Critical Thinking - Bug Bounty Podcast
By Justin Gardner (Rhynorater), Joseph Thacker (Rez0), & Brandyn Murtagh (gr3pme)
Listen to a podcast, please open Podcast Republic app. Available on Google Play Store and Apple App Store.
Category: Technology
Open in Apple Podcasts
Open RSS feed
Open Website
Rate for this podcast
Subscribers: 30
Reviews: 0
Episodes: 160
Description
A "by Hackers for Hackers" podcast focused on technical content ranging from bug bounty tips, to write-up explanations, to the latest hacking techniques.
| Episode | Date |
|---|---|
|
Episode 160: Cloudflare Zero-days & Mail Unsubscribing for XSS
|
Feb 05, 2026 |
|
Episode 159: Avoiding Downgrades on Google Cloud VRP with Cote and Darby Hopkins
|
Jan 29, 2026 |
|
Episode 158: 10hr Marathon Hack-Along Recap + $300k Client-side Bugs
|
Jan 22, 2026 |
|
Episode 157: Crushing Pwn2Own & H1 with Kernel Driver Exploits
|
Jan 15, 2026 |
|
Episode 156: Chill AMA from bugbounty.forum
|
Jan 08, 2026 |
|
Episode 155: 2025 Hacker Stats & 2026 Goals
|
Jan 01, 2026 |
|
Episode 154: Starting a Pentesting Company on Top of Bug Bounty
|
Dec 25, 2025 |
|
Episode 153: Hacking the Robots of the Future: Hardware, AI, and Bug Bounties with Matt Brown
|
Dec 18, 2025 |
|
Episode 152: GeminiJack and Agentic Security with Sasi Levi
|
Dec 11, 2025 |
|
Episode 151: Client-side Advanced Topics
|
Dec 04, 2025 |
|
Episode 150: ASP.NET MVC Patterns, Popping Oracle Identity, and Esoteric Subdomain Enumeration
|
Nov 27, 2025 |
|
Episode 149: DEFCON Debrief: AI Vulns, Unicode Weirdness, and Wild Vulnerability Chains
|
Nov 20, 2025 |
|
Episode 148: MCP Hacking Guide
|
Nov 13, 2025 |
|
Episode 147: Stupid Simple Hacking Workflow Tips
|
Nov 06, 2025 |
|
Episode 146: Hacking Horror Stories
|
Oct 30, 2025 |
|
Episode 145: Gr3pme's Secret: Bug Bounty Note Taking Methodology
|
Oct 23, 2025 |
|
Episode 144: Google’s Top AI Hackers: Busfactor and Monke
|
Oct 16, 2025 |
|
Episode 143: New Cohost + Client-Side Gadgets, LHE Meta — Instant Global Admin in Entra!
|
Oct 09, 2025 |
|
Episode 142: Gr3pme's Full-Time Hunting Journey Update, Insane AI research, And Some Light News
|
Oct 02, 2025 |
|
Episode 141: Hacking the Pod - Google Docs 0-day & React CreateElement Exploits with Nick Copi (7urb0)
|
Sep 25, 2025 |
|
Episode 140: Crit Research Lab Update & Client-Side Tricks Galore
|
Sep 18, 2025 |
|
Episode 139: James Kettle - Pwning in Prod & How to do Web Security Research
|
Sep 11, 2025 |
|
Episode 138: Caido Tools and Workflows
|
Sep 04, 2025 |
|
Episode 137: How We Do AI-Assisted Whitebox Review, New CSPT Gadgets, and Tools from SLCyber
|
Aug 28, 2025 |
|
Episode 136: Hacking Cluely, AI Prod Sec, and How To Not Get Sued with Jack Cable
|
Aug 21, 2025 |
|
Episode 135: Akamai's Ryan Barnett on WAFs, Unicode Confusables, and Triage Stories
|
Aug 14, 2025 |
|
Episode 134: XBOW - AI Hacking Agent and Human in the Loop with Diego Djurado
|
Aug 04, 2025 |
|
Episode 133: Building Hacker Communities - Bug Bounty Village, getDisclosed, and the LHE Squad
|
Jul 31, 2025 |
|
Episode 132: Archive Testing Methodology with Mathias Karlsson
|
Jul 24, 2025 |
|
Episode 131: SL Cyber Writeups, Bug Bounty Metastrategy, and Orphaned Github Commits
|
Jul 17, 2025 |
|
Episode 130: Minecraft Hacks to Google Hacking Star - Valentino
|
Jul 10, 2025 |
|
Episode 129: Is this how Bug Bounty Ends?
