Afleveringen
-
Episode 181: In this episode of Critical Thinking - Bug Bounty Podcast Joseph and XSSDoctor talk about building a Hackbot.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
https://x.com/Rhynorater
https://x.com/rez0__
https://x.com/gr3pme
Critical Research Lab:
https://lab.ctbb.show/
Need a Pentest? We just launched CTBB Pentests!
https://pentest.ctbb.show/
Hack full time? Check out the Full-Time Hunter’s Guild!
https://ctbb.show/fthg
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today's Sponsor: Check out Zero Trust Network Access:
https://www.criticalthinkingpodcast.io/tl-ztna
====== Resources ======
Are bug bounties cooked?
https://hakluke.com/are-bug-bounties-cooked
We built a Hackbot
https://josephthacker.com/hacking/2026/07/01/we-built-a-hackbot.html
====== Timestamps ======
(00:00:00) Introduction
(00:07:22) Manual vs. AI Hacking
(00:17:27) Building a Hackbot
(00:23:53) Negatives of Hackbots
(00:31:34) Logistics and Problems of Singularity
(00:46:21) Successes
-
Episode 180: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Steve Hernandez, founder of the Bug Bounty Maturity Framework (BBMF), to walk us through the inaugural State of Bug Bounty Maturity Posture Report. We go through the scores and cover Asset Hygiene, Operational Signal, how to re-engage the relationship between trust and researcher participation.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
https://x.com/Rhynorater
https://x.com/rez0__
https://x.com/gr3pme
Critical Research Lab:
https://lab.ctbb.show/
Need a Pentest? We just launched CTBB Pentests!
https://pentest.ctbb.show/
Hack full time? Check out the Full-Time Hunter’s Guild!
https://ctbb.show/fthg
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today’s Guest: https://x.com/SteveHernandezM
Email Steve at [email protected]
Fill out this form to enter a Critical Thinkers raffle
https://forms.ctbb.show/mdaz
====== Resources ======
State of Bug Bounty Maturity Posture
https://bugbountymaturity.com/research/state-of-bug-bounty-maturity-posture-2026
Take the Bug Bounty Maturity Assessment
https://bugbountymaturity.com/assessment
AI Is Compressing the Bug Bounty Maturity Curve
https://bugbountymaturity.com/research/ai-is-compressing-the-bug-bounty-maturity-curve
====== Timestamps ======
(00:00:00) Introduction
(00:04:09) State of Bug Bounty Maturity Posture
(00:22:33) Researcher Interface & Program Trust
(00:44:38) Maturity Bands and Scoring
(01:08:19) AI Is Compressing the Bug Bounty Maturity Curve
-
Zijn er afleveringen die ontbreken?
-
Episode 179: In this episode of Critical Thinking - Bug Bounty Podcast we talk about how to stay motivated and keep the vibes strong during this trying time for Bug Bounty.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
https://x.com/Rhynorater
https://x.com/rez0__
https://x.com/gr3pme
Critical Research Lab:
https://lab.ctbb.show/
Need a Pentest? We just launched CTBB Pentests!
https://pentest.ctbb.show/
Hack full time? Check out the Full-Time Hunter’s Guild!
https://ctbb.show/fthg
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today's Sponsor: Check out Zero Trust Cloud Access:
https://www.threatlocker.com/capabilities/zero-trust-cloud-access
====== Timestamps ======
(00:00:00) Introduction
(00:04:57) Managing Hacker Motivation
(00:10:45) Community, Competition, & Curosity
(00:16:54) Using AI with Passion
(00:23:10) The LHE Method & Sharing Wins
(00:28:01) Video POCs, Scripts, & Talking about Bugs
(00:40:49) Watching your health & stopping mid-hack
-
Episode 178: In this episode of Critical Thinking - Bug Bounty Podcast we’re back with BruteCat to finish up our discussion on hacking Google. This week we hit AI.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
https://x.com/Rhynorater
https://x.com/rez0__
https://x.com/gr3pme
Critical Research Lab:
https://lab.ctbb.show/
Need a Pentest? We just launched CTBB Pentests!
https://pentest.ctbb.show/
Hack full time? Check out the Full-Time Hunter’s Guild!
