Critical Thinking - Bug Bounty Podcast

Justin Gardner (Rhynorater), Joseph Thacker (Rez0), & Brandyn Murtagh (gr3pme)

A "by Hackers for Hackers" podcast focused on technical content ranging from bug bounty tips, to write-up explanations, to the latest hacking techniques.

  1. -5 Ч

    Episode 175: Rhyno’s Hackbot Setup, Sick Bugs, and ZDI Drama

    Episode 175: In this episode of Critical Thinking - Bug Bounty Podcast we’re comparing Hackbot setups and results. We also talk about some of the recent ZDI drama, as well as the importance of freaking beautiful POCs Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater, rez0 and gr3pme on X:  https://x.com/Rhynorater https://x.com/rez0__ https://x.com/gr3pme Critical Research Lab: https://lab.ctbb.show/  Need a Pentest? We just launched CTBB Pentests! https://pentest.ctbb.show/ Hack full time? Check out the Full-Time Hunter’s Guild! https://ctbb.show/fthg ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch! Today's Sponsor: Check out Zero Trust Cloud Access from ThreatLocker https://www.criticalthinkingpodcast.io/tl-ztca ====== Resources ====== Another day, another universal linux LPE https://x.com/v12sec/status/2054491454064746629 ZDI Drama https://x.com/ryotkak/status/2052881664909660521 Orange Tsai Bug on Edge https://x.com/thezdi/status/2054868495888777266 Chompie's Exploit in NV Container Toolkit https://x.com/chompie1337/status/2054882193055601140 GitHub Security April bug bounty stats https://x.com/GitHubSecurity/status/2054274356403138932 ====== Timestamps ====== (00:00:00) Introduction (00:02:14) q param prompt injection & Mobile CSPT (00:14:17) Admin API Key MegaCrit (00:17:13) Hackbots (00:37:10) Pretty POCs and ZDI Drama (00:44:48) GitHub Security April Stats

    50 мин.

  2. 14 МАЯ

    Episode 174: Saving Bug Bounty Programs + AMPScript, tessl & GPT-5.5

    Episode 174: In this episode of Critical Thinking - Bug Bounty Podcast we follow up from last episode with some advice for BB platforms, as well as cover a slew of writeups from Searchlight Cyber, watchTowr, and Starstrike. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater, rez0 and gr3pme on X:  https://x.com/Rhynorater https://x.com/rez0__ https://x.com/gr3pme Critical Research Lab: https://lab.ctbb.show/  ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch! Need a Pentest? We just launched CTBB Pentests! https://pentest.ctbb.show/ Hack full time? Check out the Full-Time Hunter’s Guild! https://ctbb.show/fthg ====== This Week in Bug Bounty ====== COST, AI frontier models and more: A measured take on the future of security testing https://www.yeswehack.com/security-best-practices/cost-mythos-future-security-testing Common AI misconceptions debugged! https://www.intigriti.com/blog/business-insights/common-misconceptions-debugged#trend-3-validity-ratios-remain-constant-ai-slop-isnt-rising-as-a-proportion BountySync + Social https://luma.com/bountysync_social ====== Resources ====== Ghosts of Encryption Past https://slcyber.io/research-center/ghosts-of-encryption-past-salesforce-exacttarget/ tessl Skill Optimizer https://tessl.io/registry/tessl/skill-optimizer/0.8.0 The Internet Is Falling Down, Falling Down, Falling Down https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/ High Fidelity Check for the cPanel Authentication Bypass https://slcyber.io/research-center/high-fidelity-check-for-the-cpanel-authentication-bypass-cve-2026-41940/ Achieving Deterministic Prompt Injection Through Client-Side Feedback Loops https://blog.starstrike.ai/posts/achieving-deterministic-prompt-injection-through-client-side-feedback-loops/ GPT-5.5: Mythos-Like Hacking, Open To All https://xbow.com/blog/mythos-like-hacking-open-to-all Remote Command Execution in Google Cloud with Single Directory Deletion https://flatt.tech/research/posts/remote-command-execution-in-google-cloud-with-single-directory-deletion/?utm_source=bugbountydaily.com&utm_medium=referral ====== Timestamps ====== (00:00:00) Introduction (00:09:20) AMPScript (00:25:10) Tessl Skill Optimizer (00:33:07) cPanel & WHM Authentication Bypass (00:40:46) Advice for Bug Bounty Programs (00:50:07) Prompt Injection Through Client-Side Feedback Loops (00:54:37) GPT 5.5 (01:01:00) Remote Command Execution in Google Cloud

    1 ч. 10 мин.

