podcast Brandyn lets us in on some of his notetaking tips, including his Templates, Threat Modeling, and ways he uses notes to help with collaboration.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, Rez0, & gr3pme on Twitter:https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pme====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor: ThreatLocker. Check out ThreatLocker Network Controlhttps://www.criticalthinkingpodcast.io/tl-nc====== This Week in Bug Bounty ======The minefield between syntaxeshttps://www.yeswehack.com/learn-bug-bounty/syntax-confusion-ambiguous-parsing-exploits====== Resources ======Brandyn's Notion Templatehttps://terrific-dart-70e.notion.site/Example-Target-CTBB-294f4ca0f42481cca0b0ca6ac0a7c81d====== Timestamps ======(00:00:00) Introduction(00:07:25) Templates, Target, and Tech Stack(00:13:33) Threat Modeling and Attack Vectors
Episode 144: Google’s Top AI Hackers: Busfactor and Monke (00:52:40)
Episode 144: In this episode of Critical Thinking - Bug Bounty Podcast Joseph is joined by Vitor Falcão and Ciarán Cotter to discuss their success at the recent Mexico LHE, as well as their journey and routines in fulltime hacking. Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor: ThreatLocker. Check out ThreatLocker DAChttps://www.criticalthinkingpodcast.io/tl-dacToday’s Guests:Vitor Falcãohttps://x.com/busf4ctorCiarán Cotterhttps://x.com/monkehack ====== This Week in Bug Bounty======Securing the Age of AI Autonomy: Priorities for 2026https://www.hackerone.com/events/bionic-hacking====== Resources ======AI Vulnerability Reward Program Ruleshttps://bughunters.google.com/about/rules/google-friends/5222232590712832/ai-vulnerability-reward-program-rulesMy First 3 Months as a Full-Time Bug Bounty Hunterhttps://vitorfalcao.com/posts/3-months-as-a-full-time-bug-bounty-hunter/====== Timestamps ======(00:00:00) Introduction(00:02:32) Client side Bug Story & Vitor's BB journey(00:13:59) Google LHE Mexico takeaways(00:26:55) Full-time hunting reflections(00:33:39) Hacking routines(00:42:56) Hacking AI
Episode 143: New Cohost + Client-Side Gadgets, LHE Meta — Instant Global Admin in Entra! (01:04:23)
Episode 143: In this episode of Critical Thinking - Bug Bounty Podcast Justin brings Brandyn back to announce him as our newest co-host. We chat about recent LHE experiences, and then break down some news. Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!====== This Week in Bug Bounty ======YesWeHack won the European commission: https://www.yeswehack.com/news/european-commission-tender-won-yeswehackYesWeHack now have authorised cve numbering authority: https://www.yeswehack.com/news/yeswehack-authorised-cve-numbering-authorityA wide range of highly used open source bug bounty program such as Log4J, Systemd, GNOME and a lot more: https://event.yeswehack.com/events/open-the-code-source-the-bounty====== Resources ======Attributes reference inside HTMLExplaining XSS without parentheses and semi-colonsBeyond Sandbox Domains: Rendering Untrusted Web Content with SafeContentFrameOne Token to rule them allflareproxCaido 101: How to master it====== Timestamps ======(00:00:00) Introduction(00:03:16) LHE approaches and accomplishments(00:30:54) Attributes reference inside HTML & Explaining XSS without parentheses and semi-colons(00:44:33) One Token to rule them all(00:57:13) Flareprox & Caido 101
Episode 142: Gr3pme's Full-Time Hunting Journey Update, Insane AI research, And Some Light News (00:54:50)
Episode 142: In this episode of Critical Thinking - Bug Bounty Podcast Rez0 and Gr3pme join forces to discuss Websocket research, Meta’s $111750 Bug, PROMISQROUTE, and the opportunities afforded by going full time in Bug Bounty.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter:====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor: ThreatLocker. Check out ThreatLocker DACToday’s Guest: https://x.com/gr3pme====== This Week in Bug Bounty ======New Monthly Dojo challenge and Dojo UI designThe ultimate Bug Bounty guide to exploiting race condition vulnerabilities in web applicationsWatch Our boy Brandyn on the TV====== Resources ======murtasecWebSocket Turbo Intruder: Unearthing the WebSocket GoldmineRemote code execution though vulnerability in Facebook Messenger for WindowsFinding vulnerabilities in modern web apps using Claude Code and OpenAI CodexMind the GapPROMISQROUTE====== Timestamps ======(00:00:00) Introduction(00:05:16) Full Time Bug Bounty and Business Startups(00:15:50) Websockets(00:22:17) Meta’s $111750 Bug(00:28:38) Finding vulns using Claude Code and OpenAI Codex(00:39:32) Time-of-Check to Time-of-Use Vulns in LLM-Enabled Agents(00:45:22) PROMISQROUTE