https://ctbb.show/fthg
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today’s Guest: https://x.com/brutecat
====== Resources ======
Hacking Google with AI
https://brutecat.com/articles/hacking-google-with-ai/
====== Timestamps ======
(00:00:00) Introduction
(00:03:07) Discovery Docs Refresher & AI at BugSWAT Mexico
(00:30:49) Auth & Enumeration of Referer and Origin
(00:45:59) Pwning Google Stories
(01:09:32) Batch Execute & GraphQL
-
Episode 177: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by BruteCat to talk about his journey hacking Google Cloud, Gmail, Youtube, and Google Phone.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
https://x.com/Rhynorater
https://x.com/rez0__
https://x.com/gr3pme
Critical Research Lab:
https://lab.ctbb.show/
Need a Pentest? We just launched CTBB Pentests!
https://pentest.ctbb.show/
Hack full time? Check out the Full-Time Hunter’s Guild!
https://ctbb.show/fthg
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today's Sponsor: Check out Zero Trust Cloud Access from ThreatLocker
https://www.criticalthinkingpodcast.io/tl-ztca
Today’s Guest: https://x.com/brutecat
====== Resources ======
StubZero: $148,337 RCE in Google Cloud Production
https://brutecat.com/articles/google-cloud-rce/
Leaking the email of any YouTube user for $10,000
https://brutecat.com/articles/leaking-youtube-emails/
Disclosing YouTube Creator Emails for a $20k Bounty
https://brutecat.com/articles/youtube-creator-emails/
Leaking the phone number of any Google user
https://brutecat.com/articles/leaking-google-phones/
====== Timestamps ======
(00:00:00) Introduction
(00:29:14) 2nd RCE in Application Integration
(00:39:55) BruteCat's Background & RCE Follow-up Questions
(00:48:02) Google VRP and Youtube Bugs
(01:10:17) Google Phone Leak
(01:18:36) Discovery Docs and Episode 178 Teaser
-
Episode 176: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by top Adobe hacker Jim Green to deep-dive AEM. We talk through Sling selectors, Permissions, and how to spot AEM Red Flags.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
https://x.com/Rhynorater
https://x.com/rez0__
https://x.com/gr3pme
Critical Research Lab:
https://lab.ctbb.show/
Need a Pentest? We just launched CTBB Pentests!
https://pentest.ctbb.show/
Hack full time? Check out the Full-Time Hunter’s Guild!
https://ctbb.show/fthg
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today’s Sponsor: Adobe. Earn more for AI bugs with Adobe’s new AI Tier! https://blog.adobe.com/security/adobe-expands-bug-bounty-program-to-incentivize-ai-security-research
Also don’t forget to also grab a 10% bonus for valid AI vulnerabilities in Adobe Stock and Lightroom Web. Use code: CTBB063026 in your report.
Expires June 30, 2026.
====== This Week in Bug Bounty ======
Scaling Bug Bounty triage in the AI era
(https://www.yeswehack.com/security-best-practices/scaling-bug-bounty-triage-ai)
The AI impact: a triager’s perspective
https://www.intigriti.com/blog/business-insights/the-ai-impact-a-triagers-perspective
====== Resources ======
Sling Selectors - The Key to Unlocking AEM's Attack Surface
https://greenjam.co.uk/blog/sling-selectors/
Just a Moment CTF
https://poc.greenjam.co.uk/just-a-moment.html
General XSS jquery .text()
https://poc.greenjam.co.uk/text-xss.html
URL XXS Challenge
https://poc.greenjam.co.uk/url-xss.html
====== Timestamps ======
(00:00:00) Introduction
(00:04:35) Background and AEM Bug
(00:17:40) Sling Selectors & the Tech Stack
(00:38:14) Permissions & Apache Sling Resolution
(01:01:37) The Bugs & AEM Red Flags
(01:31:55) Moment in Time CTF
(01:40:38) General XSS jquery .text()
(01:45:45) URL XXS Challenge
-
Episode 175: In this episode of Critical Thinking - Bug Bounty Podcast we’re comparing Hackbot setups and results. We also talk about some of the recent ZDI drama, as well as the importance of freaking beautiful POCs
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
https://x.com/Rhynorater
https://x.com/rez0__
https://x.com/gr3pme
Critical Research Lab:
https://lab.ctbb.show/
Need a Pentest? We just launched CTBB Pentests!
