Critical Thinking - Bug Bounty Podcast – Détails, épisodes et analyse

Détails du podcast

Informations techniques et générales issues du flux RSS du podcast.

Critical Thinking - Bug Bounty Podcast

Justin Gardner (Rhynorater) & Joseph Thacker (Rez0)

Technology

Fréquence : 1 épisode/7j. Total Éps: 123

A "by Hackers for Hackers" podcast focused on technical content ranging from bug bounty tips, to write-up explanations, to the latest hacking techniques.

Site

RSS

Apple

Classements récents

Dernières positions dans les classements Apple Podcasts et Spotify.

Apple Podcasts

🇨🇦 Canada - technology
27/05/2025
#82
🇫🇷 France - technology
23/05/2025
#99
🇨🇦 Canada - technology
25/04/2025
#90
🇨🇦 Canada - technology
24/04/2025
#99
🇫🇷 France - technology
27/03/2025
#78
🇬🇧 Grande Bretagne - technology
02/03/2025
#86
🇨🇦 Canada - technology
22/12/2024
#80
🇫🇷 France - technology
21/12/2024
#51
🇫🇷 France - technology
20/12/2024
#87
🇫🇷 France - technology
19/12/2024
#51

Spotify

Aucun classement récent disponible

Liens partagés entre épisodes et podcasts

Liens présents dans les descriptions d'épisodes et autres podcasts les utilisant également.

See all

https://notebooklm.google/
156 partages
https://ctbb.show/discord
147 partages
https://www.upliftdesk.com/
115 partages

https://twitter.com/rhynorater
194 partages
https://twitter.com/0xteknogeek
192 partages
https://twitter.com/realytcracker
105 partages

https://github.com/junegunn/fzf
11 partages
https://github.com/iphelix/dnschef
6 partages
https://github.com/AntonOsika/gpt-engineer
5 partages

Qualité et score du flux RSS

Évaluation technique de la qualité et de la structure du flux RSS.

See all

Qualité du flux RSS

À améliorer

Score global : 57%

Historique des publications

Répartition mensuelle des publications d'épisodes au fil des années.

Year

Episodes published by month in

Derniers épisodes publiés

Liste des épisodes récents, avec titres, durées et descriptions.

See all

Episode 94: Zendesk Fiasco & the CTBB Naughty List

Saison 1 · Épisode 94

jeudi 24 octobre 2024 • Durée 49:29

Episode 94: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel give their perspectives on the recent Zendesk fiasco and the ethical considerations surrounding it. They also highlight the launch of AuthzAI and some research from Ophion Security

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Today’s Sponsor - AssetNote. Listen to their podcast https://www.criticalthinkingpodcast.io/sspod

Resources:

New music drop from our Boi YT

https://x.com/realytcracker/status/1847599657569956099

AuthzAI

https://authzai.com/

Ron Chan

https://x.com/ngalongc

Misconfigured User Auth Leads to Customer Messages

https://www.ophionsecurity.com/post/live-chat-blog-1-misconfigured-user-auth-leads-to-customer-messages

Zendesk Write-up

https://gist.github.com/hackermondev/68ec8ed145fcee49d2f5e2b9d2cf2e52

Response from Zendesk

https://gist.github.com/hackermondev/68ec8ed145fcee49d2f5e2b9d2cf2e52?permalink_comment_id=5232589#gistcomment-5232589

Timestamps

(00:00:00) Introduction

(00:05:29) AuthzAI and the return of Ron Chan

(00:13:50) Ophion Security Research

(00:18:12) Zendesk Drama

Episode 93: A Chat with Dr. Bouman - Life as a Hacker and a Doctor

Saison 1 · Épisode 93

jeudi 17 octobre 2024 • Durée 01:41:29

Episode 93: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Dr. Jonathan Bouman to discuss his unique journey as both a Hacker and a Healthcare Professional. We talk through how he balances his dual careers, some ethical considerations of hacking in the context of healthcare, and highlight some experiences he’s had with Amazon's bug bounty program.

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Find the Hackernotes: https://blog.criticalthinkingpodcast.io/

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Today’s Sponsor - ThreatLocker. Checkout their ThreatLocker Detect! https://www.criticalthinkingpodcast.io/tl-detect

Today’s Guest - https://x.com/jonathanbouman?lang=en

Resources

Anyone can Access Deleted and Private Repository Data on GitHub

Filesender Github

Remote Code execution at ws1.aholdusa .com

APK-MITM

Hacking Dutch healthcare system

Fitness Youtube Channels

https://www.youtube.com/channel/UCpQ34afVgk8cRQBjSJ1xuJQ

https://www.youtube.com/@BullyJuice

Timestamps

(00:00:00) Introduction

(00:07:28) Medicine and Hacking

(00:19:36) Hacking on Amazon

(00:34:33) Collaboration and consistency

(00:44:13) SSTI Methodology

(01:06:10) iOS Hacking Methodology

(01:13:23) Hacking Healthcare

(01:32:19) Health tips for hacking

Episode 84: 0xLupin & Takeaways from Google's Las Vegas BugSwat

Saison 1 · Épisode 84

jeudi 15 août 2024 • Durée 27:15

Episode 84: In this episode of Critical Thinking - Bug Bounty Podcast, Justin is joined by Roni Carta (@0xLupin) to discuss their MVH win at the recent Google LHE, and share some technical observations they had with the target and the event.

