Shows
Critical Thinking - Bug Bounty PodcastEpisode 128: New Research in Blind SSRF and Self-XSS, and How to Architect Source-code Review AI BotsEpisode 128: In this episode of Critical Thinking - Bug Bounty Podcast we talking Blind SSRF and Self-XSS, as well as Reversing massive minified JS with AI and a wild Google Logo Ligature BugFollow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__...2025-06-2658 minCritical Thinking - Bug Bounty PodcastEpisode 126: Hacking AI Series: Vulnus ex Machina - Part 3Episode 126: In this episode of Critical Thinking - Bug Bounty Podcast we wrap up Rez0’s AI miniseries ‘Vulnus Ex Machina’. Part 3 includes a showcase of AI Vulns that Rez0 himself has found, and how much they paid out.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps...2025-06-1238 minCritical Thinking - Bug Bounty PodcastEpisode 125: How to Win Live Hacking Events Episode 125: In this episode of Critical Thinking - Bug Bounty Podcast Justin shares insights on how to succeed at live hacking events. We cover pre-event preparations, challenges of collaboration, on-site strategies, and the importance of maintaining a healthy mindset throughout the entire process.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x...2025-06-0547 minCritical Thinking - Bug Bounty PodcastEpisode 124: Bug Bounty Lifestyle = Less Hacking Time?Episode 124: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph cover some news from around the community, hitting on Joseph’s Anthropic safety testing, Justin’s guest appearance on For Crying Out Cloud, and several fascinating tweets. Then they have a quick Full-time Bug Bounty check-in.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0...2025-05-2945 minCritical Thinking - Bug Bounty PodcastEpisode 123: Hacking AI Series: Vulnus ex Machina - Part 2Episode 123: In this episode of Critical Thinking - Bug Bounty Podcast we’re back with part 2 of Rez0’s miniseries. Today we talk about mastering Prompt Injection, taxonomy of impact, and both triggering traditional Vulns and exploiting AI-specific features.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter:https://x.com/Rhynoraterhttp...2025-05-2244 minCritical Thinking - Bug Bounty PodcastEpisode 122: We Won Google's AI Hacking Event in Tokyo - Main TakeawaysEpisode 122: In this episode of Critical Thinking - Bug Bounty Podcast your boys are MVH winners! First we’re joined by Zak, to discuss the Google LHE as well as surprising us with a bug of his own! Then, we sit down with Lupin and Monke for a winners roundtable and retrospective of the event.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Fo...2025-05-151h 45Critical Thinking - Bug Bounty PodcastEpisode 121: Slonser’s Image Injection 0-day -> ATO & New Caido Collab PluginEpisode 121: In this episode of Critical Thinking - Bug Bounty Podcast we cover so much news and research that we ran out of room in the description...Follow us on XShoutout to YTCracker for the awesome intro music!====== Links ======Follow Rhynorater and Rez0 on X:====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord!We also have hacker swag!====== This Week in Bug Bounty ======Hacker spotlight: RhynoraterUltra Mobile BB Program - Mobile AppsUltra Mobile...2025-05-0857 minCritical Thinking - Bug Bounty PodcastEpisode 120: SpaceRaccoon - From Day Zero to Zero DayEpisode 120: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner welcomes Eugene to talk (aka fanboy) about his new book, 'From Day Zero to Zero Day.' We walk through what to expect in each chapter, including Binary Analysis, Source and Sink Discovery, and Fuzzing everything.Then we give listeners a special deal on the book.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!2025-05-011h 36Critical Thinking - Bug Bounty PodcastEpisode 119: Abusing Iframes from a client-side hackerEpisode 119: In this episode of Critical Thinking - Bug Bounty Podcast Justin does a mini deep dive into the world of iframes, starting with why they’re significant, their attributes, and how to attack them.CORRECTION: Some of my comments on the latest episode of the pod were woefully inaccurate about the `csp` attribute of an iframe. Def should have read the spec more thoroughly. Please see the #corrections channel in Discord for the deets.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us...2025-04-1733 minCritical Thinking - Bug Bounty PodcastEpisode 118: Hacking Happy Hour: 0days on Tap and SQLi ShotsEpisode 118: In this episode of Critical Thinking - Bug Bounty Podcast we cover a host of news, including clientside tidbits, “Credentialless” iframes, prototype pollution, and what constitutes a polyglot in llms.txt.Follow us on XShoutout to YTCracker for the awesome intro music!====== Links ======Follow Rhynorater and Rez0 on X====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!You can also find some hacker swag!====== Resources ======p4fg passed 1 Million!/reports/:id.json...2025-04-1058 minCritical Thinking - Bug Bounty PodcastEpisode 117: Hacking AI Series: Vulnus ex Machina - Part 1Episode 117: In this episode of Critical Thinking - Bug Bounty Podcast Joseph introduces Vulus Ex Machina: A 3-part mini-series on hacking AI applications. In this part, he lays the groundwork and focuses on AI reconnaissance. Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__2025-04-0332 minCritical Thinking - Bug Bounty PodcastEpisode 116: Auth Bypasses and Google VRP WriteupsEpisode 116: In this episode of Critical Thinking - Bug Bounty Podcast Justin gives a quick rundown of Portswigger’s SAML Roulette writeup, as well as some Google VRP reports, and a Next.js middleware exploit.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__...2025-03-2726 minCritical Thinking - Bug Bounty PodcastEpisode 115: Mentee to Career Hacker - Mokusou (So Sakaguchi)Episode 115: In this episode of Critical Thinking - Bug Bounty Podcast Justin and So Sakaguchi sit down to walk through some recent bugs, before having a live mentorship session. They also talk about Reflector, and finish up by doing a bonus podcast segment in Japanese!Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to https://x.com/realytcracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on...2025-03-201h 40Critical Thinking - Bug Bounty PodcastEpisode 114: Single Page Application Hacking PlaybookEpisode 114: In this episode of Critical Thinking - Bug Bounty Podcast we’re diving into SPA and how to attack them.We also cover a host of news items, including some bug write-ups, AI updates, and a new tool called Hackadvisor.