https://pentest.ctbb.show/
Hack full time? Check out the Full-Time Hunter’s Guild!
https://ctbb.show/fthg
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today's Sponsor: Check out Zero Trust Cloud Access from ThreatLocker
https://www.criticalthinkingpodcast.io/tl-ztca
====== Resources ======
Another day, another universal linux LPE
https://x.com/v12sec/status/2054491454064746629
ZDI Drama
https://x.com/ryotkak/status/2052881664909660521
Orange Tsai Bug on Edge
https://x.com/thezdi/status/2054868495888777266
Chompie's Exploit in NV Container Toolkit
https://x.com/chompie1337/status/2054882193055601140
GitHub Security April bug bounty stats
https://x.com/GitHubSecurity/status/2054274356403138932
====== Timestamps ======
(00:00:00) Introduction
(00:02:14) q param prompt injection & Mobile CSPT
(00:14:17) Admin API Key MegaCrit
(00:17:13) Hackbots
(00:37:10) Pretty POCs and ZDI Drama
(00:44:48) GitHub Security April Stats
-
Episode 174: In this episode of Critical Thinking - Bug Bounty Podcast we follow up from last episode with some advice for BB platforms, as well as cover a slew of writeups from Searchlight Cyber, watchTowr, and Starstrike.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
https://x.com/Rhynorater
https://x.com/rez0__
https://x.com/gr3pme
Critical Research Lab:
https://lab.ctbb.show/
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Need a Pentest? We just launched CTBB Pentests!
https://pentest.ctbb.show/
Hack full time? Check out the Full-Time Hunter’s Guild!
https://ctbb.show/fthg
====== This Week in Bug Bounty ======
COST, AI frontier models and more: A measured take on the future of security testing
https://www.yeswehack.com/security-best-practices/cost-mythos-future-security-testing
Common AI misconceptions debugged!
https://www.intigriti.com/blog/business-insights/common-misconceptions-debugged#trend-3-validity-ratios-remain-constant-ai-slop-isnt-rising-as-a-proportion
BountySync + Social
https://luma.com/bountysync_social
====== Resources ======
Ghosts of Encryption Past
https://slcyber.io/research-center/ghosts-of-encryption-past-salesforce-exacttarget/
tessl Skill Optimizer
https://tessl.io/registry/tessl/skill-optimizer/0.8.0
The Internet Is Falling Down, Falling Down, Falling Down
https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/
High Fidelity Check for the cPanel Authentication Bypass
https://slcyber.io/research-center/high-fidelity-check-for-the-cpanel-authentication-bypass-cve-2026-41940/
Achieving Deterministic Prompt Injection Through Client-Side Feedback Loops
https://blog.starstrike.ai/posts/achieving-deterministic-prompt-injection-through-client-side-feedback-loops/
GPT-5.5: Mythos-Like Hacking, Open To All
https://xbow.com/blog/mythos-like-hacking-open-to-all
Remote Command Execution in Google Cloud with Single Directory Deletion
https://flatt.tech/research/posts/remote-command-execution-in-google-cloud-with-single-directory-deletion/?utm_source=bugbountydaily.com&utm_medium=referral
====== Timestamps ======
(00:00:00) Introduction
(00:09:20) AMPScript
(00:25:10) Tessl Skill Optimizer
(00:33:07) cPanel & WHM Authentication Bypass
(00:40:46) Advice for Bug Bounty Programs
(00:50:07) Prompt Injection Through Client-Side Feedback Loops
(00:54:37) GPT 5.5
(01:01:00) Remote Command Execution in Google Cloud
-
Episode 173: In this episode of Critical Thinking - Bug Bounty Podcast we’re talking about the negative effects that AI is having on the Bug Bounty scene as a whole. Is it over, or are we so back?
