Critical Thinking - Bug Bounty Podcast – Détails, épisodes et analyse
Détails du podcast
Informations techniques et générales issues du flux RSS du podcast.

Critical Thinking - Bug Bounty Podcast
Justin Gardner (Rhynorater), Joseph Thacker (Rez0), & Brandyn Murtagh (gr3pme)
Fréquence : 1 épisode/7j. Total Éps: 181

A "by Hackers for Hackers" podcast focused on technical content ranging from bug bounty tips, to write-up explanations, to the latest hacking techniques.
Classements récents
Dernières positions dans les classements Apple Podcasts et Spotify.
Apple Podcasts
Aucun classement récent disponible
Spotify
Aucun classement récent disponible
Liens partagés entre épisodes et podcasts
Liens présents dans les descriptions d'épisodes et autres podcasts les utilisant également.
See all- https://ctbb.show/discord
257 partages
- https://ctbb.show/merch
143 partages
- https://lab.ctbb.show/
49 partages
- https://twitter.com/rhynorater
193 partages
- https://twitter.com/0xteknogeek
191 partages
- https://twitter.com/realytcracker
161 partages
- https://github.com/iphelix/dnschef
6 partages
Qualité et score du flux RSS
Évaluation technique de la qualité et de la structure du flux RSS.
See allScore global : 62%
Historique des publications
Répartition mensuelle des publications d'épisodes au fil des années.
Episode 163: Best Technical Takeaways from Portswigger Top 10 2025
Saison 1 · Épisode 163
jeudi 26 février 2026 • Durée 01:08:23
Episode 163: In this episode of Critical Thinking - Bug Bounty Podcast It’s that time of year again! We’re looking at the Portswigger Research list of top 10 web hacking techniques of 2025.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
Critical Research Lab:
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
====== Resources ======
Parser Differentials: When Interpretation Becomes a Vulnerability
https://www.youtube.com/watch?v=Dq_KVLXzxH8
XSS-Leak: Leaking Cross-Origin Redirects
https://blog.babelo.xyz/posts/cross-site-subdomain-leak/
Playing with HTTP/2 CONNECT
https://blog.flomb.net/posts/http2connect/
Next.js, cache, and chains: the stale elixir
https://zhero-web-sec.github.io/research-and-things/nextjs-cache-and-chains-the-stale-elixir
SOAPwn: Pwning .NET Framework Apps Through HTTP Client Proxies And WSDL
https://watchtowr.com/wp-content/uploads/SOAPwnwatchtowr_soappwn-research-whitepaper_10-12-2025.pdf
Cross-Site ETag Length Leak
https://blog.arkark.dev/2025/12/26/etag-length-leak
Lost in Translation: Exploiting Unicode Normalization
https://www.youtube.com/watch?v=ETB2w-f3pM4
ORM Leaking More Than You Joined For
https://www.elttam.com/blog/leaking-more-than-you-joined-for/
Novel SSRF Technique Involving HTTP Redirect Loops
https://slcyber.io/research-center/novel-ssrf-technique-involving-http-redirect-loops/
Successful Errors: New Code Injection and SSTI Techniques
https://github.com/vladko312/Research_Successful_Errors
====== Timestamps ======
(00:00:00) Introduction
(00:02:33) Parser Differentials: When Interpretation Becomes a Vulnerability
(00:11:02) XSS-Leak: Leaking Cross-Origin Redirects
(00:18:25) Playing with HTTP/2 CONNECT
(00:22:10) Next.js, cache, and chains: the stale elixir
(00:29:15) SOAPwn: Pwning .NET Framework Apps Through HTTP Client Proxies And WSDL
(00:34:27) Cross-Site ETag Length Leak
(00:41:47) Lost in Translation: Exploiting Unicode Normalization
(00:47:27) ORM Leaking More Than You Joined For
(00:54:07) Novel SSRF Technique Involving HTTP Redirect Loops
(00:58:40) Successful Errors: New Code Injection and SSTI Techniques
Episode 162: HackerOne Training AI on Bug Bounty Data?