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynorater...2025-03-131h 22Critical Thinking - Bug Bounty PodcastEpisode 113: Best Technical Takeaways from Portswigger Top 10 2024Episode 113: In this episode of Critical Thinking - Bug Bounty Podcast we’re breaking down the Portswigger Top 10 from 2024. There’s some bangers in here!Follow us on X at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on X: ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord!We also do Discord subs at $25, $10, and $5 - pr...2025-03-061h 29Critical Thinking - Bug Bounty PodcastEpisode 112: Interview with Ciarán Cotter (MonkeHack) - Critical Lab Researcher and Full-time HunterEpisode 112: In this episode of Critical Thinking - Bug Bounty Podcast Joseph Thacker is joined by Ciarán Cotter (Monke) to share his bug hunting journey and give us the rundown on some recent client-side and server-side bugs. Then they discuss WebSockets, SaaS security, and cover some AI news including Grok 3, Nuclei -AI Flag, and some articles by Johann Rehberger.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!2025-02-271h 07Critical Thinking - Bug Bounty PodcastEpisode 111: How to Bypass DOMPurify in Bug Bounty with Kevin MizuEpisode 111: In this episode of Critical Thinking - Bug Bounty Podcast Justin interviews Kevin Mizu to showcase his knowledge regarding DOMPurify and its misconfigurations. We walk through some of Kevin’s research, highlighting things like Dangerous allow-lists and URI Attributes, DOMPurify hooks, node manipulation, and DOM Clobbering.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter:...2025-02-201h 49Critical Thinking - Bug Bounty PodcastEpisode 110: Oauth Gadget Correlation and Common AttacksEpisode 110: In this episode of Critical Thinking - Bug Bounty Podcast we hit some quick news items including a DOMPurify 3.2.3 Bypass, O3 mini updates, and a cool postLogger Chrome Extension. Then, we hone in on OAuth vulnerabilities, API keys, and innovative techniques hackers use to exploit these systems.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to https://x.com/realytcracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater...2025-02-1349 minCritical Thinking - Bug Bounty PodcastEpisode 109: Creative Recon - Alternative TechniquesEpisode 109: In this episode of Critical Thinking - Bug Bounty Podcast we start off with a quick recap of some of the DeepSeek Drama that’s been going down, and discuss AI in CAPTCHA and 2FA as well. Then we switch to cover some other news before settling in to talk about Alternative Recon TechniquesFollow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to https://x.com/realytcracker for the awesome intro music!====== Li...2025-02-061h 01Critical Thinking - Bug Bounty PodcastEpisode 108: How to Hack Salesforce, ServiceNow, and Other SaaS Products With Aaron CostelloEpisode 108: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph bring on Aaron Costello to discuss SaaS security and misconfigurations as a bug class. He also gives some in-depth examples from Salesforce, ServiceNow, and Power Pages.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to https://x.com/realytcracker for the awesome intro music!====== Links ======Follow your hosts on Twitter:https://x.com/Rhynorater2025-01-301h 31Critical Thinking - Bug Bounty PodcastEpisode 107: Bypassing Cross-Origin Browser HeadersEpisode 107: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph are tackling the subject of cross-origin security headers. They also cover some news items including Google’s OAuth login flaw, RAINK, and gift card hacking.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to https://x.com/realytcracker for the awesome intro music!====== Links ======Follow your hosts on Twitter:https://x.com/Rhynoraterht...2025-01-231h 06Critical Thinking - Bug Bounty PodcastEpisode 106: Announcing our new cohost...Episode 106: In this episode of Critical Thinking - Bug Bounty Podcast we are pleased to announce our new co-host of the podcast: Joseph Thacker Aka Rez0! We discuss Joseph's transition to full-time bug bounty hunting, his goals, and what he’s looking forward to bringing to the pod. We also cover some news items including doubleclickjacking, character set attacks, SVG XSS, and more.Follow us on twitter at: @ctbbpodcastFeel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------...2025-01-1658 minCritical Thinking - Bug Bounty PodcastEpisode 105: Best Critical Thinking Moments from 2024Episode 105: In this episode of Critical Thinking - Bug Bounty Podcast we're back with another Best-of episode recapping some of our top moments of 2024.Follow us on twitter at: @ctbbpodcastSsend us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Rez0 on twitter:https://x.com/Rhynoraterhttps://x.com/rez0__------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!2025-01-092h 17Critical Thinking - Bug Bounty PodcastEpisode 104: 2024 Hacker Stats & 2025 GoalsEpisode 104: In this episode of Critical Thinking - Bug Bounty Podcast Justin reflects upon the past year and walks through some of the bug bounty goals he had for 2024, and how he feels like he did. Then he sets some goals for 2025, as well as some exciting CT news for the coming year.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow...2025-01-0229 minCritical Thinking - Bug Bounty PodcastEpisode 102: Building Web Hacking Micro Agents with Jason HaddixEpisode 102: In this episode of Critical Thinking - Bug Bounty Podcast Justin grabs Jason Haddix to help brainstorm the concept of AI micro-agents in hacking, particularly in terms of web fuzzing, WAF bypasses, report writing, and more.They discuss the importance of contextual knowledge, the cost implications, and the strengths of different LLM Models.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------...2024-12-191h 02Critical Thinking - Bug Bounty PodcastEpisode 101: CTBB Hijacked: Rez0__ on AI Attack Vectors with Johann RehbergerEpisode 101: In this episode of Critical Thinking - Bug Bounty Podcast we’ve been hijacked! Rez0 takes control of this episode, and sits down with Johann Rehberger to discuss the intricacies of AI application vulnerabilities. They talk through the importance of understanding system prompts, and various obfuscation techniques used to bypass security measures, the best AI platforms, and the evolving landscape of AI security.