Critical Thinking - Bug Bounty Podcast

Justin Gardner (Rhynorater), Joseph Thacker (Rez0), & Brandyn Murtagh (gr3pme)

A "by Hackers for Hackers" podcast focused on technical content ranging from bug bounty tips, to write-up explanations, to the latest hacking techniques.

  1. 1D AGO

    Episode 168: XSSDoctor - Client-side Path Traversal Research

    Episode 168: In this episode of Critical Thinking - Bug Bounty Podcast we’re getting a visit from the XSS Doctor. Jonathan joins us to go through his Client-side workflow, run labs, and diagnose some bugs live. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater, rez0 and gr3pme on X:  https://x.com/Rhynorater https://x.com/rez0__ https://x.com/gr3pme Critical Research Lab: https://lab.ctbb.show/  ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch! Today’s Guest: https://x.com/xssdoctor ====== Resources ====== The Dot-Dot-Slash That Frameworks Hand You: CSPT Across Every Major Frontend Framework https://lab.ctbb.show/research/the-dot-dot-slash-that-frameworks-hand-you URL validation bypass cheat sheet https://portswigger.net/web-security/ssrf/url-validation-bypass-cheat-sheet ====== Timestamps ====== (00:00:00) Introduction (00:01:37) Home Automation AI Hack & E-signature bug stories (00:12:15) E-signature bug (00:17:01) XSS DR Intro and Bug Bounty Journey (00:31:51) CSPT Workflows (01:07:57) Wildcard Path Parameters  (01:30:34) Custom Sinks

    1h 36m

  2. MAR 26

    Episode 167: Stealing Bugs with Valeriy Shevchenko

    Episode 167: In this episode of Critical Thinking - Bug Bounty Podcast we welcome Valeriy Shevchenko to talk about program management, anchor programs, and Theft in Bug Bounty. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater, rez0 and gr3pme on X:  https://x.com/Rhynorater https://x.com/rez0__ https://x.com/gr3pme Critical Research Lab: https://lab.ctbb.show/  ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch! Today's Sponsor: Check out ThreatLocker Ringfencing https://www.criticalthinkingpodcast.io/tl-rf Today’s Guest: https://x.com/Krevetk0Valeriy ====== This Week in Bug Bounty ====== HackerOne’s Bug Bounty Maturity Framework: https://www.hackerone.com/blog/program-maturity-framework-bug-bounty-operations Intigriti is hiring a Product Security Analyst https://jobs.criticalthinkingpodcast.io/jobs/product-security-analyst-25ef4706 ====== Resources ====== Valeriy’s Blog https://krevetk0.medium.com/ ====== Timestamps ====== (00:00:00) Introduction (00:03:15) Valeriy's Bug story (00:19:48) Anchor Programs and Bug Hunting Motivation (00:29:50) Stealing Bugs

    52 min

  3. MAR 19

    Episode 166: Rez0’s Top Claude Skill Secrets

    Episode 166: In this episode of Critical Thinking - Bug Bounty Podcast we talk about Rez0’s Claude Skill Secrets, when AI Generated reports fall apart, and agents vs filters. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater, rez0 and gr3pme on X:  https://x.com/Rhynorater https://x.com/rez0__ https://x.com/gr3pme Critical Research Lab: https://lab.ctbb.show/  ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch! Today’s Sponsor: Adobe ====== This Week in Bug Bounty ====== Intigriti launched their ambassadors program. https://www.intigriti.com/ambassador Adobe will be at Hack The Bay https://www.hackthebay.org/ Bug Bounty Maturity Framework https://bugbountymaturity.com/ ====== Resources ====== h1-brain https://github.com/PatrikFehrenbach/h1-brain caido skills http://github.com/caido/skills Tweet from Karpathy https://x.com/karpathy/status/2031767720933634100?s=20 Find every inefficiency in your Claude workflow with one prompt https://x.com/shannholmberg/status/2030605364421595468 ====== Timestamps ====== (00:00:00) Introduction (00:08:28) Claude skills (00:30:00) How AI Generated reports fall apart (00:38:44) Orchestration (00:49:10) Agents vs Folders

    53 min

  4. MAR 12

    Episode 165: Protobuf Hacking, AI-Powered Bug Hunting, and Self-Improving Claude Workflows

