Critical Thinking - Bug Bounty Podcast

Justin Gardner (Rhynorater) & Joseph Thacker (Rez0)

A "by Hackers for Hackers" podcast focused on technical content ranging from bug bounty tips, to write-up explanations, to the latest hacking techniques.

  1. 2 DAYS AGO

    Episode 142: gr3pme's full-time hunting journey update, insane AI research, and some light news

    Episode 142: In this episode of Critical Thinking - Bug Bounty Podcast Rez0 and Gr3pme join forces to discuss Websocket research, Meta’s $111750 Bug, PROMISQROUTE, and the opportunities afforded by going full time in Bug Bounty. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch! Today's Sponsor: ThreatLocker. Check out ThreatLocker DAC Today’s Guest: https://x.com/gr3pme ====== This Week in Bug Bounty ====== New Monthly Dojo challenge and Dojo UI design The ultimate Bug Bounty guide to exploiting race condition vulnerabilities in web applications Watch Our boy Brandyn on the TV ====== Resources ====== murtasec WebSocket Turbo Intruder: Unearthing the WebSocket Goldmine Remote code execution though vulnerability in Facebook Messenger for Windows Finding vulnerabilities in modern web apps using Claude Code and OpenAI Codex Mind the Gap PROMISQROUTE ====== Timestamps ====== (00:00:00) Introduction (00:05:16) Full Time Bug Bounty and Business Startups (00:15:50) Websockets (00:22:17) Meta’s $111750 Bug (00:28:38) Finding vulns using Claude Code and OpenAI Codex (00:39:32) Time-of-Check to Time-of-Use Vulns in LLM-Enabled Agents (00:45:22) PROMISQROUTE

    55 min

  2. 25 SEPT

    Episode 141: Hacking the Pod - Google Docs 0-day & React CreateElement Exploits with Nick Copi (7urb0)

    Episode 141: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Nick Copi to talk about CSPT, React, CSS Injections and how Nick hacked the pod. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater https://x.com/rez0__ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch! Today's Sponsor: ThreatLocker. Check out ThreatLocker DAC https://www.criticalthinkingpodcast.io/tl-dac Today’s Guest: https://x.com/7urb01 ====== Resources ====== regexploit https://github.com/doyensec/regexploit Fontleak https://adragos.ro/fontleak/ debug(function) https://developer.chrome.com/docs/devtools/console/utilities#debug-function domloggerpp https://github.com/kevin-mizu/domloggerpp ====== Timestamps ====== (00:00:00) Introduction (00:02:40) Google Docs Bug and 7urb0 Introduction (00:13:26) Bring-a-bug story (00:20:21) 7urb0's DEFCON talk teaser & Intrusive Thoughts Worth Sharing (00:30:01) CSPTs and React Apps (00:51:31) CSS Injections (01:04:55) 7urb0's backstory and game hacking (01:18:33) Worst Crit

    1h 24m

  3. 18 SEPT

    Episode 140: Crit Research Lab Update & Client-Side Tricks Galore

    Episode 140: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph give an update from The Crit Research Lab, as well as some writeups on postMessage vulnerabilities, Cookie Chaos, and more. Follow us on X at: https://x.com/ctbbpodcast Got any ideas and suggestions? Send us feedback at info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord! Get some hacker swag here! ====== This Week in Bug Bounty ====== Cross-site request forgery HackerOne New Milestone Program Email santerra.holler@bugcrowd.com for media opportunities ====== Resources ====== Exploiting Web Worker XSS with Blobs Critical Research Lab Rez0's Tweet CVE-2022-21703: cross-origin request forgery against Grafana Conversation about Forcing Quirks Mode AI Busniess Logic & POC or GTFO Hunting postMessage Vulnerabilities – Part 1 Hunting postMessage Vulnerabilities – Part 2 Executive Offense Cookie Chaos: How to bypass Host and Secure cookie prefixes ====== Timestamps ====== (00:00:00) Introduction (00:05:48) Crit Research Update (00:13:00) Encouragement & Collaboration (00:19:37) Cross-origin request forgery & Anthropic's web fetch (00:29:17) Quirks Mode, AI Business Logic & POC or GTFO (00:44:21) Hunting postMessage & Claude Code browserbase (00:51:25) Community story, Executive Offense, & Cookie Chaos

    58 min

  4. 11 SEPT

    Episode 139: James Kettle - Pwning in Prod & How to do Web Security Research

    Episode 139: In this episode of Critical Thinking - Bug Bounty Podcast Justin finally sits down with the great James Kettle to talk about HTTP Proxys, metagaming research, avoiding burnout, and why HTTP/1.1 must die! Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater https://x.com/rez0__ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch! Today’s Guest: https://x.com/albinowax https://jameskettle.com ====== This Week in Bug Bounty ====== Building an Android Bug Bounty lab Mobile Hacking Toolkit ====== Resources ====== CVE-2022-22720 So you want to be a web security researcher? Hunting Evasive Vulnerabilities: Finding Flaws That Others Miss by James Kettle HTTP/1.1 Must Die! The Desync Endgame Practical HTTP Host header attacks ====== Timestamps ====== (00:00:00) Introduction (00:05:01) Apache MITM-powered pause-based client-side desync (00:15:33) HTTP Proxys and Burp Suite HTTP/2 in Repeater (00:24:52) AI intagrations, life structure, and avoiding burnout (00:35:23) Client-side to server-side progression (00:47:39) The 'metagame' of security research (01:29:43) Host Header Attacks & HTTP/1.1 Must Die! (02:02:34) Is HTTP/2 the solution?

