Critical Thinking - Bug Bounty Podcast – Details, episodes & analysis
Podcast details
Technical and general information from the podcast's RSS feed.
Critical Thinking - Bug Bounty Podcast
Justin Gardner (Rhynorater) & Joseph Thacker (Rez0)
Frequency: 1 episode/7d. Total Eps: 123
A "by Hackers for Hackers" podcast focused on technical content ranging from bug bounty tips, to write-up explanations, to the latest hacking techniques.
Recent rankings
Latest chart positions across Apple Podcasts and Spotify rankings.
Apple Podcasts
🇨🇦 Canada - technology
27/05/2025#82🇫🇷 France - technology
23/05/2025#99🇨🇦 Canada - technology
25/04/2025#90🇨🇦 Canada - technology
24/04/2025#99🇫🇷 France - technology
27/03/2025#78🇬🇧 Great Britain - technology
02/03/2025#86🇨🇦 Canada - technology
22/12/2024#80🇫🇷 France - technology
21/12/2024#51🇫🇷 France - technology
20/12/2024#87🇫🇷 France - technology
19/12/2024#51
Spotify
No recent rankings available
Shared links between episodes and podcasts
Links found in episode descriptions and other podcasts that share them.
See all- https://notebooklm.google/
156 shares
- https://ctbb.show/discord
147 shares
- https://www.upliftdesk.com/
115 shares
- https://twitter.com/rhynorater
194 shares
- https://twitter.com/0xteknogeek
192 shares
- https://twitter.com/realytcracker
105 shares
RSS feed quality and score
Technical evaluation of the podcast's RSS feed quality and structure.
See allScore global : 57%
Publication history
Monthly episode publishing history over the past years.
Episode 94: Zendesk Fiasco & the CTBB Naughty List
Season 1 · Episode 94
jeudi 24 octobre 2024 • Duration 49:29
Episode 94: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel give their perspectives on the recent Zendesk fiasco and the ethical considerations surrounding it. They also highlight the launch of AuthzAI and some research from Ophion Security
Follow us on twitter at: @ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
------ Ways to Support CTBBPodcast ------
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Today’s Sponsor - AssetNote. Listen to their podcast https://www.criticalthinkingpodcast.io/sspod
Resources:
New music drop from our Boi YT
https://x.com/realytcracker/status/1847599657569956099
AuthzAI
Ron Chan
Misconfigured User Auth Leads to Customer Messages
Zendesk Write-up
https://gist.github.com/hackermondev/68ec8ed145fcee49d2f5e2b9d2cf2e52
Response from Zendesk
Timestamps
(00:00:00) Introduction
(00:05:29) AuthzAI and the return of Ron Chan
(00:13:50) Ophion Security Research
(00:18:12) Zendesk Drama
Episode 93: A Chat with Dr. Bouman - Life as a Hacker and a Doctor
Season 1 · Episode 93
jeudi 17 octobre 2024 • Duration 01:41:29
Episode 93: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Dr. Jonathan Bouman to discuss his unique journey as both a Hacker and a Healthcare Professional. We talk through how he balances his dual careers, some ethical considerations of hacking in the context of healthcare, and highlight some experiences he’s had with Amazon's bug bounty program.
Follow us on twitter at: @ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Find the Hackernotes: https://blog.criticalthinkingpodcast.io/
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
------ Ways to Support CTBBPodcast ------
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Today’s Sponsor - ThreatLocker. Checkout their ThreatLocker Detect! https://www.criticalthinkingpodcast.io/tl-detect
Today’s Guest - https://x.com/jonathanbouman?lang=en
Resources
Anyone can Access Deleted and Private Repository Data on GitHub
Remote Code execution at ws1.aholdusa .com
Hacking Dutch healthcare system
Fitness Youtube Channels
https://www.youtube.com/channel/UCpQ34afVgk8cRQBjSJ1xuJQ
https://www.youtube.com/@BullyJuice
Timestamps
(00:00:00) Introduction
(00:07:28) Medicine and Hacking
(00:19:36) Hacking on Amazon
(00:34:33) Collaboration and consistency
(00:44:13) SSTI Methodology
(01:06:10) iOS Hacking Methodology
(01:13:23) Hacking Healthcare
(01:32:19) Health tips for hacking
Episode 84: 0xLupin & Takeaways from Google's Las Vegas BugSwat
Season 1 · Episode 84
jeudi 15 août 2024 • Duration 27:15
Episode 84: In this episode of Critical Thinking - Bug Bounty Podcast, Justin is joined by Roni Carta (@0xLupin) to discuss their MVH win at the recent Google LHE, and share some technical observations they had with the target and the event.