    Episode 165: In this episode of Critical Thinking - Bug Bounty Podcast Justin recaps his Zero Trust World experience, before we dive into Permissions issues client-side bugs, New Hardware Hacking Classes, and using AI to hack. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater, rez0 and gr3pme on X:  https://x.com/Rhynorater https://x.com/rez0__ https://x.com/gr3pme Critical Research Lab: https://lab.ctbb.show/  ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch! Today's Sponsor: Check out ThreatLocker Ringfencing https://www.criticalthinkingpodcast.io/tl-rf ====== Resources ====== bbscope Update https://x.com/sw33tLie/status/2029344643154919720 Matt Brown's Youtube Channel https://www.youtube.com/channel/UC3VDCeZYZH7mCihtMVHqppw Matt's Twitter: https://x.com/nmatt0 MCP server for HackerOne to search reports https://x.com/OriginalSicksec/status/2029503063095124461?s=20 Caido Skills https://github.com/caido/skills The Agentic Hacking Era: Ramblings and a Tool https://josephthacker.com/hacking/2026/03/06/the-agentic-hacking-era.html Announcing AI-driven Caido https://caido.io/blog/2026-03-06-caido-skill ====== Timestamps ====== (00:00:00) Introduction (00:06:23) bbscope report dumping & Matt Brown Training (00:13:10) MCP server for HackerOne to search reports & protobuff success (00:24:24) Hacking Mics with Permissions issues client-side bugs (00:27:26) Can AI Hack things?

    44 min

  5. MAR 5

    Episode 164: Tommy DeVoss: From Black Hat to Bug Bounty LEGEND

    Episode 164: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Tommy DeVoss to talk about his origin story, Yahoo bugs, and how Tommy first got Justin into Bug Bounty Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater, rez0 and gr3pme on X:  https://x.com/Rhynorater https://x.com/rez0__ https://x.com/gr3pme Critical Research Lab: https://lab.ctbb.show/  ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch! Today’s Guest: https://x.com/thedawgyg ====== This Week in Bug Bounty ====== Python pitfalls: Turning developer mistakes into vulnerabilities https://www.yeswehack.com/learn-bug-bounty/python-pitfalls-turning-developer-mistakes?utm_source=critical-thinking&utm_medium=sponsored&utm_campaign=article-research-python-pitfalls ====== Timestamps ====== (00:00:00) Introduction (00:06:22) Yahoo SSRF (00:14:56) Tommy's Origin (00:44:10) Bug Bounty (00:51:47) SSRF Attraction, AI implementation, & Browser Hacking

    1h 12m

  6. FEB 26

    Episode 163: Best Technical Takeaways from Portswigger Top 10 2025

    Episode 163: In this episode of Critical Thinking - Bug Bounty Podcast It’s that time of year again! We’re looking at the Portswigger Research list of top 10 web hacking techniques of 2025. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater, rez0 and gr3pme on X:  https://x.com/Rhynorater https://x.com/rez0__ https://x.com/gr3pme Critical Research Lab: https://lab.ctbb.show/  ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch! ====== Resources ====== Parser Differentials: When Interpretation Becomes a Vulnerability https://www.youtube.com/watch?v=Dq_KVLXzxH8 XSS-Leak: Leaking Cross-Origin Redirects https://blog.babelo.xyz/posts/cross-site-subdomain-leak/ Playing with HTTP/2 CONNECT https://blog.flomb.net/posts/http2connect/ Next.js, cache, and chains: the stale elixir https://zhero-web-sec.github.io/research-and-things/nextjs-cache-and-chains-the-stale-elixir SOAPwn: Pwning .NET Framework Apps Through HTTP Client Proxies And WSDL https://watchtowr.com/wp-content/uploads/SOAPwnwatchtowr_soappwn-research-whitepaper_10-12-2025.pdf Cross-Site ETag Length Leak https://blog.arkark.dev/2025/12/26/etag-length-leak Lost in Translation: Exploiting Unicode Normalization https://www.youtube.com/watch?v=ETB2w-f3pM4 ORM Leaking More Than You Joined For https://www.elttam.com/blog/leaking-more-than-you-joined-for/ Novel SSRF Technique Involving HTTP Redirect Loops https://slcyber.io/research-center/novel-ssrf-technique-involving-http-redirect-loops/ Successful Errors: New Code Injection and SSTI Techniques https://github.com/vladko312/Research_Successful_Errors ====== Timestamps ====== (00:00:00) Introduction (00:02:33) Parser Differentials: When Interpretation Becomes a Vulnerability (00:11:02) XSS-Leak: Leaking Cross-Origin Redirects (00:18:25) Playing with HTTP/2 CONNECT (00:22:10) Next.js, cache, and chains: the stale elixir (00:29:15) SOAPwn: Pwning .NET Framework Apps Through HTTP Client Proxies And WSDL (00:34:27) Cross-Site ETag Length Leak (00:41:47) Lost in Translation: Exploiting Unicode Normalization (00:47:27) ORM Leaking More Than You Joined For (00:54:07) Novel SSRF Technique Involving HTTP Redirect Loops (00:58:40) Successful Errors: New Code Injection and SSTI Techniques

    1h 8m

  7. FEB 19

    Episode 162: HackerOne Training AI on Bug Bounty Data?

