Critical Thinking - Bug Bounty Podcast

Justin Gardner (Rhynorater), Joseph Thacker (Rez0), & Brandyn Murtagh (gr3pme)

A "by Hackers for Hackers" podcast focused on technical content ranging from bug bounty tips, to write-up explanations, to the latest hacking techniques.

  1. 1h ago

    Episode 182: Partial Auth, Hackbot GraphQL, and AI's #1 Mission

    Episode 182: In this episode of Critical Thinking - Bug Bounty Podcast we talk about some recent bugs involving WPM, MCP, and a possible emerging bug class using Wayback. We also talk about some GraphQL Hackbot finds, and what AI’s #1 mission should be. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater, rez0 and gr3pme on X:  https://x.com/Rhynorater https://x.com/rez0__ https://x.com/gr3pme Critical Research Lab: https://lab.ctbb.show/  Need a Pentest? We just launched CTBB Pentests! https://pentest.ctbb.show/ Hack full time? Check out the Full-Time Hunter’s Guild! https://ctbb.show/fthg ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch! ====== This Week in Bug Bounty ====== LeHack 2026 Recap https://event.yeswehack.com/events/lehack-2026 Don’t eat the ChocoPoCs! How vulnerability researchers were repeatedly targeted by trojanised exploits https://www.yeswehack.com/fr/news/chocopocs-vulnerability-researchers-trojanised-exploits Navigating the AI Wave: How We're Keeping Security Research Meaningful https://www.hackerone.com/blog/ai-driven-report-volume-insights-and-actions ====== Resources ====== Caido Skills https://github.com/caido/skills/pull/22 Hunting For AWS Cognito Security Misconfigurations https://www.yassineaboukir.com/talks/NahamConEU2022.pdf X MCP https://docs.x.com/tools/mcp US South Summer Sessions: Hack the Heat https://h1.community/events/details/hackerone-us-south-hackerone-club-presents-us-south-summer-sessions-hack-the-heat/ ====== Timestamps ====== (00:00:00) Introduction (00:08:31) WPM Bug & Wayback to Guest Bearer (00:18:42) GraphQL Hackbot Finds, Fable Updates, & AI's #1 Mission (00:29:45) MCP, US South H1 Event, & AI Sandbox Escapes

    39 min
  2. Jul 2

    Episode 181: Bug Bounty Singularity

    Episode 181: In this episode of Critical Thinking - Bug Bounty Podcast Joseph and XSSDoctor talk about building a Hackbot. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater, rez0 and gr3pme on X:  https://x.com/Rhynorater https://x.com/rez0__ https://x.com/gr3pme Critical Research Lab: https://lab.ctbb.show/  Need a Pentest? We just launched CTBB Pentests! https://pentest.ctbb.show/ Hack full time? Check out the Full-Time Hunter’s Guild! https://ctbb.show/fthg ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch! Today's Sponsor: Check out Zero Trust Network Access: https://www.criticalthinkingpodcast.io/tl-ztna ====== Resources ====== Are bug bounties cooked? https://hakluke.com/are-bug-bounties-cooked We built a Hackbot https://josephthacker.com/hacking/2026/07/01/we-built-a-hackbot.html ====== Timestamps ====== (00:00:00) Introduction (00:07:22) Manual vs. AI Hacking (00:17:27) Building a Hackbot (00:23:53) Negatives of Hackbots (00:31:34) Logistics and Problems of Singularity  (00:46:21) Successes