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Find the Hackernotes: https://blog.criticalthinkingpodcast.io/

Follow your hosts Rhynorater & Teknogeek on twitter:

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Today’s Guest: https://x.com/0xLupin

Today’s Sponsor - ThreatLocker

Timestamps:

(00:00:00) Introduction

(00:02:12) MHV Debrief

(00:09:05) Sandboxes and Comfort Zones

(00:13:24) SDKs and Legal Compliance

(00:19:29) Age of Target and Platform-Exclusive Hunters

Episode 83: Brainstorming Proxy Plugins

Saison 1 · Épisode 83

jeudi 8 août 2024 • Durée 54:50

Episode 83: In this episode of Critical Thinking - Bug Bounty Podcast Joel and Justin are brainstorming new features and improvements for Caido, such as the implementation of a 403 bypassing workflow, a text expander, Tracing Cookies, and more.

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Today’s Sponsor - ThreatLocker

Resources:

Post from Gareth Heyes

https://x.com/garethheyes/status/1811084674988474417

Wiki List of XML and HTML

https://en.wikipedia.org/wiki/List_of_XML_and_HTML_character_entity_references#List_of_character_entity_references_in_HTML

HackerOne Leaderboard Changes

https://x.com/scarybeasts/status/1810813103354892666

Espanso

https://espanso.org/

Critical Thinkers Discord

ctbb.show/criticalthinkers

Oauth Scan

https://portswigger.net/bappstore/8ef2db1173e8432c8797831c2e730727

Timestamps:

(00:00:00) Introduction

(00:03:12) News

(00:13:20) Into the Brainstorm

(00:13:41) 403 Bypasser

(00:20:34) "Expaido"

(00:31:34) Trace Cookies

(00:42:01) Highlight Decoding Expansion and AI integrations

(00:49:08) OAuth Testing, API Highlighter, and Note-taking

Episode 82: Part-Time Bug Bounty

Saison 1 · Épisode 82

jeudi 1 août 2024 • Durée 36:32

Episode 82: In this episode of Critical Thinking - Bug Bounty Podcast Joel Margolis discusses strategies and tips for part-time bug bounty hunting. He covers things like finding (and enforcing) balance, picking programs and goals, and streamlining your process to optimize productivity.

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Today’s Sponsor - ThreatLocker

Resources:

Evernote RCE Post

https://0reg.dev/blog/evernote-rce

ServiceNow Bug Chain

https://www.assetnote.io/resources/research/chaining-three-bugs-to-access-all-your-servicenow-data

Douglas Day's Talk on finding 'no's'

https://youtu.be/G1RHa7l1Ys4?si=TY16ULsEIfJ9CMKk

Timestamps:

(00:01:37) Introduction

(00:02:24) Evernote RCE Post

(00:06:47) AssetNote ServiceNow Bug Chain

(00:12:16) Part-Time Bug Bounty: Balance and Accountability

(00:18:04) Picking programs: Impact and Payout

(00:28:46) Streamline your process

Episode 81: Crushing Client-Side on Any Scope with MatanBer

Saison 1 · Épisode 81

jeudi 25 juillet 2024 • Durée 02:04:48

Episode 81: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by MatanBer to go over some recent bug reports, as well as share some tips and tricks on client-side hacking and using DevTools effectively.

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Today’s Sponsor - ThreatLocker

Today’s Guest: https://x.com/MtnBer

Resources:

Beyond XSS

https://aszx87410.github.io/beyond-xss/en/

Web VSCode XSS

https://gitlab.com/gitlab-org/gitlab/-/issues/461328

Timestamps

(00:00:00) Introduction

(00:05:24) Learning and Labs

(00:17:29) DevTools tips and tricks

(00:49:49) General Client-Side hacking tips

(01:09:59) Self-XSS Storytime

(01:32:16) Bug Reports

(01:46:37) Brainstorming a Client-side HUD

Episode 80: Pwn2Own VS H1 Live Hacking Event (feat SinSinology)

Saison 1 · Épisode 80

jeudi 18 juillet 2024 • Durée 02:49:26

Episode 80: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by Sina Kheirkhah to talk about the start of his hacking journey and explore the differences between the Pwn2Own and HackerOne Events

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Today’s Sponsor - ThreatLocker

Today’s Guest: https://x.com/SinSinology

Blog: https://sinsinology.medium.com/

Resources:

WhatsUp Gold Pre-Auth RCE

Advanced .NET Exploitation Training

Alex Plaskett interview

TippingPoint

Flashback Team

Timestamps:

(00:00:00) Introduction

(00:12:45) Learning, Mentorship, and Failure

(00:29:34) Pentesting and Pwn2Own

(00:40:05) Hacking methodology

(01:01:57) Debuggers and shells in IoT Devices

(01:35:40) Differences between ZDI and HackerOne

(02:02:27) Pwn2Own Steps and Stories

(02:14:06) Master of Pwn Title

(02:29:54) Bug reports

Episode 79: The State of CSS Injection - Leaking Text Nodes & HTML Attributes

Saison 1 · Épisode 79

jeudi 11 juillet 2024 • Durée 01:10:25

Episode 79: In this episode of Critical Thinking - Bug Bounty Podcast we deepdive CSS injection, and explore topics like sequential import chaining, font ligatures, and attribute exfiltration.

Send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Resources:

SpaceRaccoon's Universal Code Execution Extensions

Escalating Client Side Path Traversal

Full-time Bug Bounty Blueprint

Sequential Import Chaining

CSS Exfiltation

Link that Justin was talking about

Font Ligatures

Lava Dome bypass

Stealing Data in Great Style

Steal Script Contents

Masato Kinugawa's tweet

Attacking with Just CSS

CSS Injection Primitives

Timestamps:

(00:00:00) Introduction

(00:02:32) Universal Code Execution

(00:11:32) Escalating Client Side Path Traversal

(00:16:56) Justin's Defcon talk & Bug Bounty Blueprint

(00:23:32) CSS Injection

(00:39:23) Font Ligatures

(00:54:30) Descent Override and display:block

Episode 78: Less Writing, More Hacking - Reporting Efficiency Techniques

Saison 1 · Épisode 78

jeudi 4 juillet 2024 • Durée 01:06:25

Episode 78: In this episode of Critical Thinking - Bug Bounty Podcast we’re talking about writing reports. We share some tips that we’ve learned, and discuss ways that AI can (and can’t) help with that process. We also talk about the benefit of using tools like Fabric, Loom, and ShareX.

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Today’s Sponsor - ThreatLocker

Resources:

XSS WAF Bypass by multi-char HTML entities

Shazzer

Next.js and cache poisoning

Nagli's Nuclei Template

hey why can't you fix this one bug

Justin's reporting templating software

Fabric

BB Report Formatter

2to3 Automated Python Converter

ShareX

Skitch

Timestamps:

(00:00:00) Introduction

(00:04:00) XSS WAF Bypass by Multi-char HTML Entities

(00:11:59) Next.js and Cache Poisoning

(00:18:03) Nagli's Nuclei Template and Sean Yeoh's Blog

(00:27:34) Report Writing and AI

(00:50:02) Reporting tips

Episode 77: Bug Bounty Mental - Practical Tips for Staying Sharp & Motivated

Saison 1 · Épisode 77

jeudi 27 juin 2024 • Durée 01:50:26

Episode 77: In this episode of Critical Thinking - Bug Bounty Podcast Joel and Justin discuss some fresh writeups including some MongoDB injections, ORMs, and exploits in Kakao and iOS before pivoting into a conversation about staying motivated and avoiding burnout while hunting.

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Resources:

MongoDB NoSQL Injection

https://soroush.me/blog/2024/06/mongodb-nosql-injection-with-aggregation-pipelines/

Mongo DB Is Web Scale

https://www.youtube.com/watch?v=b2F-DItXtZs

1-click Exploit in Kakao

https://stulle123.github.io/posts/kakaotalk-account-takeover/

Unsecure time-based secret and Sandwich Attack

https://www.aeth.cc/public/Article-Reset-Tolkien/secret-time-based-article-en.html

Reset Tolkien

https://github.com/AethliosIK/reset-tolkien

iOS URL Scheme Hijacking Revamped

https://evanconnelly.github.io/post/ios-oauth/

PLORMBING YOUR DJANGO ORM

https://www.elttam.com/blog/plormbing-your-django-orm/#content

Timestamps:

(00:00:00) Introduction

(00:02:07) MongoDB NoSQL Injection

(00:12:42) 1-click Exploit in Kakao

(00:33:21) Time-based secrets and Reset Tolkien

(00:39:26) iOS URL Scheme Hijacking Revamped

(00:51:42) ORMs

(00:58:57) Community Bug Submission

(01:07:45) Motivation, Mental Sharpness, and Burnout avoidance

Podcasts Similaires Basées sur le Contenu

Découvrez des podcasts liées à Critical Thinking - Bug Bounty Podcast. Explorez des podcasts avec des thèmes, sujets, et formats similaires. Ces similarités sont calculées grâce à des données tangibles, pas d'extrapolations !