    Episode 162: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph sit down with HackerOne Founder & CTO Alex Rice to discuss concerns of Using Hacker Data for AI and decreasing bounties. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater, rez0 and gr3pme on X:  https://x.com/Rhynorater https://x.com/rez0__ https://x.com/gr3pme Critical Research Lab: https://lab.ctbb.show/  ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch! Today's Sponsor: Join Justin at Zero Trust World in March and get $200 off registration with Code ZTWCTBB26 https://ztw.com/ Today’s Guest: https://x.com/senorarroz ====== This Week in Bug Bounty ====== XML external entity: The ultimate Bug Bounty guide to exploiting XXE vulnerabilities https://www.yeswehack.com/learn-bug-bounty/xml-external-entity-guide-xxe?utm_source=Critical_Thinking&utm_medium=Youtube&utm_campaign=XXE_Critical_Thinking&utm_id=XXE_CT Bug Bounty Maturity Framework https://bugbountymaturity.com/ ====== Resources ====== Confidential Information and Confidentiality Obligations https://www.hackerone.com/terms/general#:~:text=HackerOne%20may%20use%20Confidential%20Information%20to%20develop%20and/or%20improve%20its%20Services%20(for%20example%2C%20to%20identify%20trends%2C%20and%20to%20train%20AI%20models)%20provided%20such%20use%20does%20not%20result%20in%20disclosure%20of%20Confidential%20Information%20to%20unauthorized%20third%20parties Ownership and Licenses https://www.hackerone.com/terms/community#:~:text=8.%20Ownership%20and%20Licenses I argued with an AI regarding HackerOne using Hacker reports to train PtaaS https://bugbounty.forum/post/183ff0fc-eb9e-47f8-991d-c0aa5b0bba71 HackerOne PTaaS (likely training their AI on private reports data) https://www.reddit.com/r/bugbounty/comments/1r5hixk/hackerone_ptaas_likely_training_their_ai_on/ What Makes Agentic PTaaS Different in Real Environments https://www.hackerone.com/blog/agentic-penetration-testing-as-a-service#:~:text=Our%20agents%20are,real%20enterprise%20constraints ====== Timestamps ====== (00:00:00) Introduction (00:08:44) HackerOne AI Terms of Service  (00:24:56) Agentic PTaaS (00:38:09) Selling data (00:43:49) Decrease in Bounties

    53 min

  8. FEB 12

    Episode 161: Cross-Consumer Attacks & DTMF Tone Exfil

    Episode 161: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gives us some quick hits regarding CSRF and Cross Consumer Attacks, and also touches on some breaking questions surrounding HackerOne Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater, rez0 and gr3pme on X:  https://x.com/Rhynorater https://x.com/rez0__ https://x.com/gr3pme Critical Research Lab: https://lab.ctbb.show/  ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch! Today's Sponsor: Join Justin at Zero Trust World in March and get $200 off registration with Code ZTWCTBB26 https://ztw.com/ ====== This Week in Bug Bounty ====== AS Watson https://app.intigriti.com/programs/aswatson/watsons/detail YesWeHack 2026 Report https://choose.yeswehack.com/bug-bounty-report-2026-trends-and-key-insights-yeswehack?utm_source=youtube&utm_medium=sponsor-critical-thinking&utm_campaign=yeswehack-report-2026  ====== Resources ====== PhoneLeak: Data Exfiltration in Gemini via Phone Call https://blog.starstrike.ai/posts/phoneleak-data-exfiltration-in-gemini-via-phone-call/ Max's Tweet about decreasing bounties https://x.com/0xw2w/status/2020788164378427483 HackerOne General Terms and Conditions https://www.hackerone.com/terms/general Research Review #-2: RCE in Google's AI code editor Antigravity (sudi) https://www.youtube.com/watch?v=JqvJSF2UMyY ====== Timestamps ====== (00:00:00) Introduction (00:03:26) YesWeHack 2026 Report (00:09:12) CSRF Realizations & Data Exfiltration in Gemini via Phone Call (00:14:38) 7urb0's Youtube, HackerOne decreasing bounties and Section    3.1 controversy. (00:19:06) Cross Consumer Attacks

    25 min
See All (168)

5
out of 5
55 Ratings

About

A "by Hackers for Hackers" podcast focused on technical content ranging from bug bounty tips, to write-up explanations, to the latest hacking techniques.

Information

  • Creator
    Justin Gardner (Rhynorater), Joseph Thacker (Rez0), & Brandyn Murtagh (gr3pme)
  • Years Active
    2023 - 2026
  • Episodes
    168
  • Rating
    Explicit
  • Copyright
    © Critical Thinking Podcast
  • Show Website
    Critical Thinking - Bug Bounty Podcast

You Might Also Like