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the aw...2024-12-1251 minCritical Thinking - Bug Bounty PodcastEp 100 - 8 Fav Bugs of 2024, Farewell Joel, Hello Shift - Cursor of HackingEpisode 100: In this episode of Critical Thinking - Bug Bounty Podcast we have a mixed bag. We celebrate 100 episodes of Critical Thinking, but also bid farewell to Joel, who will be leaving the show as a co-host, but returning as guest. Then we hear from a bunch of friends about their 'best bug of the year', before capping the episode with the announcement of a new AI tool we've been working on!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast...2024-12-051h 41Critical Thinking - Bug Bounty PodcastEpisode 99: Back to the Basics - Web Fundamental to 100k a Year in Bug Bounty Episode 99: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Roni dissect an old thread of Justin's talking about how best to start bug bounty with the goal of making $100k in the first year.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps...2024-11-281h 42Critical Thinking - Bug Bounty PodcastEpisode 98: Team 82 Sharon Brizinov - The Live Hacking PolymathEpisode 98: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner sits down with Sharon,to discuss his journey from early iOS development to leading a research team at Claroty. They address the differences between HackerOne and Pwn2Own, and talk through some intricacies of IoT security, and some less common IoT attack surfaces.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------2024-11-211h 43Critical Thinking - Bug Bounty PodcastEpisode 97: Bcrypt Hash Input Truncation & Mobile Device Threat ModelingEpisode 97: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel jump into some cool news items, including a recent Okta Bcrypt vulnerability, insights into crypto bugs, and some intricacies of Android and Chrome security. They also explore the latest research from Portswigger on payload concealment techniques, and the introduction of the Lightyear tool for PHP exploits.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!2024-11-1453 minCritical Thinking - Bug Bounty PodcastEpisode 95: Attacking Chrome Extensions with MatanBer - Big Impact on the Client-SideEpisode 95: In this episode of Critical Thinking - Bug Bounty Podcast In this episode, Justin is joined by MatanBer to delve into the intricacies of browser extensions. We talk about the structure and threat models, and cover things like service workers, extension pages, and isolated worlds.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:2024-10-311h 56Critical Thinking - Bug Bounty PodcastEpisode 94: Zendesk Fiasco & the CTBB Naughty ListEpisode 94: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel give their perspectives on the recent Zendesk fiasco and the ethical considerations surrounding it. They also highlight the launch of AuthzAI and some research from Ophion SecurityFollow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeek2024-10-2449 minCritical Thinking - Bug Bounty PodcastEpisode 92 - SAML XPath Confusion, Chinese DNS Poisoning, and AI Powered 403 BypasserEpisode 92: In this episode of Critical Thinking - Bug Bounty Podcast In this episode Justin and Joel tackle a host of new research and write-ups, including Ruby SAML, 0-Click exploits in MediaTek Wi-Fi, and Vulnerabilities caused by The Great FirewallFollow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Find the Hackernotes: https://blog.criticalthinkingpodcast.io/Follow your hosts Rhynorater & Teknogeek...2024-10-1047 minCritical Thinking - Bug Bounty PodcastEpisode 91: Zero to LHE in 9 Months (feat gr3pme)Episode 91: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner sits down with Critical Thinking’s own HackerNotes writer Brandyn Murtagh (gr3pme) to talk about his journey with Bug Bounty. We cover mentorship, networking and LHEs, ecosystem hacking, emotional regulation, and the need for self-care. Then we wrap up with some fun bugs.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links...2024-10-031h 22Critical Thinking - Bug Bounty PodcastEpisode 90: 5k Clickjacking, Encryption Oracles, and Cursor for PoCsEpisode 90: In this episode of Critical Thinking - Bug Bounty Podcast Joel and Justin recap some of their recent hacking ups and downs and have a lively chat about Cursor. Then they cover some some research about SQL Injections, Clickjacking in Google Docs, and how to steal your Telegram account in 10 seconds.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Find the...2024-09-2651 minCritical Thinking - Bug Bounty PodcastEpisode 88: News, Tools, and WriteupsEpisode 88: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel tackle a whole slate of new research including a new cheat sheet for URL validation bypass from Portswigger, the introduction of Sanic DNS as a high-speed DNS resolver, xsstools, and the Dockerization of Orange Confusion Attacks. Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Find the Hackernotes: https...2024-09-121h 06Critical Thinking - Bug Bounty PodcastEpisode 87: 'Hacker Wife' Mariah Gardner on Bug Bounty mentality and relationshipsEpisode 87: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with none other than his wife Mariah to talk about Bug Bounty from the perspective of a Significant Other. They share how they’ve traversed travel and Live Hacking Events, household chores, hobbies, goals, rewards, as well as how best to encourage and support the hacker/non-hacker in your life.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the aw...2024-09-051h 26Critical Thinking - Bug Bounty PodcastEpisode 86: The X-Correlation between Frans & RCE - Research DropEpisode 86: In this episode of Critical Thinking - Bug Bounty Podcast Frans blows Justin’s mind with a sneak peak of his new presentation. Note: This is a little different from our normal episode, and video is recommended. So head over to ctbb.show/yt if you feel like you’re missing something.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Find the...2024-08-2942 minCritical Thinking - Bug Bounty PodcastEpisode 85: Practical Applications of DEFCON 32 Web ResearchEpisode 85: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel talk through some of the research coming out of DEFCON, mainly from the PortSwigger team. Web timing attacks, cache exploitation, and exploits related to email protocols are all featured. Plus we also talk some fun Apache hacks from Orange TsaiFollow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------...2024-08-221h 30Critical Thinking - Bug Bounty PodcastEpisode 83: Brainstorming Proxy PluginsEpisode 83: In this episode of Critical Thinking - Bug Bounty Podcast Joel and Justin are brainstorming new features and improvements for Caido, such as the implementation of a 403 bypassing workflow, a text expander, Tracing Cookies, and more.