    52 min
  3. Jun 25

    Episode 180: State of Bug Bounty Maturity Posture Report

    Episode 180: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Steve Hernandez, founder of the Bug Bounty Maturity Framework (BBMF), to walk us through the inaugural State of Bug Bounty Maturity Posture Report. We go through the scores and cover Asset Hygiene, Operational Signal, how to re-engage the relationship between trust and researcher participation. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater, rez0 and gr3pme on X:  https://x.com/Rhynorater https://x.com/rez0__ https://x.com/gr3pme Critical Research Lab: https://lab.ctbb.show/  Need a Pentest? We just launched CTBB Pentests! https://pentest.ctbb.show/ Hack full time? Check out the Full-Time Hunter’s Guild! https://ctbb.show/fthg ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch! Today’s Guest: https://x.com/SteveHernandezM Email Steve at info@bugbountymaturity.com Fill out this form to enter a Critical Thinkers raffle https://forms.ctbb.show/mdaz ====== Resources ====== State of Bug Bounty Maturity Posture https://bugbountymaturity.com/research/state-of-bug-bounty-maturity-posture-2026 Take the Bug Bounty Maturity Assessment https://bugbountymaturity.com/assessment AI Is Compressing the Bug Bounty Maturity Curve https://bugbountymaturity.com/research/ai-is-compressing-the-bug-bounty-maturity-curve ====== Timestamps ====== (00:00:00) Introduction (00:04:09) State of Bug Bounty Maturity Posture (00:22:33) Researcher Interface & Program Trust (00:44:38) Maturity Bands and Scoring  (01:08:19) AI Is Compressing the Bug Bounty Maturity Curve

    1h 13m
  4. Jun 18

    Episode 179: Maintaining Motivation in Post-AI Bug Bounty World

    Episode 179: In this episode of Critical Thinking - Bug Bounty Podcast we talk about how to stay motivated and keep the vibes strong during this trying time for Bug Bounty. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater, rez0 and gr3pme on X:  https://x.com/Rhynorater https://x.com/rez0__ https://x.com/gr3pme Critical Research Lab: https://lab.ctbb.show/  Need a Pentest? We just launched CTBB Pentests! https://pentest.ctbb.show/ Hack full time? Check out the Full-Time Hunter’s Guild! https://ctbb.show/fthg ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch! Today's Sponsor: Check out Zero Trust Cloud Access: https://www.threatlocker.com/capabilities/zero-trust-cloud-access ====== Timestamps ====== (00:00:00) Introduction (00:04:57) Managing Hacker Motivation (00:10:45) Community, Competition, & Curosity (00:16:54) Using AI with Passion (00:23:10) The LHE Method & Sharing Wins (00:28:01) Video POCs, Scripts, & Talking about Bugs (00:40:49) Watching your health & stopping mid-hack

    46 min
  5. Jun 4

    Episode 177: 2x Google RCE with VRP Legend Brutecat

    Episode 177: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by BruteCat to talk about his journey hacking Google Cloud, Gmail, Youtube, and Google Phone. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater, rez0 and gr3pme on X:  https://x.com/Rhynorater https://x.com/rez0__ https://x.com/gr3pme Critical Research Lab: https://lab.ctbb.show/  Need a Pentest? We just launched CTBB Pentests! https://pentest.ctbb.show/ Hack full time? Check out the Full-Time Hunter’s Guild! https://ctbb.show/fthg ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch! Today's Sponsor: Check out Zero Trust Cloud Access from ThreatLocker https://www.criticalthinkingpodcast.io/tl-ztca Today’s Guest: https://x.com/brutecat ====== Resources ====== StubZero: $148,337 RCE in Google Cloud Production https://brutecat.com/articles/google-cloud-rce/ Leaking the email of any YouTube user for $10,000 https://brutecat.com/articles/leaking-youtube-emails/ Disclosing YouTube Creator Emails for a $20k Bounty https://brutecat.com/articles/youtube-creator-emails/ Leaking the phone number of any Google user https://brutecat.com/articles/leaking-google-phones/ ====== Timestamps ====== (00:00:00) Introduction (00:29:14) 2nd RCE in Application Integration (00:39:55) BruteCat's Background & RCE Follow-up Questions (00:48:02) Google VRP and Youtube Bugs (01:10:17) Google Phone Leak (01:18:36) Discovery Docs and Episode 178 Teaser

