Powered by RND
PodcastsTechnologyCritical Thinking - Bug Bounty Podcast

Critical Thinking - Bug Bounty Podcast

Justin Gardner (Rhynorater) & Joseph Thacker (Rez0)
Critical Thinking - Bug Bounty Podcast
Latest episode

Available Episodes

5 of 144
  • Episode 144: Google’s Top AI Hackers: Busfactor and Monke
    Episode 144: In this episode of Critical Thinking - Bug Bounty Podcast Joseph is joined by Vitor Falcão and Ciarán Cotter to discuss their success at the recent Mexico LHE, as well as their journey and routines in fulltime hacking. Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor: ThreatLocker. Check out ThreatLocker DAChttps://www.criticalthinkingpodcast.io/tl-dacToday’s Guests:Vitor Falcãohttps://x.com/busf4ctorCiarán Cotterhttps://x.com/monkehack ====== This Week in Bug Bounty======Securing the Age of AI Autonomy: Priorities for 2026https://www.hackerone.com/events/bionic-hacking====== Resources ======AI Vulnerability Reward Program Ruleshttps://bughunters.google.com/about/rules/google-friends/5222232590712832/ai-vulnerability-reward-program-rulesMy First 3 Months as a Full-Time Bug Bounty Hunterhttps://vitorfalcao.com/posts/3-months-as-a-full-time-bug-bounty-hunter/====== Timestamps ======(00:00:00) Introduction(00:02:32) Client side Bug Story & Vitor's BB journey(00:13:59) Google LHE Mexico takeaways(00:26:55) Full-time hunting reflections(00:33:39) Hacking routines(00:42:56) Hacking AI
    --------  
    52:40
  • Episode 143: New Cohost + Client-Side Gadgets, LHE Meta — Instant Global Admin in Entra!
    Episode 143: In this episode of Critical Thinking - Bug Bounty Podcast Justin brings Brandyn back to announce him as our newest co-host. We chat about recent LHE experiences, and then break down some news. Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!====== This Week in Bug Bounty ======YesWeHack won the European commission: https://www.yeswehack.com/news/european-commission-tender-won-yeswehackYesWeHack now have authorised cve numbering authority: https://www.yeswehack.com/news/yeswehack-authorised-cve-numbering-authorityA wide range of highly used open source bug bounty program such as Log4J, Systemd, GNOME and a lot more: https://event.yeswehack.com/events/open-the-code-source-the-bounty====== Resources ======Attributes reference inside HTMLExplaining XSS without parentheses and semi-colonsBeyond Sandbox Domains: Rendering Untrusted Web Content with SafeContentFrameOne Token to rule them allflareproxCaido 101: How to master it====== Timestamps ======(00:00:00) Introduction(00:03:16) LHE approaches and accomplishments(00:30:54) Attributes reference inside HTML & Explaining XSS without parentheses and semi-colons(00:44:33) One Token to rule them all(00:57:13) Flareprox & Caido 101
    --------  
    1:04:23
  • Episode 142: Gr3pme's Full-Time Hunting Journey Update, Insane AI research, And Some Light News
    Episode 142: In this episode of Critical Thinking - Bug Bounty Podcast Rez0 and Gr3pme join forces to discuss Websocket research, Meta’s $111750 Bug, PROMISQROUTE, and the opportunities afforded by going full time in Bug Bounty.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter:====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor: ThreatLocker. Check out ThreatLocker DACToday’s Guest: https://x.com/gr3pme====== This Week in Bug Bounty ======New Monthly Dojo challenge and Dojo UI designThe ultimate Bug Bounty guide to exploiting race condition vulnerabilities in web applicationsWatch Our boy Brandyn on the TV====== Resources ======murtasecWebSocket Turbo Intruder: Unearthing the WebSocket GoldmineRemote code execution though vulnerability in Facebook Messenger for WindowsFinding vulnerabilities in modern web apps using Claude Code and OpenAI CodexMind the GapPROMISQROUTE====== Timestamps ======(00:00:00) Introduction(00:05:16) Full Time Bug Bounty and Business Startups(00:15:50) Websockets(00:22:17) Meta’s $111750 Bug(00:28:38) Finding vulns using Claude Code and OpenAI Codex(00:39:32) Time-of-Check to Time-of-Use Vulns in LLM-Enabled Agents(00:45:22) PROMISQROUTE
    --------  
    54:50
  • Episode 141: Hacking the Pod - Google Docs 0-day & React CreateElement Exploits with Nick Copi (7urb0)
    Episode 141: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Nick Copi to talk about CSPT, React, CSS Injections and how Nick hacked the pod.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter:https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor: ThreatLocker. Check out ThreatLocker DAChttps://www.criticalthinkingpodcast.io/tl-dacToday’s Guest: https://x.com/7urb01====== Resources ======regexploithttps://github.com/doyensec/regexploitFontleakhttps://adragos.ro/fontleak/debug(function)https://developer.chrome.com/docs/devtools/console/utilities#debug-functiondomloggerpphttps://github.com/kevin-mizu/domloggerpp====== Timestamps ======(00:00:00) Introduction(00:02:40) Google Docs Bug and 7urb0 Introduction(00:13:26) Bring-a-bug story(00:20:21) 7urb0's DEFCON talk teaser & Intrusive Thoughts Worth Sharing(00:30:01) CSPTs and React Apps(00:51:31) CSS Injections(01:04:55) 7urb0's backstory and game hacking(01:18:33) Worst Crit
    --------  
    1:23:31
  • Episode 140: Crit Research Lab Update & Client-Side Tricks Galore
    Episode 140: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph give an update from The Crit Research Lab, as well as some writeups on postMessage vulnerabilities, Cookie Chaos, and more.Follow us on X at: https://x.com/ctbbpodcastGot any ideas and suggestions? Send us feedback at [email protected] to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord!Get some hacker swag here!====== This Week in Bug Bounty ======Cross-site request forgeryHackerOne New Milestone ProgramEmail [email protected] for media opportunities====== Resources ======Exploiting Web Worker XSS with BlobsCritical Research LabRez0's TweetCVE-2022-21703: cross-origin request forgery against GrafanaConversation about Forcing Quirks ModeAI Busniess Logic & POC or GTFOHunting postMessage Vulnerabilities – Part 1Hunting postMessage Vulnerabilities – Part 2Executive OffenseCookie Chaos: How to bypass Host and Secure cookie prefixes====== Timestamps ======(00:00:00) Introduction(00:05:48) Crit Research Update(00:13:00) Encouragement & Collaboration(00:19:37) Cross-origin request forgery & Anthropic's web fetch(00:29:17) Quirks Mode, AI Business Logic & POC or GTFO(00:44:21) Hunting postMessage & Claude Code browserbase(00:51:25) Community story, Executive Offense, & Cookie Chaos
    --------  
    57:41

More Technology podcasts

About Critical Thinking - Bug Bounty Podcast

A "by Hackers for Hackers" podcast focused on technical content ranging from bug bounty tips, to write-up explanations, to the latest hacking techniques.
Podcast website

Listen to Critical Thinking - Bug Bounty Podcast, Acquired and many other podcasts from around the world with the radio.net app

Get the free radio.net app

  • Stations and podcasts to bookmark
  • Stream via Wi-Fi or Bluetooth
  • Supports Carplay & Android Auto
  • Many other app features
Social
v7.23.9 | © 2007-2025 radio.de GmbH
Generated: 10/18/2025 - 9:37:07 AM