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter...2024-08-0854 minCritical Thinking - Bug Bounty PodcastEpisode 81: Crushing Client-Side on Any Scope with MatanBerEpisode 81: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by MatanBer to go over some recent bug reports, as well as share some tips and tricks on client-side hacking and using DevTools effectively.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps...2024-07-252h 04Critical Thinking - Bug Bounty PodcastEpisode 80: Pwn2Own VS H1 Live Hacking Event (feat SinSinology)Episode 80: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by Sina Kheirkhah to talk about the start of his hacking journey and explore the differences between the Pwn2Own and HackerOne EventsFollow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter...2024-07-182h 49Critical Thinking - Bug Bounty PodcastEpisode 79: The State of CSS Injection - Leaking Text Nodes & HTML AttributesEpisode 79: In this episode of Critical Thinking - Bug Bounty Podcast we deepdive CSS injection, and explore topics like sequential import chaining, font ligatures, and attribute exfiltration.Follow us on twitter at: @ctbbpodcastSend us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb...2024-07-111h 10Critical Thinking - Bug Bounty PodcastEpisode 77: Bug Bounty Mental - Practical Tips for Staying Sharp & MotivatedEpisode 77: In this episode of Critical Thinking - Bug Bounty Podcast Joel and Justin discuss some fresh writeups including some MongoDB injections, ORMs, and exploits in Kakao and iOS before pivoting into a conversation about staying motivated and avoiding burnout while hunting.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0...2024-06-271h 50Critical Thinking - Bug Bounty PodcastEpisode 75: *Rerun* of The OG Bug Bounty King - Frans RosenEpisode 75: In this episode of Critical Thinking - Bug Bounty Podcast, Justin and Joel are sick, So instead of a new full episode, we're going back 30 episodes to review.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support...2024-06-132h 44Critical Thinking - Bug Bounty PodcastEpisode 74: Supply Chain Attack Primer - Popping RCE Without an HTTP Request (feat 0xLupin)Episode 74: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Roni "Lupin" Carta for a deep dive into supply chain attacks and dependency confusion. We explore the supply chain attacks, the ethical considerations surrounding maintainers and hosting packages on public registries, and chat about the vision and uses of his new tool Depi.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!...2024-06-061h 38Critical Thinking - Bug Bounty PodcastEpisode 72: Research TLDRs & Smuggling Payloads in Well Known Data TypesEpisode 72: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel discuss some hot research from the past couple months. This includes ways to smuggle payloads in phone numbers and IPv6 Addresses, the NextJS SSRF, the PDF.JS PoC drop, and a GitHub Enterprise Indirect Method Information bug. Also, we have an attack vector featured from Monke!Follow us on twitter at: @ctbbpodcastShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:------ Ways to Support CTBBPodcast...2024-05-2352 minCritical Thinking - Bug Bounty PodcastEpisode 66: CDN-CGI Research, Intent To Ship, and Louis VuittonEpisode 66: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel discuss the recent YesWeHack Louis Vuitton LHE, the importance of failure as growth in bug bounty, and Justin shares his research on CDN CGI.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps...2024-04-1158 minCritical Thinking - Bug Bounty PodcastEpisode 64: .NET Remoting, CDN Attack Surface, and Recon vs Main App Episode 64: In this episode of Critical Thinking - Bug Bounty Podcast we talk about Justin and Joel delve into .NET remoting and how it can be exploited, a recent bypass in the Dom Purify library and some interesting functionality in the Cloudflare CDN-CGI endpoint. They also touch on the importance of collaboration and knowledge sharing, JavaScript Deobfuscation, the value of impactful POCs, hiding XSS payloads with URL path updates.Follow us on twitter at: @ctbbpodcastsend us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!...2024-03-281h 08Critical Thinking - Bug Bounty PodcastEpisode 61: A Hacker on Wall Street - JR0ch17Episode 61: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by Jasmin Landry to share some stories about startup security, bug bounty, and the challenges of balancing both. He also shares his methodology for discovering OAuth-related bugs, highlights some differences between structured learning and self-teaching, and then walks us through a couple arbitrary ATO’s and SSTI to RCE bugs he’s found lately.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to Y...2024-03-071h 27Critical Thinking - Bug Bounty PodcastEpisode 57: Technical breakdown from Miami Hacking Event - H1-305Episode 57: In this episode of Critical Thinking - Bug Bounty Podcast, Justin and Joel are live from Miami, and recap their experience and share takeaways from the live hacking event. They highlight the importance of paying attention to client-side routing and the growing bug class of client-side path traversal. They also discuss the challenges of knowing when to cut your losses and the value of tracking time and setting goals. Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io2024-02-0832 minCritical Thinking - Bug Bounty PodcastEpisode 56: Using Data Science to win Bug Bounty - Mayonaise (aka Jon Colston)Episode 56: Using Data Science to win Bug Bounty - Mayonaise (aka Jon Colston)Episode 56: In this episode of Critical Thinking - Bug Bounty Podcast, Justin sits down with Jon Colston to discuss how his background in digital marketing and data science has influenced his hunting methodology. We dive into subjects like data sources, automation, working backwards from vulnerabilities, applying conversion funnels to bug bounty, and the mayonaise signature 'Mother of All Bugs' Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: i...2024-02-011h 47Critical Thinking - Bug Bounty PodcastEpisode 54: White Box Formulas - Vulnerable Coding PatternsEpisode 54: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel are back with news items and new projects. Joel shares about his personal scraping project to gather data on bug bounty programs and distribution Next, they announce the launch of HackerNotes, a podcast companion that will summarize the main technical points of each episode. They also discuss a recent GitLab CVE and an invisible prompt injection, before diving into a discussion (or debate) about vulnerable code patterns.