Episode 141: Hacking the Pod - Google Docs 0-day & React CreateElement Exploits with Nick Copi (7urb0) (01:23:31)
Episode 141: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Nick Copi to talk about CSPT, React, CSS Injections and how Nick hacked the pod.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter:https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor: ThreatLocker. Check out ThreatLocker DAChttps://www.criticalthinkingpodcast.io/tl-dacToday’s Guest: https://x.com/7urb01====== Resources ======regexploithttps://github.com/doyensec/regexploitFontleakhttps://adragos.ro/fontleak/debug(function)https://developer.chrome.com/docs/devtools/console/utilities#debug-functiondomloggerpphttps://github.com/kevin-mizu/domloggerpp====== Timestamps ======(00:00:00) Introduction(00:02:40) Google Docs Bug and 7urb0 Introduction(00:13:26) Bring-a-bug story(00:20:21) 7urb0's DEFCON talk teaser & Intrusive Thoughts Worth Sharing(00:30:01) CSPTs and React Apps(00:51:31) CSS Injections(01:04:55) 7urb0's backstory and game hacking(01:18:33) Worst Crit
Episode 140: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph give an update from The Crit Research Lab, as well as some writeups on postMessage vulnerabilities, Cookie Chaos, and more.Follow us on X at: https://x.com/ctbbpodcastGot any ideas and suggestions? Send us feedback at info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord!Get some hacker swag here!====== This Week in Bug Bounty ======Cross-site request forgeryHackerOne New Milestone ProgramEmail santerra.holler@bugcrowd.com for media opportunities====== Resources ======Exploiting Web Worker XSS with BlobsCritical Research LabRez0's TweetCVE-2022-21703: cross-origin request forgery against GrafanaConversation about Forcing Quirks ModeAI Busniess Logic & POC or GTFOHunting postMessage Vulnerabilities – Part 1Hunting postMessage Vulnerabilities – Part 2Executive OffenseCookie Chaos: How to bypass Host and Secure cookie prefixes====== Timestamps ======(00:00:00) Introduction(00:05:48) Crit Research Update(00:13:00) Encouragement & Collaboration(00:19:37) Cross-origin request forgery & Anthropic's web fetch(00:29:17) Quirks Mode, AI Business Logic & POC or GTFO(00:44:21) Hunting postMessage & Claude Code browserbase(00:51:25) Community story, Executive Offense, & Cookie Chaos
Episode 139: James Kettle - Pwning in Prod & How to do Web Security Research (02:21:51)
Episode 139: In this episode of Critical Thinking - Bug Bounty Podcast Justin finally sits down with the great James Kettle to talk about HTTP Proxys, metagaming research, avoiding burnout, and why HTTP/1.1 must die!Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today’s Guest: https://x.com/albinowaxhttps://jameskettle.com====== This Week in Bug Bounty ======Building an Android Bug Bounty labMobile Hacking Toolkit====== Resources ======CVE-2022-22720So you want to be a web security researcher?Hunting Evasive Vulnerabilities: Finding Flaws That Others Miss by James KettleHTTP/1.1 Must Die! The Desync EndgamePractical HTTP Host header attacks====== Timestamps ======(00:00:00) Introduction(00:05:01) Apache MITM-powered pause-based client-side desync(00:15:33) HTTP Proxys and Burp Suite HTTP/2 in Repeater(00:24:52) AI intagrations, life structure, and avoiding burnout(00:35:23) Client-side to server-side progression(00:47:39) The 'metagame' of security research(01:29:43) Host Header Attacks & HTTP/1.1 Must Die! (02:02:34) Is HTTP/2 the solution?