|
Jul 03, 2025 |
|
Episode 128: New Research in Blind SSRF and Self-XSS, and How to Architect Source-code Review AI Bots
|
Jun 26, 2025 |
|
Episode 127: Drama, PDF as JS Chaos, Bounty Profile Apps, And More
|
Jun 19, 2025 |
|
Episode 126: Hacking AI Series: Vulnus ex Machina - Part 3
|
Jun 12, 2025 |
|
Episode 125: How to Win Live Hacking Events
|
Jun 05, 2025 |
|
Episode 124: Bug Bounty Lifestyle = Less Hacking Time?
|
May 29, 2025 |
|
Episode 123: Hacking AI Series: Vulnus ex Machina - Part 2
|
May 22, 2025 |
|
Episode 122: We Won Google's AI Hacking Event in Tokyo - Main Takeaways
|
May 15, 2025 |
|
Episode 121: Slonser’s Image Injection 0-day -> ATO & New Caido Collab Plugin
|
May 08, 2025 |
|
Episode 120: SpaceRaccoon - From Day Zero to Zero Day
|
May 01, 2025 |
|
Episode 119: Abusing Iframes from a client-side hacker
|
Apr 17, 2025 |
|
Episode 118: Hacking Happy Hour: 0days on Tap and SQLi Shots
|
Apr 10, 2025 |
|
Episode 117: Hacking AI Series: Vulnus ex Machina - Part 1
|
Apr 03, 2025 |
|
Episode 116: Auth Bypasses and Google VRP Writeups
|
Mar 27, 2025 |
|
Episode 115: Mentee to Career Hacker - Mokusou (So Sakaguchi)
|
Mar 20, 2025 |
|
Episode 114: Single Page Application Hacking Playbook
|
Mar 13, 2025 |
|
Episode 113: Best Technical Takeaways from Portswigger Top 10 2024
|
Mar 06, 2025 |
|
Episode 112: Interview with Ciarán Cotter (MonkeHack) - Critical Lab Researcher and Full-time Hunter
|
Feb 27, 2025 |
|
Episode 111: How to Bypass DOMPurify in Bug Bounty with Kevin Mizu
|
Feb 20, 2025 |
|
Episode 110: Oauth Gadget Correlation and Common Attacks
|
Feb 13, 2025 |
|
Episode 109: Creative Recon - Alternative Techniques
|
Feb 06, 2025 |
|
Episode 108: How to Hack Salesforce, ServiceNow, and Other SaaS Products With Aaron Costello
|
Jan 30, 2025 |
|
Episode 107: Bypassing Cross-Origin Browser Headers
|
Jan 23, 2025 |
|
Episode 106: Announcing our new cohost...
|
Jan 16, 2025 |
|
Episode 105: Best Critical Thinking Moments from 2024
|
Jan 09, 2025 |
|
Episode 104: 2024 Hacker Stats & 2025 Goals
|
Jan 02, 2025 |
|
Episode 103: Getting ANSI about Unicode Normalization
|
Dec 26, 2024 |
|
Episode 102: Building Web Hacking Micro Agents with Jason Haddix
|
Dec 19, 2024 |
|
Episode 101: CTBB Hijacked: Rez0__ on AI Attack Vectors with Johann Rehberger
|
Dec 12, 2024 |
|
Ep 100 - 8 Fav Bugs of 2024, Farewell Joel, Hello Shift - Cursor of Hacking
|
Dec 05, 2024 |
|
Episode 99: Back to the Basics - Web Fundamental to 100k a Year in Bug Bounty
|
Nov 28, 2024 |
|
Episode 98: Team 82 Sharon Brizinov - The Live Hacking Polymath
|
Nov 21, 2024 |
|
Episode 97: Bcrypt Hash Input Truncation & Mobile Device Threat Modeling
|
Nov 14, 2024 |
|
Episode 96: Cookies & Caching with MatanBer
|
Nov 07, 2024 |
|
Episode 95: Attacking Chrome Extensions with MatanBer - Big Impact on the Client-Side
|
Oct 31, 2024 |
|
Episode 94: Zendesk Fiasco & the CTBB Naughty List
|
Oct 24, 2024 |
|
Episode 93: A Chat with Dr. Bouman - Life as a Hacker and a Doctor
|
Oct 17, 2024 |
|
Episode 92 - SAML XPath Confusion, Chinese DNS Poisoning, and AI Powered 403 Bypasser
|
Oct 10, 2024 |
|