Follow us on twitter at: @ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Find the Hackernotes: https://blog.criticalthinkingpodcast.io/
Follow your hosts Rhynorater & Teknogeek on twitter:
------ Ways to Support CTBBPodcast ------
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Today’s Guest: https://x.com/0xLupin
Today’s Sponsor - ThreatLocker
Timestamps:
(00:00:00) Introduction
(00:02:12) MHV Debrief
(00:09:05) Sandboxes and Comfort Zones
(00:13:24) SDKs and Legal Compliance
(00:19:29) Age of Target and Platform-Exclusive Hunters
Episode 83: Brainstorming Proxy Plugins
Season 1 · Episode 83
jeudi 8 août 2024 • Duration 54:50
Episode 83: In this episode of Critical Thinking - Bug Bounty Podcast Joel and Justin are brainstorming new features and improvements for Caido, such as the implementation of a 403 bypassing workflow, a text expander, Tracing Cookies, and more.
Follow us on twitter at: @ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
------ Ways to Support CTBBPodcast ------
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Today’s Sponsor - ThreatLocker
Resources:
Post from Gareth Heyes
https://x.com/garethheyes/status/1811084674988474417
Wiki List of XML and HTML
HackerOne Leaderboard Changes
https://x.com/scarybeasts/status/1810813103354892666
Espanso
Critical Thinkers Discord
Oauth Scan
https://portswigger.net/bappstore/8ef2db1173e8432c8797831c2e730727
Timestamps:
(00:00:00) Introduction
(00:03:12) News
(00:13:20) Into the Brainstorm
(00:13:41) 403 Bypasser
(00:20:34) "Expaido"
(00:31:34) Trace Cookies
(00:42:01) Highlight Decoding Expansion and AI integrations
(00:49:08) OAuth Testing, API Highlighter, and Note-taking
Episode 82: Part-Time Bug Bounty
Season 1 · Episode 82
jeudi 1 août 2024 • Duration 36:32
Episode 82: In this episode of Critical Thinking - Bug Bounty Podcast Joel Margolis discusses strategies and tips for part-time bug bounty hunting. He covers things like finding (and enforcing) balance, picking programs and goals, and streamlining your process to optimize productivity.
Follow us on twitter at: @ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
------ Ways to Support CTBBPodcast ------
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Today’s Sponsor - ThreatLocker
Resources:
Evernote RCE Post
https://0reg.dev/blog/evernote-rce
ServiceNow Bug Chain
https://www.assetnote.io/resources/research/chaining-three-bugs-to-access-all-your-servicenow-data
Douglas Day's Talk on finding 'no's'
https://youtu.be/G1RHa7l1Ys4?si=TY16ULsEIfJ9CMKk
Timestamps:
(00:01:37) Introduction
(00:02:24) Evernote RCE Post
(00:06:47) AssetNote ServiceNow Bug Chain
(00:12:16) Part-Time Bug Bounty: Balance and Accountability
(00:18:04) Picking programs: Impact and Payout
(00:28:46) Streamline your process
Episode 81: Crushing Client-Side on Any Scope with MatanBer
Season 1 · Episode 81
jeudi 25 juillet 2024 • Duration 02:04:48
Episode 81: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by MatanBer to go over some recent bug reports, as well as share some tips and tricks on client-side hacking and using DevTools effectively.
Follow us on twitter at: @ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
------ Ways to Support CTBBPodcast ------
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Today’s Sponsor - ThreatLocker
Today’s Guest: https://x.com/MtnBer
Resources:
Beyond XSS
https://aszx87410.github.io/beyond-xss/en/
Web VSCode XSS
https://gitlab.com/gitlab-org/gitlab/-/issues/461328
Timestamps
(00:00:00) Introduction
(00:05:24) Learning and Labs
(00:17:29) DevTools tips and tricks
(00:49:49) General Client-Side hacking tips
(01:09:59) Self-XSS Storytime
(01:32:16) Bug Reports
(01:46:37) Brainstorming a Client-side HUD
Episode 80: Pwn2Own VS H1 Live Hacking Event (feat SinSinology)
Season 1 · Episode 80
jeudi 18 juillet 2024 • Duration 02:49:26
Episode 80: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by Sina Kheirkhah to talk about the start of his hacking journey and explore the differences between the Pwn2Own and HackerOne Events
Follow us on twitter at: @ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
------ Ways to Support CTBBPodcast ------
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Today’s Sponsor - ThreatLocker
Today’s Guest: https://x.com/SinSinology
Blog: https://sinsinology.medium.com/
Resources:
Advanced .NET Exploitation Training
Timestamps:
(00:00:00) Introduction
(00:12:45) Learning, Mentorship, and Failure
(00:29:34) Pentesting and Pwn2Own
(00:40:05) Hacking methodology
(01:01:57) Debuggers and shells in IoT Devices
(01:35:40) Differences between ZDI and HackerOne
(02:02:27) Pwn2Own Steps and Stories
(02:14:06) Master of Pwn Title
(02:29:54) Bug reports
Episode 79: The State of CSS Injection - Leaking Text Nodes & HTML Attributes
Season 1 · Episode 79
jeudi 11 juillet 2024 • Duration 01:10:25
Episode 79: In this episode of Critical Thinking - Bug Bounty Podcast we deepdive CSS injection, and explore topics like sequential import chaining, font ligatures, and attribute exfiltration.