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel...2024-01-181h 12Critical Thinking - Bug Bounty PodcastEpisode 51: Hacker Stats 2023 & 2024 GoalsEpisode 51: In this episode of Critical Thinking - Bug Bounty Podcast, Justin and Joel are back for the last episode of 2023. We discuss some noteworthy news items including a Hacker One Crit, Caido updates, and some Blind CSS. Then we dive into our own personal ‘Hackers Wrapped’ recap of the year, before laying out some goals for 2024.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links...2023-12-281h 21Critical Thinking - Bug Bounty PodcastEpisode 49: Getting Live Hacking Event Invites & Bug Bounty Collab with NagliEpisode 49: In this episode of Critical Thinking - Bug Bounty Podcast, Justin Gardner is once again joined by Nagli to discuss some of their recent hacking discoveries. They talk about finding and exploiting a backup file in an ASP.NET app, discovering vulnerabilities through Swagger files, and debating the vulnerability of a specific ‘undisclosed’ domain. Then they reflect on 2023’s Live Hacking Event circuit, and preview what’s to come in 2024’s.This episode sponsored by Wordfence! Wordfence recently launched a game-changer of a bug bounty program with ALL WordPress plugins over 50k installs are in-scope. They are curren...2023-12-1451 minCritical Thinking - Bug Bounty PodcastEpisode 47: CSP Research, Iframe Hopping, and Client-side ShenanigansEpisode 47: In this episode of Critical Thinking - Bug Bounty Podcast, the holidays are fast approaching, and Justin and Joel discuss some of the struggles of getting back into the hacking groove during and after breaks. We also celebrate the newly launched Critical Thinking Discord Community before diving into Iframe Sandwhiches, JS Hoisting, CSP Bypasses, and a host of new tools, techniques, and tangents.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the...2023-11-301h 31Critical Thinking - Bug Bounty PodcastEpisode 46: The SAML RambleEpisode 46: In this episode of Critical Thinking - Bug Bounty Podcast, Justin is deep diving the topic of SAML (Security Assertion Markup Language), and walks through what it is and why it can be intimidating, before going over some key attack vectors to look for. Then he closes out with a commentary on a sample payload, and some HackerOne reports.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!2023-11-2343 minCritical Thinking - Bug Bounty PodcastEpisode 44: URL Parsing & Auth Bypass MagicEpisode 44: In this episode of Critical Thinking - Bug Bounty Podcast, the topic is URL structure, and Justin and Joel break down the elements that make up a URL and some common tips and tricks surrounding them which allow for all sorts of bypasses. We also round out the episode with some new tools, ato stories, and some controversial current events in the hacker scene.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for...2023-11-091h 11Critical Thinking - Bug Bounty PodcastEpisode 42: Renniepak Interview & Intigriti LHE RecapEpisode 42: In this episode of Critical Thinking - Bug Bounty Podcast, we're live from a hacking event in Portugal, and joined by the extremely talented René de Sain! He helps us cover a host of topics like NFT, XSS, LHE, and tips for success. We also talk about the correlation between creativity and hacking, shared workspaces, and last but certainly not least, hacker tattoos.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the a...2023-10-2659 minCritical Thinking - Bug Bounty PodcastEpisode 41: Mini Masterclass: Attack Vector IdeationEpisode 41: In this episode of Critical Thinking - Bug Bounty Podcast, Justin takes a break from his busy travel schedule to walk us through a few of his Attack Vector formulation strategies. We’re keeping this one short and sweet, so it can be better used as a reference when looking for new vectors.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Fo...2023-10-1917 minCritical Thinking - Bug Bounty PodcastEpisode 40: Bug Bounty MentoringEpisode 40: In this episode of Critical Thinking - Bug Bounty Podcast, it’s all about mentorships! Justin sits down with Kodai and So, two hackers he helped mentor, to discuss what worked and what didn’t. We talk about the importance of mentorship, what mentors might look for in a candidate, the challenges of transitioning from being mentored to self-education, and the necessity of continuous learning in this ever-evolving field that is bug bounty. This episode is a treasure trove of insights, and if you’re interested in either side of the mentorship coin, you won’t want to miss it...2023-10-121h 31Critical Thinking - Bug Bounty PodcastEpisode 39: The Art of ArchitecturesEpisode 39: In this episode of Critical Thinking - Bug Bounty Podcast, We're catching up on news, including new override updates from Chrome, GPT-4, SAML presentations, and even a shoutout from Live Overflow! Then we get busy laying the groundwork on a discussion of web architecture. better get started on this one, cause we're going to need a part two!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!...2023-10-051h 21Critical Thinking - Bug Bounty PodcastEpisode 38: Mobile Hacking Maestro: Sergey ToshinEpisode 38: In this episode of Critical Thinking - Bug Bounty Podcast, we're thrilled to welcome mobile hacking maestro Sergey Toshin (aka @bagipro). We kick off with Sergey sharing his unexpected journey into mobile security, and how he rose to become the number one hacker in both Google Play Security and Samsung Bug Bounty programs. We then delve into the evolving perception of mobile bugs, a myriad of new and existing attack vectors, and discuss Sergey's creation of mobile security company Oversecured. You’re going to want to make time for this one!Follow us on twitter at: @ct...2023-09-2843 minCritical Thinking - Bug Bounty PodcastEpisode 37: Tokyo Hacking & Interview with 0xLupinEpisode 37: In this episode of Critical Thinking - Bug Bounty Podcast we're joined by none other than Lupin himself! We recap the Tokyo LHE and the lessons we learned from it before diving into his legendary journey into security research and bug bounty. We also talk collaboration of all kinds: pair hacking, joining a team, and