Saison 1 · Épisode 162
jeudi 19 février 2026 • Durée 53:22
Episode 162: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph sit down with HackerOne Founder & CTO Alex Rice to discuss concerns of Using Hacker Data for AI and decreasing bounties.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
Critical Research Lab:
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today's Sponsor: Join Justin at Zero Trust World in March and get $200 off registration with Code ZTWCTBB26
Today’s Guest: https://x.com/senorarroz
====== This Week in Bug Bounty ======
XML external entity: The ultimate Bug Bounty guide to exploiting XXE vulnerabilities
Bug Bounty Maturity Framework
https://bugbountymaturity.com/
====== Resources ======
Confidential Information and Confidentiality Obligations
Ownership and Licenses
https://www.hackerone.com/terms/community#:~:text=8.%20Ownership%20and%20Licenses
I argued with an AI regarding HackerOne using Hacker reports to train PtaaS
https://bugbounty.forum/post/183ff0fc-eb9e-47f8-991d-c0aa5b0bba71
HackerOne PTaaS (likely training their AI on private reports data)
https://www.reddit.com/r/bugbounty/comments/1r5hixk/hackerone_ptaas_likely_training_their_ai_on/
What Makes Agentic PTaaS Different in Real Environments
====== Timestamps ======
(00:00:00) Introduction
(00:08:44) HackerOne AI Terms of Service
(00:24:56) Agentic PTaaS
(00:38:09) Selling data
(00:43:49) Decrease in Bounties
Episode 153: Hacking the Robots of the Future: Hardware, AI, and Bug Bounties with Matt Brown
Saison 1 · Épisode 153
jeudi 18 décembre 2025 • Durée 01:16:50
Episode 153: In this episode of Critical Thinking - Bug Bounty Podcast Matt Brown returns to talk with us about hacking robots, IOT hackbots, and his Zero-to-Hero Hardware Hacking Guide.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today’s Guest: Matt Brown
====== Resources ======
KeeYees USB Logic Analyzer Device
Hardware Hacking Tutorial by Make Me Hack
UART and SPI firmware extraction
UART Root Shell on Linux Router
UART Shell Jail and Unlocked Bootloader
Chinese IP Camera Firmware Extraction
====== Timestamps ======
(00:00:00) Introduction
(00:01:22) Incremental Session Token Story and Matt Brown Intro
(00:10:42) Hardware Bug Bounty Scene & AI on Devices
(00:24:30) Hacking Human Robot
(00:41:33) Zero-to-Hero Hardware Hacking Guide
(01:01:47) IOT Hackbot
Episode 63: JHaddix Returns
Saison 1 · Épisode 63
jeudi 21 mars 2024 • Durée 01:21:35
Episode 63: In this episode of Critical Thinking - Bug Bounty Podcast we welcome back Jason Haddix (From Episode 12) to talk about some updates to his The Bug Hunter's Methodology, as well as his own personal life and hacking journey. We talk about the start of his new company, and then venture into topics such as using threat intelligence and buying credentials from the dark web, recon techniques, and ways to integrate AI into your workflow (or target list).
Follow us on twitter at: @ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
------ Ways to Support CTBBPodcast ------
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.
Today’s Guest:
Resources:
Dehashed
Flare
CSP Recon
https://github.com/edoardottt/csprecon
Timestamps:
(00:00:00) Introduction
(00:05:37) Updates to The Bug Hunter's Methodology
(00:14:46) Red Teaming
(00:21:29) Bug Bounty on the Dark Web
(00:36:19) FIS hunting
(00:47:59) New Recon Techniques
(00:58:32) AI integrations and bounties
Episode 62: Frontend Language Oddities
Saison 1 · Épisode 62
jeudi 14 mars 2024 • Durée 58:43
Episode 62: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel are back with some additional research resources that didn’t make the Portswigger Top-Ten, but that are worth looking at.
Follow us on twitter at: @ctbbpodcast
Feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Follow your hosts Rhynorater & Teknogeek on twitter:
------ Ways to Support CTBBPodcast ------
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.
Resources:
Cool HTML Shit
https://twitter.com/jcubic/status/1764311080661082201
https://twitter.com/encodeart/status/1764218128374943764
Bug bounty Hunting Journeys
https://twitter.com/ajxchapman/status/1762101366057525521
https://monkehacks.beehiiv.com/p/monkehacks-02
Deobfuscating/Unminifying Obfuscated Code
Abusing perspectives: https://hackerone.com/reports/2401115
PortSwigger CSS Exfiltration
https://github.com/PortSwigger/css-exfiltration
Timestamps:
(00:00:00) Introduction
(00:02:06) Cool HTML Shit
(00:15:31) Bug Bounty Journeys
(00:28:01) Yelp Cookie Bridge Bug
(00:37:56) Additional Research Resources
(00:46:34) CSS and abusing perspectives
Episode 61: A Hacker on Wall Street - JR0ch17
Saison 1 · Épisode 61
jeudi 7 mars 2024 • Durée 01:27:00
Episode 61: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by Jasmin Landry to share some stories about startup security, bug bounty, and the challenges of balancing both. He also shares his methodology for discovering OAuth-related bugs, highlights some differences between structured learning and self-teaching, and then walks us through a couple arbitrary ATO’s and SSTI to RCE bugs he’s found lately.
Follow us on twitter at: @ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
------ Ways to Support CTBBPodcast ------
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Today’s Guest: Jasmin Landry
Resources:
Dirty Dancing blog post
https://labs.detectify.com/writeups/account-hijacking-using-dirty-dancing-in-sign-in-oauth-flows/
OAuth 2.0 Threat Model and Security Considerations
https://datatracker.ietf.org/doc/html/rfc6819
OAuth 2.0 Security Best Current Practice
https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics
Timestamps:
(00:00:00) Introduction
(00:02:20) Meta Tag + DomPurify Bug
(00:09:36) Jasmin's Origin story
(00:28:23) Full time Bug bounty challenges
(00:36:57) Career jumps in Security and current Role
(00:47:32) OAuth Bug methodology and cool bug stories
(01:02:35) Social Engineering and Bug Bounty
(01:13:41) Arbitrary ATO bug
(01:19:41) SSTI to RCE bug
Episode 60: Our Take on PortSwigger's Top 10 Web Hacking Techniques of 2023
Saison 1 · Épisode 60
jeudi 29 février 2024 • Durée 01:24:37
Episode 60: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel review the Portswigger Research list of top 10 web hacking techniques of 2023.