Follow us on twitter at: @ctbbpodcast
Send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
------ Ways to Support CTBBPodcast ------
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Resources:
SpaceRaccoon's Universal Code Execution Extensions
Escalating Client Side Path Traversal
Full-time Bug Bounty Blueprint
Link that Justin was talking about
Timestamps:
(00:00:00) Introduction
(00:02:32) Universal Code Execution
(00:11:32) Escalating Client Side Path Traversal
(00:16:56) Justin's Defcon talk & Bug Bounty Blueprint
(00:23:32) CSS Injection
(00:39:23) Font Ligatures
(00:54:30) Descent Override and display:block
Episode 78: Less Writing, More Hacking - Reporting Efficiency Techniques
Season 1 · Episode 78
jeudi 4 juillet 2024 • Duration 01:06:25
Episode 78: In this episode of Critical Thinking - Bug Bounty Podcast we’re talking about writing reports. We share some tips that we’ve learned, and discuss ways that AI can (and can’t) help with that process. We also talk about the benefit of using tools like Fabric, Loom, and ShareX.
Follow us on twitter at: @ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Follow your hosts Rhynorater & Teknogeek on twitter:
------ Ways to Support CTBBPodcast ------
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Today’s Sponsor - ThreatLocker
Resources:
XSS WAF Bypass by multi-char HTML entities
hey why can't you fix this one bug
Justin's reporting templating software
2to3 Automated Python Converter
Timestamps:
(00:00:00) Introduction
(00:04:00) XSS WAF Bypass by Multi-char HTML Entities
(00:11:59) Next.js and Cache Poisoning
(00:18:03) Nagli's Nuclei Template and Sean Yeoh's Blog
(00:27:34) Report Writing and AI
(00:50:02) Reporting tips
Episode 77: Bug Bounty Mental - Practical Tips for Staying Sharp & Motivated
Season 1 · Episode 77
jeudi 27 juin 2024 • Duration 01:50:26
Episode 77: In this episode of Critical Thinking - Bug Bounty Podcast Joel and Justin discuss some fresh writeups including some MongoDB injections, ORMs, and exploits in Kakao and iOS before pivoting into a conversation about staying motivated and avoiding burnout while hunting.
Follow us on twitter at: @ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
------ Ways to Support CTBBPodcast ------
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Resources:
MongoDB NoSQL Injection
https://soroush.me/blog/2024/06/mongodb-nosql-injection-with-aggregation-pipelines/
Mongo DB Is Web Scale
https://www.youtube.com/watch?v=b2F-DItXtZs
1-click Exploit in Kakao
https://stulle123.github.io/posts/kakaotalk-account-takeover/
Unsecure time-based secret and Sandwich Attack
https://www.aeth.cc/public/Article-Reset-Tolkien/secret-time-based-article-en.html
Reset Tolkien
https://github.com/AethliosIK/reset-tolkien
iOS URL Scheme Hijacking Revamped
https://evanconnelly.github.io/post/ios-oauth/
PLORMBING YOUR DJANGO ORM
https://www.elttam.com/blog/plormbing-your-django-orm/#content
Timestamps:
(00:00:00) Introduction
(00:02:07) MongoDB NoSQL Injection
(00:12:42) 1-click Exploit in Kakao
(00:33:21) Time-based secrets and Reset Tolkien
(00:39:26) iOS URL Scheme Hijacking Revamped
(00:51:42) ORMs
(00:58:57) Community Bug Submission
(01:07:45) Motivation, Mental Sharpness, and Burnout avoidance
Related Shows Based on Content Similarities