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
https://x.com/Rhynorater
https://x.com/rez0__
https://x.com/gr3pme
Critical Research Lab:
https://lab.ctbb.show/
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today's Sponsor: Check out Zero Trust Cloud Access:
https://www.criticalthinkingpodcast.io/tl-ztca
====== Resources ======
We want your feedback on this!
https://forms.ctbb.show/future_of_bug_bounty
Evolving the Android & Chrome VRPs for the AI Era
https://bughunters.google.com/blog/evolving-the-android-chrome-vrps-for-the-ai-era
Paid Submissions?
https://x.com/d0rsky/status/2047744193976742120
Keep the Robots Out of the Gym
https://danielmiessler.com/blog/keep-the-robots-out-of-the-gym
Is my data used for model training?
https://privacy.claude.com/en/articles/10023580-is-my-data-used-for-model-training
====== Timestamps ======
(00:00:00) Introduction
(00:06:28) Network effects of Bug Bounty
(00:31:55) Hopium/Copium
(00:47:21) The Great Training Data Debate
-
Episode 172: In this episode of Critical Thinking - Bug Bounty Podcast trying out a new structure of episode: a Meta Analysis of sorts of many Source Code Review techniques. This episode features tips gathered from Shubs, Rafax, and FSI. Justin highlights best approaches, patterns, and common pitfalls.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
https://x.com/Rhynorater
https://x.com/rez0__
https://x.com/gr3pme
Critical Research Lab:
https://lab.ctbb.show/
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today’s Sponsor: Adobe - Get 10% bonus for valid AI vulnerabilities in Adobe Stock and Lightroom Web. Use code: CTBB063026 in your report.
Expires June 30, 2026.
====== This Week in Bug Bounty ======
Open-source security testing: the Bug Bounty guide to code analysis
https://www.yeswehack.com/learn-bug-bounty/open-source-guide-code-analysis?utm_source=youtube&utm_medium=sponsor-critical-thinking&utm_campaign=open-source-guide-code-analysis
====== Resources ======
Abusing Windows, .NET quirks, and Unicode Normalization to exploit DNN (DotNetNuke)
https://slcyber.io/research-center/abusing-windows-net-quirks-and-unicode-normalization-to-exploit-dnn-dotnetnuke/#:~:text=across%20different%20languages.-,A%20MUST%2DKNOW%20BEHAVIOUR%20OF%20PATH.COMBINE,-Another%20key%20implementation
====== Timestamps ======
(00:00:00) Introduction
(00:06:49) Tracing Data Flow, knowing where your playload is landing, and developer mistakes.
(00:17:33) Mapping the software
(00:24:46) Sniffing for blood
(00:31:54) Common Patterns and Pitfalls
-
Episode 171: In this episode of Critical Thinking - Bug Bounty Podcast Justin gives us some quick tips from his own hacking, including some clickjacking, using capital letters, and the potential value of leaking ages
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
https://x.com/Rhynorater
https://x.com/rez0__
https://x.com/gr3pme
Critical Research Lab:
https://lab.ctbb.show/
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today's Sponsor: Check out ThreatLocker Ringfencing
https://www.criticalthinkingpodcast.io/tl-rf
====== Resources ======
The ultimate Bug Bounty guide to OS command injection vulnerabilities
https://www.yeswehack.com/learn-bug-bounty/ultimate-guide-os-command-injection?utm_source=critical-thinking-podcast&utm_medium=youtube&utm_campaign=article-os-command-injection
Critical auth bypass in WordPress Azure AD SSO plugin due to missing OIDC id_token validation
https://www.yeswehack.com/news/auth-bypass-wordpress-azure-plugin?utm_source=critical-thinking-podcast&utm_medium=youtube&utm_campaign=article-wordpress-bypass-plugin
Aituglo featured on YWH
https://www.yeswehack.com/community/developer-aituglo-bug-bounty-story
Adobe will be sponsoring Ekoparty in Miami and hosting a live hacking event on May 21st
https://ekoparty.org/ekoparty-miami-2026-super-live-hacking-event/
====== Resources ======
SVG clickjacking
https://lyra.horse/blog/2025/12/svg-clickjacking/
====== Timestamps ======
(00:00:00) Introduction
(00:06:35) Protobuff XSS
(00:12:51) Leaking Age & CSPTs
(00:15:59) Capital Letters and Clickjacking
-
Episode 170: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph their trip to Korea with some quick takeaways from the LHE.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
https://x.com/Rhynorater
https://x.com/rez0__
https://x.com/gr3pme
Critical Research Lab:
https://lab.ctbb.show/
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
====== Timestamps ======
(00:00:00) Introduction
(00:01:41) Google LHE Debrief
(00:09:27) Old AI Exfils & AI report writing
(00:18:14) Human Tokens
(00:26:13) Protoscope & Caido Websocket Repeater
-
Episode 169: In this episode of Critical Thinking - Bug Bounty Podcast gr3pme goes over some of the changes from OAuth 2.0 vs 2.1 and how Hackers can capitalize.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
https://x.com/Rhynorater
https://x.com/rez0__
https://x.com/gr3pme
Critical Research Lab:
https://lab.ctbb.show/
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today's Sponsor: Check out ThreatLocker Ringfencing
https://www.criticalthinkingpodcast.io/tl-rf
====== This Week in Bug Bounty ======
Intigriti is providing free Burp Pro for Hackers!