starting a business together. We even touch on some great tools that can collaborate with each other! This was a fun one, and we don't want you to miss it!Follow us on twitter at: @ctbbpodcastWe're new to...2023-09-211h 15Critical Thinking - Bug Bounty PodcastEpisode 36: Bug Bounty Ethics & CT Exclusive Bug ReportsEpisode 36: In this episode of Critical Thinking - Bug Bounty Podcast, Justin and Joel take a break from LHE prep to answer questions about the ethics of bug bounty and share their recent bug finds. We talk Iframes, mobile intercept proxies, open redirects, and that time Justin got shot at…Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Te...2023-09-141h 03Critical Thinking - Bug Bounty PodcastEpisode 35: King of Collaboration: Douglas DayEpisode 35: In this episode of Critical Thinking - Bug Bounty Podcast, we're thrilled to welcome Douglas Day, a bug bounty hunter known for his unique methodologies and collaborative spirit. We talk about his approach to finding new endpoints in applications, his ingenious technique of exploiting Intercom widgets, and collaboration preferences and tips at LHEs. We also touch on the struggle of justifying hobbies that don't generate income and the importance of finding enjoyment in the process.We hope you enjoy this episode as much as we did!Follow us on twitter at: @ctbbpodcastWe're new...2023-09-071h 25Critical Thinking - Bug Bounty PodcastEpisode 34: Program vs Hacker DebateEpisode 34: In this episode of Critical Thinking - Bug Bounty Podcast, Justin and Joel have both beaten COVID and now square off against each other in a mega-debate representing hackers and program managers respectively. Among the topics included are Disclosures, Dupes, Zero-Day Policy, payouts, budgets, Triage and Retesting. So, if you want blood-pumping, insult-hurling opinion-invalidating debate…then maybe look somewhere else. But if a thought-provoking discussion about bug bounty is more your style, then take a seat and get ready!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to...2023-08-312h 10Critical Thinking - Bug Bounty PodcastEpisode 33: The Master of Hacker Show&Tell: Inti De CeukelaireEpisode 33: In this episode of Critical Thinking - Bug Bounty Podcast, we welcome Inti De Ceukelaire, a seasoned bug hunter known for his creative storytelling and impactful show-and-tell bugs…and let us tell you, his stories do not disappoint! From his bug bounty journey to some pretty wild hacks, Inti captivates us as only Inti can. We discuss the potential life-saving impact of bug bounty reports, especially in areas such as transportation and medical devices. We also cover hacker mentality, the benefits of objective-based challenges, and the need for collaboration and alignment within the bug bounty community. It’s a me...2023-08-241h 22Critical Thinking - Bug Bounty PodcastEpisode 32: The Great Write-up Low-downEpisode 32: In this episode of Critical Thinking - Bug Bounty Podcast, Joel caught a nasty bug (no, not that kind) so Justin is flying solo, and catches us up to speed on what's been happening in hacking news.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps...2023-08-171h 01Critical Thinking - Bug Bounty PodcastEpisode 31: Alex Chapman - The Man of Many CritsEpisode 31: In this episode of Critical Thinking - Bug Bounty Podcast, we're thrilled to be joined by Alex Chapman, a seasoned InfoSec hacker and bug bounty hunter. We kick off with Alex sharing his hacking journey, from a guest lecturer that inspired him, to working on internal Red Teams, to his transition to working with HackerOne, and finally as a bug bounty hunter focusing on searching out those few, high impact bugs. We also discuss the power of collaboration, the challenges of balancing hacking with other responsibilities, and the necessity of flexibility and taking breaks in bug bounty work...2023-08-101h 24Critical Thinking - Bug Bounty PodcastEpisode 30: Recon Legend Shubs - From Burgers to BountiesEpisode 30: In this episode of Critical Thinking - Bug Bounty Podcast, we're thrilled to be joined by renowned bug bounty hunter Shubs. We kick off with him sharing his journey from burgers to bugs, and how his friendly rivalry with a fellow hacker fueled his passion for reconnaissance, as well as his love of collaboration. We then shift gears to talk about the art of debugging, ethics and economics of bug bounty hunting, the transition to Entrepreneur, and the evolution of Assetnote from a reconnaissance tool to enterprise security software suite. This one’s a banger, and we don’t wa...2023-08-031h 19Critical Thinking - Bug Bounty PodcastEpisode 29: Live Episode with Sean Yeoh - Assetnote EngineerEpisode 29: In this episode of Critical Thinking - Bug Bounty Podcast sit down with Assetnote Engineer Sean Yeoh, and pick his brain about what he's learned on his development journey. We talk about the place and importance of message brokers, and which ones we like best, as well as his engineering philosophy regarding bottleneck prevention and the importance of pursuing optimization. Don't miss this episode of terrific technical tips!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io...2023-07-2759 minCritical Thinking - Bug Bounty PodcastEpisode 28: Surfin' with CSRFsEpisode 28: In this episode of Critical Thinking - Bug Bounty Podcast, the CSRF’s up, dude! We kick off with a debate about whether or not deep link vulns in mobile apps can be considered CSRF. We also talk browser extensions and tools like Hackbar, PwnFox, and JS Weasel, and Justin tries to invent a whole new vuln term. There’s plenty of good stuff here, so what are you waiting for? Jump on in!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here...2023-07-201h 18Critical Thinking - Bug Bounty PodcastEpisode 27: Top 7 Esoteric Web VulnerabilitiesEpisode 27: In this episode of Critical Thinking - Bug Bounty Podcast, we've switched places and now Joel is home while Justin is on the move. We break down seven esoteric web vulnerabilities, and talk Cookies, Config File Injections, Client-side path traversals and more. We also briefly discuss appliance hacking, new tools, and shout out some new talent in the hacking space. Don't miss this episode full of cool vulns, and experience Justin's vocal decline in real time.