Episode 91: Zero to LHE in 9 Months (feat gr3pme)
|
Oct 03, 2024 |
|
Episode 90: 5k Clickjacking, Encryption Oracles, and Cursor for PoCs
|
Sep 26, 2024 |
|
Episode 89: The Untapped Bug Bounty Landscape of IoT w/ Matt Brown
|
Sep 19, 2024 |
|
Episode 88: News, Tools, and Writeups
|
Sep 12, 2024 |
|
Episode 87: 'Hacker Wife' Mariah Gardner on Bug Bounty mentality and relationships
|
Sep 05, 2024 |
|
Episode 86: The X-Correlation between Frans & RCE - Research Drop
|
Aug 29, 2024 |
|
Episode 85: Practical Applications of DEFCON 32 Web Research
|
Aug 22, 2024 |
|
Episode 84: 0xLupin & Takeaways from Google's Las Vegas BugSwat
|
Aug 15, 2024 |
|
Episode 83: Brainstorming Proxy Plugins
|
Aug 08, 2024 |
|
Episode 82: Part-Time Bug Bounty
|
Aug 01, 2024 |
|
Episode 81: Crushing Client-Side on Any Scope with MatanBer
|
Jul 25, 2024 |
|
Episode 80: Pwn2Own VS H1 Live Hacking Event (feat SinSinology)
|
Jul 18, 2024 |
|
Episode 79: The State of CSS Injection - Leaking Text Nodes & HTML Attributes
|
Jul 11, 2024 |
|
Episode 78: Less Writing, More Hacking - Reporting Efficiency Techniques
|
Jul 04, 2024 |
|
Episode 77: Bug Bounty Mental - Practical Tips for Staying Sharp & Motivated
|
Jun 27, 2024 |
|
Episode 76: Match & Replace - HTTP Proxies' Most Underrated Feature
|
Jun 20, 2024 |
|
Episode 75: *Rerun* of The OG Bug Bounty King - Frans Rosen
|
Jun 13, 2024 |
|
Episode 74: Supply Chain Attack Primer - Popping RCE Without an HTTP Request (feat 0xLupin)
|
Jun 06, 2024 |
|
Episode 73: Sandboxed IFrames and WAF Bypasses
|
May 30, 2024 |
|
Episode 72: Research TLDRs & Smuggling Payloads in Well Known Data Types
|
May 23, 2024 |
|
Episode 71: More VDP Chats & AI Bias Bounty Strats with Keith Hoodlet
|
May 16, 2024 |
|
Episode 70: NahamCon and CSP Bypasses Everywhere
|
May 09, 2024 |
|
Episode 69: Johan Carlsson - 3 Month Check-in on Full-time Bug Bounty.
|
May 02, 2024 |
|
Episode 68: 0-days & HTMX-SS with Mathias
|
Apr 25, 2024 |
|
Episode 67: VDPs & Accidental Program VS Hacker Debate Part 2
|
Apr 18, 2024 |
|
Episode 66: CDN-CGI Research, Intent To Ship, and Louis Vuitton
|
Apr 11, 2024 |
|
Episode 65: Motivation and Methodology with Sam Curry (Zlz)
|
Apr 04, 2024 |
|
Episode 64: .NET Remoting, CDN Attack Surface, and Recon vs Main App
|
Mar 28, 2024 |
|
Episode 63: JHaddix Returns
|
Mar 21, 2024 |
|
Episode 62: Frontend Language Oddities
|
Mar 14, 2024 |
|
Episode 61: A Hacker on Wall Street - JR0ch17
|
Mar 07, 2024 |
|
Episode 60: Our Take on PortSwigger's Top 10 Web Hacking Techniques of 2023
|
Feb 29, 2024 |
|
Episode 59: Bug Bounty Gadget Hunting & Hacker's Intuition
|
Feb 22, 2024 |
|
Episode 58: Youssef Sammouda - Client-Side & ATO War Stories
|
Feb 15, 2024 |
|
Episode 57: Technical breakdown from Miami Hacking Event - H1-305
|
Feb 08, 2024 |
|
Episode 56: Using Data Science to win Bug Bounty - Mayonaise (aka Jon Colston)
|
Feb 01, 2024 |
|
Episode 55: Popping WordPress Plugins - Methodology Braindump
|
Jan 25, 2024 |
|
Episode 54: White Box Formulas - Vulnerable Coding Patterns
|
Jan 18, 2024 |
|
Episode 53: 500k/yr as Full-Time Bug Hunter & Content Creator - Nahamsec
|
Jan 11, 2024 |