https://www.intigriti.com/blog/news/intigriti-collaborates-with-portswigger-to-support-ethical-hacking-excellence
====== Resources ======
Django-allauth Account Takeover (ZeroPath Audit)
https://zeropath.com/blog/django-allauth-account-takeover-vulnerabilities
CVE-2025-4144: Cloudflare Workers PKCE Bypass
https://github.com/cloudflare/workers-oauth-provider/security/advisories/GHSA-qgp8-v765-qxx9
CVE-2025-54576: OAuth2-Proxy Auth Bypass
https://zeropath.com/blog/cve-2025-54576-oauth2-proxy-auth-bypass
====== Timestamps ======
(00:00:00) Introduction
(00:02:16) OAuth 2.0 Standards
(00:12:08) Agent to Agent Communication
(00:17:19) CVE Case studies
-
Episode 168: In this episode of Critical Thinking - Bug Bounty Podcast we’re getting a visit from the XSS Doctor. Jonathan joins us to go through his Client-side workflow, run labs, and diagnose some bugs live.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
https://x.com/Rhynorater
https://x.com/rez0__
https://x.com/gr3pme
Critical Research Lab:
https://lab.ctbb.show/
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today’s Guest: https://x.com/xssdoctor
====== Resources ======
The Dot-Dot-Slash That Frameworks Hand You: CSPT Across Every Major Frontend Framework
https://lab.ctbb.show/research/the-dot-dot-slash-that-frameworks-hand-you
URL validation bypass cheat sheet
https://portswigger.net/web-security/ssrf/url-validation-bypass-cheat-sheet
====== Timestamps ======
(00:00:00) Introduction
(00:01:37) Home Automation AI Hack & E-signature bug stories
(00:12:15) E-signature bug
(00:17:01) XSS DR Intro and Bug Bounty Journey
(00:31:51) CSPT Workflows
(01:07:57) Wildcard Path Parameters
(01:30:34) Custom Sinks
-
Episode 167: In this episode of Critical Thinking - Bug Bounty Podcast we welcome Valeriy Shevchenko to talk about program management, anchor programs, and Theft in Bug Bounty.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
https://x.com/Rhynorater
https://x.com/rez0__
https://x.com/gr3pme
Critical Research Lab:
https://lab.ctbb.show/
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today's Sponsor: Check out ThreatLocker Ringfencing
https://www.criticalthinkingpodcast.io/tl-rf
Today’s Guest: https://x.com/Krevetk0Valeriy
====== This Week in Bug Bounty ======
HackerOne’s Bug Bounty Maturity Framework:
https://www.hackerone.com/blog/program-maturity-framework-bug-bounty-operations
Intigriti is hiring a Product Security Analyst
https://jobs.criticalthinkingpodcast.io/jobs/product-security-analyst-25ef4706
====== Resources ======
Valeriy’s Blog
https://krevetk0.medium.com/
====== Timestamps ======
(00:00:00) Introduction
(00:03:15) Valeriy's Bug story
(00:19:48) Anchor Programs and Bug Hunting Motivation
(00:29:50) Stealing Bugs
-
Episode 166: In this episode of Critical Thinking - Bug Bounty Podcast we talk about Rez0’s Claude Skill Secrets, when AI Generated reports fall apart, and agents vs filters.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
https://x.com/Rhynorater
https://x.com/rez0__
https://x.com/gr3pme
Critical Research Lab:
https://lab.ctbb.show/
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today’s Sponsor: Adobe
====== This Week in Bug Bounty ======
Intigriti launched their ambassadors program. https://www.intigriti.com/ambassador
Adobe will be at Hack The Bay
https://www.hackthebay.org/
Bug Bounty Maturity Framework
https://bugbountymaturity.com/
====== Resources ======
h1-brain
https://github.com/PatrikFehrenbach/h1-brain
caido skills