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us...2023-07-131h 20Critical Thinking - Bug Bounty PodcastEpisode 26: Client-side Quirks & Browser HacksIn this episode of Critical Thinking - Bug Bounty Podcast, we're back with Joel, fresh (haha) off of back-to-back live hack events in London and Seoul. We start with his recap of the events, and the different vibes of each LHE, then we dive into the technical thick of it, and talk web browsers, XSS vectors, new tools, CVSS 4, and much more than we can fit in this character limit. Just trust us when we say you don’t want to miss it!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so...2023-07-061h 33Critical Thinking - Bug Bounty PodcastEpisode 25: 2xMVH & Multi-million dollar hacker Inhibitor181Episode 25: In this episode of Critical Thinking - Bug Bounty Podcast we talk to Cosmin (@Inhibitor181), fresh off of winning his 2nd MVH! We chat about the time management and strategy of hacking Multi-Target LHEs, determining when to pivot, and how to find normalcy in bug bounty hunting and Live Hacking Events. We also touch on setting up Vuln Pipelines, creating mental models, and Cosmin's terrifying naming schemes. Don't miss this episode packed with both laughs and valuable insights for beginners and seasoned bug bounty hunters alike.Follow us on twitter at: @ctbbpodcastWe're new...2023-06-291h 11Critical Thinking - Bug Bounty PodcastEpisode 24: AI + Hacking with Daniel Miessler and Rez0Episode 24: In this episode of Critical Thinking - Bug Bounty Podcast, we chat with Daniel Miessler and Rez0 about the emergence and potential of AI in hacking. We cover AI shortcuts and command line tools, AI in code analysis and the use of AI agents, and even brainstorm about the possible opportunities that integrating AI into hacking tools like Caido and Burp might present. Don't miss this episode packed with valuable insights and cutting-edge strategies for both beginners and seasoned bug bounty hunters alike.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting...2023-06-221h 03Critical Thinking - Bug Bounty PodcastEpisode 23: Hacker LoadoutsEpisode 23: In this episode of Critical Thinking - Bug Bounty Podcast, we delve into a different aspect of hardware - Our personal loadouts. We go through the equipment and gear we use to get our jobs done, and share stories about why we picked what we have. We also touch on live hacking events, the growing acceptance of white hat hacking, and some pretty cool news going on in the hacker world. Don't miss this episode packed with tips and strategies for both beginners and seasoned hackers alike!Follow us on twitter at: @ctbbpodcastWe're...2023-06-151h 14Critical Thinking - Bug Bounty PodcastEpisode 22: Chipping Away at Hardware HackingEpisode 22: In this episode of Critical Thinking - Bug Bounty Podcast we talk about some basic/intermediate concepts related to Hardware Hacking. Specifically, we dive into extracting data from eMMC chips in order to get our hands on source code for IoT devices. Don't miss this episode packed with valuable insights, tips, and strategies for beginners and seasoned bug bounty hunters alike!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro...2023-06-081h 11Critical Thinking - Bug Bounty PodcastEpisode 22: Chipping Away at Hardware HackingEpisode 22: In this episode of Critical Thinking - Bug Bounty Podcast we talk about some basic/intermediate concepts related to Hardware Hacking. Specifically, we dive into extracting data from eMMC chips in order to get our hands on source code for IoT devices. Don't miss this episode packed with valuable insights, tips, and strategies for beginners and seasoned bug bounty hunters alike!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro...2023-06-081h 11Critical Thinking - Bug Bounty PodcastEpisode 21: Chill Chat with Legendary DoD Hacker Corben LeoIn this episode of Critical Thinking - Bug Bounty Podcast, we chat with Corben Leo about his journey in bug bounty hunting and ethical hacking. We discuss the state of DNS rebinding in 2023, a Twitter thread by Douglas Day (@ArchAngelDDay) on one-hundred bug bounty rules, and our own unique approaches to bug hunting. We also discuss Corben's recon-focused bug hunting methodology and how he developed it. Don't miss this episode filled with valuable tips, insights, and Corben's Boring Mattress Company.Follow us on twitter at: @ctbbpodcastGet on our newsletter for some exclusive content: https...2023-06-011h 13Critical Thinking - Bug Bounty PodcastEpisode 20: Hacker Brain Hacks - Overcoming Bug Bounty's Mental TollsEpisode 20: In this episode of Critical Thinking - Bug Bounty Podcast, we dive into the world of "hacker brain hacks'' and overcoming challenges in bug bounty hunting. We discuss custom word lists, the rising popularity of Caido as a potential Burp Suite replacement, and Cloudflared tunnels for hosting POCs. We also tackle the mental aspects of bug bounty hunting, from procrastination to imposter syndrome, and share tips for staying motivated and avoiding burnout. Don't miss this episode packed with valuable insights and advice for both beginners and seasoned bug bounty hunters!Follow us on twitter at: @ctbbpodcast2023-05-251h 06Critical Thinking - Bug Bounty PodcastEpisode 19: Audit Code, Earn Bounties (Part 2) + Zip-Snip, Sitecore, and more!Episode 19: In this episode of Critical Thinking - Bug Bounty Podcast we further discuss some tips and tricks for finding vulns once you’ve got source code and some banger tweets/tools that popped up in our feed this week. Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeek...2023-05-1853 minCritical Thinking - Bug Bounty PodcastEpisode 18: Audit Code, Earn BountiesEpisode 18: In this episode of Critical Thinking - Bug Bounty Podcast, we dive into everything source-code related: how to get source-code and what to do with it once you have. This episode is packed with great examples of successful source code review, tips on how to review code yourself, and the tools you'll need along the way.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links...2023-05-111h 06Critical Thinking - Bug Bounty PodcastEpisode 17: LA Live Chat with Five Legendary HackersEpisode 17: In this episode of Critical Thinking - Bug Bounty Podcast we talk with five legendary hackers about some of their favorite bugs. Live. From LA.Corben Leo “Lorben CEO” @hacker_Sam “ZLZ” “ZOZL” “The King” Curry @samwcyoFrans “The Legend” Rosen @fransrosenJonathan “Doc” Bouman @JonathanBoumanNagli…NagliNagli @naglinagliShoutout to Jonathan Bouman’s Mom!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to...2023-05-0447 minCritical Thinking - Bug Bounty PodcastEpisode 16: The Hacker's ToolkitEpisode 16: In this episode of Critical Thinking - Bug Bounty Podcast we talk about the hacker’s toolkit. Joel and Justin talk about their VPS setup, go-to hacking tools, most often used Linux commands, and the ways they duct tape all of these together for the big hacks.