    2h 22m

  5. 4 SEPT

    Episode 138: Caido Tools and Workflows

    Episode 138: In this episode of Critical Thinking - Bug Bounty Podcast We’re talking Caido tools and workflows. Justin gives us a list of some of the Caido tools that have caught his interest, as well as how he’s using them. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater https://x.com/rez0__ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch! ====== This Week in Bug Bounty ====== Meet YesWeHack at ROOTCON 2025 https://www.yeswehack.com/page/meet-yeswehack-at-rootcon-2025 New Dojo challenge featuring a Local File Inclusion in a Ruby application https://dojo-yeswehack.com/challenge-of-the-month/dojo-44?utm_source=sponsor&utm_medium=challenge&utm_campaign=dojo-44 AI Red Teaming CTF https://ctf.hackthebox.com/event/details/ai-red-teaming-ctf-ai-gon3-rogu3-2604 ====== Resources ====== Web Security Labs http://caido.rhynorater.com ====== Timestamps ====== (00:00:00) Introduction (00:02:32) Common filters & command palette in EvenBetter (00:06:49) Notes++ (00:09:28) Shift Agents and Drop (00:15:34) Workflows

    23 min

  6. 28 AUG

    Episode 137: How We Do AI-Assisted Whitebox Review, New CSPT Gadgets, and Tools from SLCyber

    Episode 137: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner and Joseph Thacker reunite to talk about AI Hacking Assistants, CSPT and cache deception, and a bunch of tools like ch.at, Slice, Ebka, and more. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater https://x.com/rez0__ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch! ====== This Week in Bug Bounty ====== Vulnerability vectors: SQL injection for Bug Bounty hunters Mozilla VPN Clients: RCE via file write and path traversal ====== Resources ====== Cache Deception + CSPT: dig @ch.at Searchlight Cyber Tools Slice Ebka-Caido-AI postMessage targetOrigin bypass ====== Timestamps ====== (00:00:00) Introduction (00:01:26) Claude, Gemini, and Hacking Assistants (00:11:08) AI Safety (00:18:09) CSPT (00:23:26) ch.at, Slice, Ebka, & Searchlight Cyber Tools (00:45:19) postMessage targetOrigin bypass

    49 min

  7. 21 AUG

    Episode 136: Hacking Cluely, AI Prod Sec, and How To Not Get Sued with Jack Cable

    Episode 136: In this episode of Critical Thinking - Bug Bounty Podcast, Joseph Thacker sits down with Jack Cable to get the scoop on a significant bug in Cluely’s desktop application, as well as the resulting drama. They also talk about Jack’s background in government cybersecurity initiatives, and the legal risks faced by security researchers. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater https://x.com/rez0__ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch! Today’s Sponsor - ThreatLocker. Checkout ThreatLocker Detect! https://www.criticalthinkingpodcast.io/tl-detect Today’s Guest: https://x.com/jackhcable?lang=en ====== This Week in Bug Bounty ====== Nullcon Berlin https://www.yeswehack.com/page/yeswehack-live-hacking-nullcon-berlin-2025?utm_source=sponsor&utm_medium=blog&utm_campaign=lhe-nullcon-berlin BB Bulletin #15 https://www.linkedin.com/pulse/bug-bounty-bulletin-15-yes-we-hack-dntue/ 2x Bounty on Grab https://hackerone.com/grab?type=team ====== Resources ====== Corridor https://corridor.dev/ disclose.io https://disclose.io/ ====== Timestamps ====== (00:00:00) Introduction (00:03:33) Cluely Bug, Government involvement, & Disclosed.io (00:12:33) AI in security & Corridor.dev (00:29:23) Cluely Bug Fallout & Ethics of hacking outside of Programs (00:41:20) Shift Agents

    51 min

  8. 14 AUG

    Episode 135: Akamai's Ryan Barnett on WAFs, Unicode Confusables, and Triage Stories

    Episode 135: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Ryan Barnett for a deep dive on WAFs. We also recap his Exploiting Unicode Normalization talk from DEFCON, and get his perspective on bug hunting from his time at Akamai. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater https://x.com/rez0__ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch! Today’s Sponsor - ThreatLocker. Checkout ThreatLocker Detect! https://www.criticalthinkingpodcast.io/tl-detect Today’s Guest: https://x.com/ryancbarnett ====== Resources ====== Accidental Stored XSS Flaw in Zemanta 'Related Posts' Plugin for TypePad https://webappdefender.blogspot.com/2013/04/accidental-stored-xss-flaw-in-zemanta.html XSS Street-Fight https://media.blackhat.com/bh-dc-11/Barnett/BlackHat_DC_2011_Barnett_XSS%20Streetfight-Slides.pdf Blackhat USA 2025 - Lost in Translation: Exploiting Unicode Normalization https://www.blackhat.com/us-25/briefings/schedule/#lost-in-translation-exploiting-unicode-normalization-44923 ====== Timestamps ====== (00:00:00) Introduction (00:02:49) Accidental Stored XSS in Typepad Plugin (00:06:34) Chatscatter & Abusing third party Analytics (00:11:42) Ryan Barnett Introduction (00:21:11) Virtual Patching & WAF Challenges (00:40:39) AWS API Gateways & Whitelisting Bug Hunter Traffic (00:49:59) Lost in Translation: Exploiting Unicode Normalization (01:11:29) CSPs at the WAF level & 'Bounties for Bypass'

    1h 26m
See All (142)

Ratings & Reviews

5
out of 5
2 Ratings

About

A "by Hackers for Hackers" podcast focused on technical content ranging from bug bounty tips, to write-up explanations, to the latest hacking techniques.

Information

  • Creator
    Justin Gardner (Rhynorater) & Joseph Thacker (Rez0)
  • Years Active
    2023 - 2025
  • Episodes
    142
  • Rating
    Explicit
  • Copyright
    © Critical Thinking Podcast
  • Show Website
    Critical Thinking - Bug Bounty Podcast

You Might Also Like