http://github.com/caido/skills
Tweet from Karpathy
https://x.com/karpathy/status/2031767720933634100?s=20
Find every inefficiency in your Claude workflow with one prompt
https://x.com/shannholmberg/status/2030605364421595468
====== Timestamps ======
(00:00:00) Introduction
(00:08:28) Claude skills
(00:30:00) How AI Generated reports fall apart
(00:38:44) Orchestration
(00:49:10) Agents vs Folders
-
Episode 165: In this episode of Critical Thinking - Bug Bounty Podcast Justin recaps his Zero Trust World experience, before we dive into Permissions issues client-side bugs, New Hardware Hacking Classes, and using AI to hack.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
https://x.com/Rhynorater
https://x.com/rez0__
https://x.com/gr3pme
Critical Research Lab:
https://lab.ctbb.show/
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today's Sponsor: Check out ThreatLocker Ringfencing
https://www.criticalthinkingpodcast.io/tl-rf
====== Resources ======
bbscope Update
https://x.com/sw33tLie/status/2029344643154919720
Matt Brown's Youtube Channel
https://www.youtube.com/channel/UC3VDCeZYZH7mCihtMVHqppw
Matt's Twitter:
https://x.com/nmatt0
MCP server for HackerOne to search reports
https://x.com/OriginalSicksec/status/2029503063095124461?s=20
Caido Skills
https://github.com/caido/skills
The Agentic Hacking Era: Ramblings and a Tool
https://josephthacker.com/hacking/2026/03/06/the-agentic-hacking-era.html
Announcing AI-driven Caido
https://caido.io/blog/2026-03-06-caido-skill
====== Timestamps ======
(00:00:00) Introduction
(00:06:23) bbscope report dumping & Matt Brown Training
(00:13:10) MCP server for HackerOne to search reports & protobuff success
(00:24:24) Hacking Mics with Permissions issues client-side bugs
(00:27:26) Can AI Hack things?
-
Episode 164: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Tommy DeVoss to talk about his origin story, Yahoo bugs, and how Tommy first got Justin into Bug Bounty
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
https://x.com/Rhynorater
https://x.com/rez0__
https://x.com/gr3pme
Critical Research Lab:
https://lab.ctbb.show/
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today’s Guest: https://x.com/thedawgyg
====== This Week in Bug Bounty ======
Python pitfalls: Turning developer mistakes into vulnerabilities
https://www.yeswehack.com/learn-bug-bounty/python-pitfalls-turning-developer-mistakes?utm_source=critical-thinking&utm_medium=sponsored&utm_campaign=article-research-python-pitfalls
====== Timestamps ======
(00:00:00) Introduction
(00:06:22) Yahoo SSRF
(00:14:56) Tommy's Origin
(00:44:10) Bug Bounty
(00:51:47) SSRF Attraction, AI implementation, & Browser Hacking
-
Episode 163: In this episode of Critical Thinking - Bug Bounty Podcast It’s that time of year again! We’re looking at the Portswigger Research list of top 10 web hacking techniques of 2025.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
https://x.com/Rhynorater
https://x.com/rez0__
https://x.com/gr3pme
Critical Research Lab:
https://lab.ctbb.show/
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
====== Resources ======
Parser Differentials: When Interpretation Becomes a Vulnerability
https://www.youtube.com/watch?v=Dq_KVLXzxH8
XSS-Leak: Leaking Cross-Origin Redirects
https://blog.babelo.xyz/posts/cross-site-subdomain-leak/
Playing with HTTP/2 CONNECT
https://blog.flomb.net/posts/http2connect/
Next.js, cache, and chains: the stale elixir
https://zhero-web-sec.github.io/research-and-things/nextjs-cache-and-chains-the-stale-elixir