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your ho...2023-04-201h 17Critical Thinking - Bug Bounty PodcastEpisode 15: The Israeli Million-Dollar HackerEpisode 15: In this episode of Critical Thinking - Bug Bounty Podcast we talk with the latest Million-Dollar bug bounty hunter: @naglinagli . He talks about his climb from $1,000 in bounties to $1,000,000, recon tips and tricks, and some bug reports that made the news and landed him the "Best Bug" award at a H1 Live Hacking event.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------2023-04-131h 08Critical Thinking - Bug Bounty PodcastEpisode 14: Mobile Hacking Dynamic Analysis w/ Frida + Random Hacker StuffEpisode 14: In this episode of Critical Thinking - Bug Bounty Podcast we talk about Dynamic Analysis within Mobile Hacking and a bunch of random hacker stuff. It's a good time. Enjoy the pod.Follow us on Twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on Twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater...2023-04-061h 21Critical Thinking - Bug Bounty PodcastEpisode 13: How to Find a Good BBP + Acropalypse + ZDIEpisode 13: In this episode of Critical Thinking - Bug Bounty Podcast we talk about how to determine if a bug bounty program is good or not from the policy page. We also cover some news including Acropalypse, ZDI's Pwn2Own Competition, Node's Request library's SSRF Bypass, and a new scanning tool by JHaddix. Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow...2023-03-301h 16Critical Thinking - Bug Bounty PodcastEpisode 12: JHaddix on Hacker->Hacker CISO, OG Hacking Techniques, and Crazy ReportsEpisode 12: In this episode of Critical Thinking - Bug Bounty Podcast we talk with Jason Haddix about his eclectic hacking techniques, Hacker -> Hacker CISO life, and some crazy vulns he found. This episode is chock full of awesome tips so give it a good listen!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater...2023-03-231h 46Critical Thinking - Bug Bounty PodcastEpisode 11: CV$$, Web Cache Deception, and SSTIEpisode 11: In this episode of Critical Thinking - Bug Bounty Podcast we talk about CVSS (the good, the bad, and the ugly), Web Cache Deception (an underrated vuln class) and a sick SSTI Joel and Fisher found.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter...2023-03-161h 03Critical Thinking - Bug Bounty PodcastEpisode 10: The Life of a Full-Time Bug Bounty Hunter + BB News + Reports from MenteesEpisode 10: In this episode of Critical Thinking - Bug Bounty Podcast we talk about what its like to be a full-time bug bounty hunter, a tonne of bug bounty news, and some great report summaries from Justin’s two mentees: Kodai and Soma. Follow us on twitter at: https://twitter.com/ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:...2023-03-091h 16Critical Thinking - Bug Bounty PodcastEpisode 8: PostMessage Bugs, CSS Injection, and Bug DropsEpisode 8: In this episode of Critical Thinking - Bug Bounty Podcast we drop some critical bugs which leak raw credit card info. We also discuss some CSS Injection & PostMessage related techniques. It's a short one but a good one! Don't miss it!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0...2023-02-2235 minCritical Thinking - Bug Bounty PodcastEpisode 7: PortSwigger Top 10, TruffleSecurity Drama, and More!Episode 7: In this episode of Critical Thinking - Bug Bounty Podcast we talk about PortSwigger's Top 10 Web Hacking Techniques of 2022 (link below), some drama surrounding TruffleSecurity's XSS Hunter, and, as always, some great bug bounty tips.Sorry if the audio is a little rough around the edges this time, should be better than ever next time.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!...2023-02-1656 minCritical Thinking - Bug Bounty PodcastEpisode 6: Mobile Hacking Attack Vectors with Teknogeek (Joel Margolis)Episode 6: In this episode of Critical Thinking - Bug Bounty Podcast we sit down with mobile hacking legend Joel Margolis and get the scoop on his approach to popping bugs on Android.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterJoel’s...2023-02-091h 39Critical Thinking - Bug Bounty PodcastEpisode 4: H1-407 Event Madness & Takeaways Part 2 w/ Special Guest SpaceraccoonEpisode 4: In this episode of Critical Thinking - Bug Bounty Podcast we have part two of our series on the H1-407 HackerOne Live Hacking Event. This time, we have a special guest SpaceRaccoon (@spaceraccoonsec) talking about techniques and takeaways from the event.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter...2023-02-0245 minCritical Thinking - Bug Bounty PodcastEpisode 5: AI Security, Hacking WiFi, the New XSS Hunter, and moreEpisode 5: In this episode of Critical Thinking - Bug Bounty Podcast we talk about the new XSS Hunter, MD5 collisions and using ChatGPT for security, and much more!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterSave All Resources Chrome Extension...2023-02-0253 minCritical Thinking - Bug Bounty PodcastEpisode 3: H1-407 Event Madness & Takeaways Part 1Episode 3: In this episode of Critical Thinking - Bug Bounty Podcast we talk about some of the interesting things we’ve learned from participating in HackerOne's H1-407 Live Hacking event. We cover decompiling binaries in various different languages, Windows URI Handlers, Caido, and SameSite Lax + POST.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:...2023-01-2645 minCritical Thinking - Bug Bounty PodcastEpisode 2: Exploit Writing & Automation / Do you need to know how to program to hack?Episode 2: In this episode of Critical Thinking - Bug Bounty Podcast we talk about exploit writing/automation, some new tools released in the industry (Of-CORS), the age old question of "Do you have to know how to program to hack?", a walk-through of some very impactful bug bounty reports, and some tips and tricks for exploit writing.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links...2023-01-181h 14Critical Thinking - Bug Bounty PodcastEpisode 1: Introductions, Bug Bounty Reports, and BB TipsEpisode 1: In this episode of Critical Thinking - Bug Bounty Podcast, Joel Margolis (aka 0xteknogeek) and Justin Gardner (aka Rhynorater) cover introductions, a couple of cool bug bounty reports, and some really helpful BB Tips.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater2023-01-0955 min