    1h 25m
  6. May 28

    Episode 176: 600+ CVEs on Adobe AEM with Jim Green (GreenJam)

    Episode 176: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by top Adobe hacker Jim Green to deep-dive AEM. We talk through Sling selectors, Permissions, and how to spot AEM Red Flags. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater, rez0 and gr3pme on X:  https://x.com/Rhynorater https://x.com/rez0__ https://x.com/gr3pme Critical Research Lab: https://lab.ctbb.show/  Need a Pentest? We just launched CTBB Pentests! https://pentest.ctbb.show/ Hack full time? Check out the Full-Time Hunter’s Guild! https://ctbb.show/fthg ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch! Today’s Sponsor: Adobe. Earn more for AI bugs with Adobe’s new AI Tier! https://blog.adobe.com/security/adobe-expands-bug-bounty-program-to-incentivize-ai-security-research Also don’t forget to also grab a 10% bonus for valid AI vulnerabilities in Adobe Stock and Lightroom Web. Use code: CTBB063026 in your report. Expires June 30, 2026.  ====== This Week in Bug Bounty ====== Scaling Bug Bounty triage in the AI era (https://www.yeswehack.com/security-best-practices/scaling-bug-bounty-triage-ai) The AI impact: a triager’s perspective https://www.intigriti.com/blog/business-insights/the-ai-impact-a-triagers-perspective ====== Resources ====== Sling Selectors - The Key to Unlocking AEM's Attack Surface https://greenjam.co.uk/blog/sling-selectors/ Just a Moment CTF https://poc.greenjam.co.uk/just-a-moment.html General XSS jquery .text() https://poc.greenjam.co.uk/text-xss.html URL XXS Challenge https://poc.greenjam.co.uk/url-xss.html ====== Timestamps ====== (00:00:00) Introduction (00:04:35) Background and AEM Bug (00:17:40) Sling Selectors & the Tech Stack (00:38:14) Permissions & Apache Sling Resolution (01:01:37) The Bugs & AEM Red Flags (01:31:55) Moment in Time CTF (01:40:38) General XSS jquery .text() (01:45:45) URL XXS Challenge

    1h 51m
  7. May 21

    Episode 175: Rhyno’s Hackbot Setup, Sick Bugs, and ZDI Drama

    Episode 175: In this episode of Critical Thinking - Bug Bounty Podcast we’re comparing Hackbot setups and results. We also talk about some of the recent ZDI drama, as well as the importance of freaking beautiful POCs Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater, rez0 and gr3pme on X:  https://x.com/Rhynorater https://x.com/rez0__ https://x.com/gr3pme Critical Research Lab: https://lab.ctbb.show/  Need a Pentest? We just launched CTBB Pentests! https://pentest.ctbb.show/ Hack full time? Check out the Full-Time Hunter’s Guild! https://ctbb.show/fthg ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch! Today's Sponsor: Check out Zero Trust Cloud Access from ThreatLocker https://www.criticalthinkingpodcast.io/tl-ztca ====== Resources ====== Another day, another universal linux LPE https://x.com/v12sec/status/2054491454064746629 ZDI Drama https://x.com/ryotkak/status/2052881664909660521 Orange Tsai Bug on Edge https://x.com/thezdi/status/2054868495888777266 Chompie's Exploit in NV Container Toolkit https://x.com/chompie1337/status/2054882193055601140 GitHub Security April bug bounty stats https://x.com/GitHubSecurity/status/2054274356403138932 ====== Timestamps ====== (00:00:00) Introduction (00:02:14) q param prompt injection & Mobile CSPT (00:14:17) Admin API Key MegaCrit (00:17:13) Hackbots (00:37:10) Pretty POCs and ZDI Drama (00:44:48) GitHub Security April Stats

    50 min
5
out of 5
57 Ratings

About

A "by Hackers for Hackers" podcast focused on technical content ranging from bug bounty tips, to write-up explanations, to the latest hacking techniques.

You Might Also Like