  3. 7 МАЯ

    Episode 173: Bug Bounty is Dead and AI Killed it.

    Episode 173: In this episode of Critical Thinking - Bug Bounty Podcast we’re talking about the negative effects that AI is having on the Bug Bounty scene as a whole. Is it over, or are we so back? Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater, rez0 and gr3pme on X:  https://x.com/Rhynorater https://x.com/rez0__ https://x.com/gr3pme Critical Research Lab: https://lab.ctbb.show/  ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch! Today's Sponsor: Check out Zero Trust Cloud Access: https://www.criticalthinkingpodcast.io/tl-ztca ====== Resources ====== We want your feedback on this! https://forms.ctbb.show/future_of_bug_bounty Evolving the Android & Chrome VRPs for the AI Era https://bughunters.google.com/blog/evolving-the-android-chrome-vrps-for-the-ai-era Paid Submissions? https://x.com/d0rsky/status/2047744193976742120 Keep the Robots Out of the Gym https://danielmiessler.com/blog/keep-the-robots-out-of-the-gym Is my data used for model training? https://privacy.claude.com/en/articles/10023580-is-my-data-used-for-model-training ====== Timestamps ====== (00:00:00) Introduction (00:06:28) Network effects of Bug Bounty (00:31:55) Hopium/Copium (00:47:21) The Great Training Data Debate

    1 ч. 2 мин.

  4. 30 АПР.

    Episode 172: Source Code Review Meta Analysis

    Episode 172: In this episode of Critical Thinking - Bug Bounty Podcast trying out a new structure of episode: a Meta Analysis of sorts of many Source Code Review techniques. This episode features tips gathered from Shubs, Rafax, and FSI. Justin highlights best approaches, patterns, and common pitfalls. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater, rez0 and gr3pme on X:  https://x.com/Rhynorater https://x.com/rez0__ https://x.com/gr3pme Critical Research Lab: https://lab.ctbb.show/  ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch! Today’s Sponsor: Adobe - Get 10% bonus for valid AI vulnerabilities in Adobe Stock and Lightroom Web. Use code: CTBB063026 in your report. Expires June 30, 2026.  ====== This Week in Bug Bounty ====== Open-source security testing: the Bug Bounty guide to code analysis https://www.yeswehack.com/learn-bug-bounty/open-source-guide-code-analysis?utm_source=youtube&utm_medium=sponsor-critical-thinking&utm_campaign=open-source-guide-code-analysis ====== Resources ====== Abusing Windows, .NET quirks, and Unicode Normalization to exploit DNN (DotNetNuke) https://slcyber.io/research-center/abusing-windows-net-quirks-and-unicode-normalization-to-exploit-dnn-dotnetnuke/#:~:text=across%20different%20languages.-,A%20MUST%2DKNOW%20BEHAVIOUR%20OF%20PATH.COMBINE,-Another%20key%20implementation ====== Timestamps ====== (00:00:00) Introduction (00:06:49) Tracing Data Flow, knowing where your playload is landing, and developer mistakes. (00:17:33) Mapping the software (00:24:46) Sniffing for blood (00:31:54) Common Patterns and Pitfalls

    51 мин.

  5. 23 АПР.

    Episode 171: Path-Scoped Cookie Hacks with Uppercase & Post-based Raw Protobuf XSS

    Episode 171: In this episode of Critical Thinking - Bug Bounty Podcast Justin gives us some quick tips from his own hacking, including some clickjacking, using capital letters, and the potential value of leaking ages Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater, rez0 and gr3pme on X:  https://x.com/Rhynorater https://x.com/rez0__ https://x.com/gr3pme Critical Research Lab: https://lab.ctbb.show/  ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch! Today's Sponsor: Check out ThreatLocker Ringfencing https://www.criticalthinkingpodcast.io/tl-rf ====== Resources ====== The ultimate Bug Bounty guide to OS command injection vulnerabilities https://www.yeswehack.com/learn-bug-bounty/ultimate-guide-os-command-injection?utm_source=critical-thinking-podcast&utm_medium=youtube&utm_campaign=article-os-command-injection Critical auth bypass in WordPress Azure AD SSO plugin due to missing OIDC id_token validation https://www.yeswehack.com/news/auth-bypass-wordpress-azure-plugin?utm_source=critical-thinking-podcast&utm_medium=youtube&utm_campaign=article-wordpress-bypass-plugin Aituglo featured on YWH https://www.yeswehack.com/community/developer-aituglo-bug-bounty-story Adobe will be sponsoring Ekoparty in Miami and hosting a live hacking event on May 21st https://ekoparty.org/ekoparty-miami-2026-super-live-hacking-event/ ====== Resources ====== SVG clickjacking https://lyra.horse/blog/2025/12/svg-clickjacking/  ====== Timestamps ====== (00:00:00) Introduction (00:06:35) Protobuff XSS (00:12:51) Leaking Age & CSPTs (00:15:59) Capital Letters and Clickjacking

    23 мин.