SOAPwn: Pwning .NET Framework Apps Through HTTP Client Proxies And WSDL
https://watchtowr.com/wp-content/uploads/SOAPwnwatchtowr_soappwn-research-whitepaper_10-12-2025.pdf
Cross-Site ETag Length Leak
https://blog.arkark.dev/2025/12/26/etag-length-leak
Lost in Translation: Exploiting Unicode Normalization
https://www.youtube.com/watch?v=ETB2w-f3pM4
ORM Leaking More Than You Joined For
https://www.elttam.com/blog/leaking-more-than-you-joined-for/
Novel SSRF Technique Involving HTTP Redirect Loops
https://slcyber.io/research-center/novel-ssrf-technique-involving-http-redirect-loops/
Successful Errors: New Code Injection and SSTI Techniques
https://github.com/vladko312/Research_Successful_Errors
====== Timestamps ======
(00:00:00) Introduction
(00:02:33) Parser Differentials: When Interpretation Becomes a Vulnerability
(00:11:02) XSS-Leak: Leaking Cross-Origin Redirects
(00:18:25) Playing with HTTP/2 CONNECT
(00:22:10) Next.js, cache, and chains: the stale elixir
(00:29:15) SOAPwn: Pwning .NET Framework Apps Through HTTP Client Proxies And WSDL
(00:34:27) Cross-Site ETag Length Leak
(00:41:47) Lost in Translation: Exploiting Unicode Normalization
(00:47:27) ORM Leaking More Than You Joined For
(00:54:07) Novel SSRF Technique Involving HTTP Redirect Loops
(00:58:40) Successful Errors: New Code Injection and SSTI Techniques
-
Episode 162: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph sit down with HackerOne Founder & CTO Alex Rice to discuss concerns of Using Hacker Data for AI and decreasing bounties.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
https://x.com/Rhynorater
https://x.com/rez0__
https://x.com/gr3pme
Critical Research Lab:
https://lab.ctbb.show/
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today's Sponsor: Join Justin at Zero Trust World in March and get $200 off registration with Code ZTWCTBB26
https://ztw.com/
Today’s Guest: https://x.com/senorarroz
====== This Week in Bug Bounty ======
XML external entity: The ultimate Bug Bounty guide to exploiting XXE vulnerabilities
https://www.yeswehack.com/learn-bug-bounty/xml-external-entity-guide-xxe?utm_source=Critical_Thinking&utm_medium=Youtube&utm_campaign=XXE_Critical_Thinking&utm_id=XXE_CT
Bug Bounty Maturity Framework
https://bugbountymaturity.com/
====== Resources ======
Confidential Information and Confidentiality Obligations
https://www.hackerone.com/terms/general#:~:text=HackerOne%20may%20use%20Confidential%20Information%20to%20develop%20and/or%20improve%20its%20Services%20(for%20example%2C%20to%20identify%20trends%2C%20and%20to%20train%20AI%20models)%20provided%20such%20use%20does%20not%20result%20in%20disclosure%20of%20Confidential%20Information%20to%20unauthorized%20third%20parties
Ownership and Licenses
https://www.hackerone.com/terms/community#:~:text=8.%20Ownership%20and%20Licenses
I argued with an AI regarding HackerOne using Hacker reports to train PtaaS
https://bugbounty.forum/post/183ff0fc-eb9e-47f8-991d-c0aa5b0bba71
HackerOne PTaaS (likely training their AI on private reports data)
https://www.reddit.com/r/bugbounty/comments/1r5hixk/hackerone_ptaas_likely_training_their_ai_on/
What Makes Agentic PTaaS Different in Real Environments
https://www.hackerone.com/blog/agentic-penetration-testing-as-a-service#:~:text=Our%20agents%20are,real%20enterprise%20constraints
====== Timestamps ======
(00:00:00) Introduction
(00:08:44) HackerOne AI Terms of Service
(00:24:56) Agentic PTaaS
(00:38:09) Selling data
(00:43:49) Decrease in Bounties
- Laat meer zien