Episode 138: Caido Tools and Workflows (00:22:39)
Episode 138: In this episode of Critical Thinking - Bug Bounty Podcast We’re talking Caido tools and workflows. Justin gives us a list of some of the Caido tools that have caught his interest, as well as how he’s using them.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!====== This Week in Bug Bounty ======Meet YesWeHack at ROOTCON 2025https://www.yeswehack.com/page/meet-yeswehack-at-rootcon-2025New Dojo challenge featuring a Local File Inclusion in a Ruby applicationhttps://dojo-yeswehack.com/challenge-of-the-month/dojo-44?utm_source=sponsor&utm_medium=challenge&utm_campaign=dojo-44AI Red Teaming CTFhttps://ctf.hackthebox.com/event/details/ai-red-teaming-ctf-ai-gon3-rogu3-2604====== Resources ======Web Security Labshttp://caido.rhynorater.com====== Timestamps ======(00:00:00) Introduction(00:02:32) Common filters & command palette in EvenBetter(00:06:49) Notes++(00:09:28) Shift Agents and Drop(00:15:34) Workflows
Episode 137: How We Do AI-Assisted Whitebox Review, New CSPT Gadgets, and Tools from SLCyber (00:49:09)
Episode 137: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner and Joseph Thacker reunite to talk about AI Hacking Assistants, CSPT and cache deception, and a bunch of tools like ch.at, Slice, Ebka, and more.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter:https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!====== This Week in Bug Bounty ======Vulnerability vectors: SQL injection for Bug Bounty huntersMozilla VPN Clients: RCE via file write and path traversal====== Resources ======Cache Deception + CSPT:dig @ch.atSearchlight Cyber ToolsSliceEbka-Caido-AIpostMessage targetOrigin bypass====== Timestamps ======(00:00:00) Introduction(00:01:26) Claude, Gemini, and Hacking Assistants(00:11:08) AI Safety(00:18:09) CSPT(00:23:26) ch.at, Slice, Ebka, & Searchlight Cyber Tools(00:45:19) postMessage targetOrigin bypass
Episode 136: Hacking Cluely, AI Prod Sec, and How To Not Get Sued with Jack Cable (00:50:53)
Episode 136: In this episode of Critical Thinking - Bug Bounty Podcast, Joseph Thacker sits down with Jack Cable to get the scoop on a significant bug in Cluely’s desktop application, as well as the resulting drama. They also talk about Jack’s background in government cybersecurity initiatives, and the legal risks faced by security researchers.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter:https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today’s Sponsor - ThreatLocker. Checkout ThreatLocker Detect! https://www.criticalthinkingpodcast.io/tl-detectToday’s Guest: https://x.com/jackhcable?lang=en====== This Week in Bug Bounty ======Nullcon Berlinhttps://www.yeswehack.com/page/yeswehack-live-hacking-nullcon-berlin-2025?utm_source=sponsor&utm_medium=blog&utm_campaign=lhe-nullcon-berlinBB Bulletin #15https://www.linkedin.com/pulse/bug-bounty-bulletin-15-yes-we-hack-dntue/2x Bounty on Grabhttps://hackerone.com/grab?type=team====== Resources ======Corridorhttps://corridor.dev/disclose.iohttps://disclose.io/====== Timestamps ======(00:00:00) Introduction(00:03:33) Cluely Bug, Government involvement, & Disclosed.io(00:12:33) AI in security & Corridor.dev(00:29:23) Cluely Bug Fallout & Ethics of hacking outside of Programs(00:41:20) Shift Agents
Episode 135: Akamai's Ryan Barnett on WAFs, Unicode Confusables, and Triage Stories (01:26:21)
Episode 135: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Ryan Barnett for a deep dive on WAFs. We also recap his Exploiting Unicode Normalization talk from DEFCON, and get his perspective on bug hunting from his time at Akamai. Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today’s Sponsor - ThreatLocker. Checkout ThreatLocker Detect! https://www.criticalthinkingpodcast.io/tl-detectToday’s Guest: https://x.com/ryancbarnett====== Resources ======Accidental Stored XSS Flaw in Zemanta 'Related Posts' Plugin for TypePadhttps://webappdefender.blogspot.com/2013/04/accidental-stored-xss-flaw-in-zemanta.htmlXSS Street-Fighthttps://media.blackhat.com/bh-dc-11/Barnett/BlackHat_DC_2011_Barnett_XSS%20Streetfight-Slides.pdfBlackhat USA 2025 - Lost in Translation: Exploiting Unicode Normalizationhttps://www.blackhat.com/us-25/briefings/schedule/#lost-in-translation-exploiting-unicode-normalization-44923====== Timestamps ======(00:00:00) Introduction(00:02:49) Accidental Stored XSS in Typepad Plugin (00:06:34) Chatscatter & Abusing third party Analytics(00:11:42) Ryan Barnett Introduction(00:21:11) Virtual Patching & WAF Challenges(00:40:39) AWS API Gateways & Whitelisting Bug Hunter Traffic(00:49:59) Lost in Translation: Exploiting Unicode Normalization(01:11:29) CSPs at the WAF level & 'Bounties for Bypass'
Episode 134: XBOW - AI Hacking Agent and Human in the Loop with Diego Djurado (01:53:35)