  6. 16 АПР.

    Episode 170: Claude Code + Tmux, Websockets, and Other Korea LHE Takeaways

    Episode 170: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph their trip to Korea with some quick takeaways from the LHE.  Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater, rez0 and gr3pme on X:  https://x.com/Rhynorater https://x.com/rez0__ https://x.com/gr3pme Critical Research Lab: https://lab.ctbb.show/  ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch! ====== Timestamps ====== (00:00:00) Introduction (00:01:41) Google LHE Debrief (00:09:27) Old AI Exfils & AI report writing (00:18:14) Human Tokens (00:26:13) Protoscope & Caido Websocket Repeater

    33 мин.

  7. 9 АПР.

    Episode 169: Attacking OAuth 2.1

    Episode 169: In this episode of Critical Thinking - Bug Bounty Podcast gr3pme goes over some of the changes from OAuth 2.0 vs 2.1 and how Hackers can capitalize. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater, rez0 and gr3pme on X:  https://x.com/Rhynorater https://x.com/rez0__ https://x.com/gr3pme Critical Research Lab: https://lab.ctbb.show/  ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch! Today's Sponsor: Check out ThreatLocker Ringfencing https://www.criticalthinkingpodcast.io/tl-rf ====== This Week in Bug Bounty ====== Intigriti is providing free Burp Pro for Hackers! https://www.intigriti.com/blog/news/intigriti-collaborates-with-portswigger-to-support-ethical-hacking-excellence ====== Resources ====== Django-allauth Account Takeover (ZeroPath Audit) https://zeropath.com/blog/django-allauth-account-takeover-vulnerabilities CVE-2025-4144: Cloudflare Workers PKCE Bypass https://github.com/cloudflare/workers-oauth-provider/security/advisories/GHSA-qgp8-v765-qxx9 CVE-2025-54576: OAuth2-Proxy Auth Bypass https://zeropath.com/blog/cve-2025-54576-oauth2-proxy-auth-bypass ====== Timestamps ====== (00:00:00) Introduction (00:02:16) OAuth 2.0 Standards (00:12:08) Agent to Agent Communication (00:17:19) CVE Case studies

    30 мин.

  8. 2 АПР.

    Episode 168: XSSDoctor - Client-side Path Traversal Research

    Episode 168: In this episode of Critical Thinking - Bug Bounty Podcast we’re getting a visit from the XSS Doctor. Jonathan joins us to go through his Client-side workflow, run labs, and diagnose some bugs live. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater, rez0 and gr3pme on X:  https://x.com/Rhynorater https://x.com/rez0__ https://x.com/gr3pme Critical Research Lab: https://lab.ctbb.show/  ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch! Today’s Guest: https://x.com/xssdoctor ====== Resources ====== The Dot-Dot-Slash That Frameworks Hand You: CSPT Across Every Major Frontend Framework https://lab.ctbb.show/research/the-dot-dot-slash-that-frameworks-hand-you URL validation bypass cheat sheet https://portswigger.net/web-security/ssrf/url-validation-bypass-cheat-sheet ====== Timestamps ====== (00:00:00) Introduction (00:01:37) Home Automation AI Hack & E-signature bug stories (00:12:15) E-signature bug (00:17:01) XSS DR Intro and Bug Bounty Journey (00:31:51) CSPT Workflows (01:07:57) Wildcard Path Parameters  (01:30:34) Custom Sinks

    1 ч. 36 мин.
См. все (175)

Об этом подкасте

A "by Hackers for Hackers" podcast focused on technical content ranging from bug bounty tips, to write-up explanations, to the latest hacking techniques.

Информация

  • Автор
    Justin Gardner (Rhynorater), Joseph Thacker (Rez0), & Brandyn Murtagh (gr3pme)
  • Годы выхода
    2023 - 2026
  • Выпуски
    175
  • Ограничения
    С ненормативной лексикой
  • Авторские права
    © Critical Thinking Podcast
  • Сайт подкаста
    Critical Thinking - Bug Bounty Podcast

Вам может также понравиться