Follow us on twitter at: @ctbbpodcast
Send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Follow your hosts Rhynorater & Teknogeek on twitter:
------ Ways to Support CTBBPodcast ------
Hop on the CTBB Discord
We also do Discord subs at $25, $10, $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Resources:
Top 10 web hacking techniques of 2023
5: HTTP Parsers Inconsistencies
7: How I Hacked Microsoft Teams
10: Hacking root EPP servers to take control of zones
Timestamps:
(00:00:00) Introduction
(00:04:26) 1: Smashing the state machine
(00:11:56) 8: From Akamai to F5 to NTLM... with love
(00:17:11) 3: SMTP Smuggling
(00:26:27) 4: PHP filter chains
(00:36:40) 5: HTTP Parsers Inconsistencies
(00:44:56) 6: HTTP Request Splitting
(00:53:43) 7: How I Hacked Microsoft Teams
(01:02:25) 9: Cookie Crumbles
(01:11:36) 10: EPP Server Takeover
Episode 59: Bug Bounty Gadget Hunting & Hacker's Intuition
Saison 1 · Épisode 59
jeudi 22 février 2024 • Durée 01:39:09
Episode 59: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel discuss the concept of gadgets and how they can be used to escalate the impact of vulnerabilities. We talk through things like HTML injection, image injection, CRLF injection, web cache deception, leaking window location, self-stored XSS, and much more.
Follow us on twitter at: @ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Follow your hosts Rhynorater & Teknogeek on twitter:
------ Ways to Support CTBBPodcast ------
Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Resources:
Timestamps:
(00:00:00) Introduction
(00:03:31) Caido's New Features
(00:15:20) Nahamcon News and 5 week Bootcamp and pentest opportunity
(00:19:54) HTML Injection, CSS Injection, and Clickjacking
(00:33:11) Image Injection
(00:37:19) Open Redirects, Client-side path traversal, and Client-side Open Redirect
(00:49:51) Leaking window.location.href
(00:57:15) Cookie refresh gadget
(01:01:40) Stored XXS
(01:09:01) CRLF Injection
(01:13:24) 'A Place To Stand' in GraphQL and ID Oracle
(01:18:23) Auth gadgets, Web Cache Deception, & LocalStorage poisoning
(01:27:46) Cookie Injection & Context Breaks
Episode 58: Youssef Sammouda - Client-Side & ATO War Stories
Saison 1 · Épisode 58
jeudi 15 février 2024 • Durée 01:54:51
Episode 58: In this episode of Critical Thinking - Bug Bounty Podcast we finally sit down with Youssef Samouda and grill him on his various techniques for finding and exploiting client-side bugs and postMessage vulnerabilities. He shares some crazy stories about race conditions, exploiting hash change events, and leveraging scroll to text fragments.
Follow us on twitter at: @ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
------ Ways to Support CTBBPodcast ------
Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Today’s Guest: https://twitter.com/samm0uda?lang=en
Resources:
Client-side race conditions with postMessage:
Transferable Objects
https://developer.mozilla.org/en-US/docs/Web/API/Web_Workers_API/Transferable_objects
Every known way to get references to windows, in javascript:
https://bluepnume.medium.com/every-known-way-to-get-references-to-windows-in-javascript-223778bede2d
Youssef’s interview with BBRE
https://www.youtube.com/watch?v=MXH1HqTFNm0
Timestamps:
(00:00:00) Introduction
(00:04:27) Client-side race conditions with postMessage
(00:18:12) On Hash Change Events and Scroll To Text Fragments
(00:32:00) Finding, documenting, and reporting complex bugs
(00:37:32) PostMessage Methodology
(00:45:05) Youssef's Vuln Story
(00:53:42) Where and how to look for ATO vulns
(01:05:21) MessagePort
(01:14:37) Window frame relationships
(01:20:24) Recon and JS monitoring
(01:37:03) Client-side routing
(01:48:05) MITMProxy
Episode 57: Technical breakdown from Miami Hacking Event - H1-305
Saison 1 · Épisode 57
jeudi 8 février 2024 • Durée 32:34
Episode 57: In this episode of Critical Thinking - Bug Bounty Podcast, Justin and Joel are live from Miami, and recap their experience and share takeaways from the live hacking event. They highlight the importance of paying attention to client-side routing and the growing bug class of client-side path traversal. They also discuss the challenges of knowing when to cut your losses and the value of tracking time and setting goals.
Follow us on twitter at: @ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
------ Ways to Support CTBBPodcast ------
Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Timestamps:
(00:00:00) Introduction
(00:03:50) Miami LHE Recap and Takeaways
(00:05:57) Keeping time and cutting losses.
(00:19:07) Roles and Goals
(00:23:33) OAuth
(00:28:52) HTML5 image to img Tip