Episode 134: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Diego Djurado to give us the scoop on XBOW. We cover a little about its architecture and approach to hunting, the challenges with hallucinations, and the future of AI in the BB landscape. Diego also shares some of his own hacking journey and successes in the Ambassador World cup.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today’s Sponsor - ThreatLocker User StoreToday’s Guest: https://x.com/djurado9====== This Week in Bug Bounty ======Announcement of our upcoming live hacking event at Nullcon Berlin, taking place on September 4-5Bug Bounty Village Speakers 2025Talkie Pwnii Caido showcaseCaido Masterclass – From Setup to ExploitsAccess Control vs Account Takeover: What Bug Bounty Hunters Need to Know====== Resources ======CVE-2025-49493: XML External Entity (XXE) Injection in Akamai CloudTest====== Timestamps ======(00:00:00) Introduction(00:05:56) Diego's ATO Bug(00:12:01) H1 Ambassador World Cup and work with XBOW(00:20:57) XBOW's CloudTest XXE Bug(00:49:59) Freedom, Hallucinations, & Validation(01:07:24) XBOW's Architecture(01:23:50) Humans in the Loop, Harnesses, and Xbow's Reception(01:44:21) Ambassador World Cup plans for the future
Episode 133: Building Hacker Communities - Bug Bounty Village, getDisclosed, and the LHE Squad (01:16:12)
Episode 133: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Harley and Ari from H1 to talk some about community management roles within Bug Bounty, as well as discuss the evolution of Bug Bounty Village at DEFCON, and what they’ve got in store this year.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today’s Guests:x.com/infiniteloginshttps://x.com/Arl_roseToday’s Sponsor is Adobe. Use code CTBBP0907 in your first report on Adobe Behance, Portfolio, Fonts or Acrobat Web, and earn a one-time 10% bonus reward!====== This Week in Bug Bounty ======BBV Platform Panel about TriageYesWeHACK Makes Debut at Black Hat USA 2025New Dojo challenge featuring a time-based token prediction combined PyYAML deserializationGMSGadget====== Resources ======Bug Bounty VillageSign up for the Disclosed NewsletterDisclosed OnlineHarley's Youtube Channel====== Timestamps ======(00:00:00) Introduction(00:05:51) Bug Stories and Hacking Journeys(00:32:37) Community Management within Bug Bounty(00:39:43) Bug Bounty Village - Origin & 2025 Plans(01:02:39) Disclosed Online and Harley's Upcoming Ebook
Episode 132: Archive Testing Methodology with Mathias Karlsson (01:49:32)
Episode 132: In this episode of Critical Thinking - Bug Bounty Podcast, Justin Gardner is joined by Mathias Karlsson to discuss vulnerabilities associated with archives. They talk about his new tool, Archive Alchemist, and explore topics like the significance of Unicode paths, symlinks, and TAR before they end up talking about Charsets again..Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord!You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor: ThreatLocker - Patch ManagementToday’s Guest: Mathias Karlsson====== This Week in Bug Bounty ======Swiss Post's 2025 Public Intrusion Test starts on July 28Intigriti teams with NVIDIABugcrowd Ingenuity AwardsHack the Hacker Series - AI Vulnerabilities and Bug BountiesA Novel Technique for SQL Injection in PDO’s Prepared StatementsHow We Accidentally Discovered a Remote Code Execution Vulnerability in ETQ Reliance====== Resources ======Archive AlchemistHacking Livestream #53: The ZIP file format====== Timestamps ======(00:00:00) Introduction(00:10:04) Archive Alchemist(00:36:05) Unicode Extensions, normalization, and confusion attacks on Zip parsers(00:48:44) Character Sets(01:01:49) 7zip & File Names (01:06:44) Path Traversal, Symlinks & Identifying Techniques(01:36:05) Hardlinks and TAR
Episode 131: In this episode of Critical Thinking - Bug Bounty Podcast we're covering Christmas in July with several banger articles from Searchlight Cyber, as well as covering things like Raycast for Windows, Third-Person prompting, and touch on the recent McDonalds LeakFollow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today’s Sponsor is Adobe. Use code CTBBP0907 in your first report on Adobe Behance, Portfolio, Fonts or Acrobat Web, and earn a one-time 10% bonus reward!====== Resources ======v1 Instance Metadata Service protections bypassWould you like an IDOR with that? Leaking 64 million McDonald’s job applicationsHow we got persistent XSS on every AEM cloud site, thriceGoogle docs now supports export as markdownAbusing Windows, .NET quirks, and Unicode Normalization to exploit DNN (DotNetNuke)How I Scanned all of GitHub’s “Oops Commits” for Leaked SecretsBug bounty, feedback, strategy and alchemy====== Timestamps ======(00:00:00) Introduction(00:05:39) Metadata Service protections bypass & Mcdonalds Leak(00:12:30) Christmas in July with Searchlight Cyber Pt 1(00:19:43) Export as Markdown, Raycast for Windows, & Third-Person prompting(00:23:56) Christmas in July with Searchlight Cyber Pt 2(00:27:39) GitHub’s “Oops Commits” for Leaked Secrets(00:36:53) Bug bounty, feedback, strategy and alchemy