|
Episode 52: Best Technical Content from Year 1 of CTBB Podcast
|
Jan 04, 2024 |
|
Episode 51: Hacker Stats 2023 & 2024 Goals
|
Dec 28, 2023 |
|
Episode 50: Mathias 'Fall in a well' Karlsson - Bug Bounty Prophet
|
Dec 21, 2023 |
|
Episode 49: Getting Live Hacking Event Invites & Bug Bounty Collab with Nagli
|
Dec 14, 2023 |
|
Episode 48: MVH, DEFCON Black Badge, Googler - Sam Erb
|
Dec 07, 2023 |
|
Episode 47: CSP Research, Iframe Hopping, and Client-side Shenanigans
|
Nov 30, 2023 |
|
Episode 46: The SAML Ramble
|
Nov 23, 2023 |
|
Episode 45: The OG Bug Bounty King - Frans Rosen
|
Nov 16, 2023 |
|
Episode 44: URL Parsing & Auth Bypass Magic
|
Nov 09, 2023 |
|
Episode 43: Caido - The Up-And-Coming HTTP Proxy
|
Nov 02, 2023 |
|
Episode 42: Renniepak Interview & Intigriti LHE Recap
|
Oct 26, 2023 |
|
Episode 41: Mini Masterclass: Attack Vector Ideation
|
Oct 19, 2023 |
|
Episode 40: Bug Bounty Mentoring
|
Oct 12, 2023 |
|
Episode 39: The Art of Architectures
|
Oct 05, 2023 |
|
Episode 38: Mobile Hacking Maestro: Sergey Toshin
|
Sep 28, 2023 |
|
Episode 37: Tokyo Hacking & Interview with 0xLupin
|
Sep 21, 2023 |
|
Episode 36: Bug Bounty Ethics & CT Exclusive Bug Reports
|
Sep 14, 2023 |
|
Episode 35: King of Collaboration: Douglas Day
|
Sep 07, 2023 |
|
Episode 34: Program vs Hacker Debate
|
Aug 31, 2023 |
|
Episode 33: The Master of Hacker Show&Tell: Inti De Ceukelaire
|
Aug 24, 2023 |
|
Episode 32: The Great Write-up Low-down
|
Aug 17, 2023 |
|
Episode 31: Alex Chapman - The Man of Many Crits
|
Aug 10, 2023 |
|
Episode 30: Recon Legend Shubs - From Burgers to Bounties
|
Aug 03, 2023 |
|
Episode 29: Live Episode with Sean Yeoh - Assetnote Engineer
|
Jul 27, 2023 |
|
Episode 28: Surfin' with CSRFs
|
Jul 20, 2023 |
|
Episode 27: Top 7 Esoteric Web Vulnerabilities
|
Jul 13, 2023 |
|
Episode 26: Client-side Quirks & Browser Hacks
|
Jul 06, 2023 |
|
Episode 25: 2xMVH & Multi-million dollar hacker Inhibitor181
|
Jun 29, 2023 |
|
Episode 24: AI + Hacking with Daniel Miessler and Rez0
|
Jun 22, 2023 |
|
Episode 23: Hacker Loadouts
|
Jun 15, 2023 |
|
Episode 22: Chipping Away at Hardware Hacking
|
Jun 08, 2023 |
|
Episode 21: Chill Chat with Legendary DoD Hacker Corben Leo
|
Jun 01, 2023 |
|
Episode 20: Hacker Brain Hacks - Overcoming Bug Bounty's Mental Tolls
|
May 25, 2023 |
|
Episode 19: Audit Code, Earn Bounties (Part 2) + Zip-Snip, Sitecore, and more!
|
May 18, 2023 |
|
Episode 18: Audit Code, Earn Bounties
|
May 11, 2023 |
|
Episode 17: LA Live Chat with Five Legendary Hackers
|
May 04, 2023 |
|
Episode 16: The Hacker's Toolkit
|
Apr 20, 2023 |
|
Episode 15: The Israeli Million-Dollar Hacker
|
Apr 13, 2023 |
|
Episode 14: Mobile Hacking Dynamic Analysis w/ Frida + Random Hacker Stuff
|
Apr 06, 2023 |
|
Episode 13: How to Find a Good BBP + Acropalypse + ZDI
|
Mar 30, 2023 |
|
Episode 12: JHaddix on Hacker->Hacker CISO, OG Hacking Techniques, and Crazy Reports
|
Mar 23, 2023 |
|
Episode 11: CV$$, Web Cache Deception, and SSTI
|
Mar 16, 2023 |
|
Episode 10: The Life of a Full-Time Bug Bounty Hunter + BB News + Reports from Mentees
|
Mar 09, 2023 |
|
Episode 9: Headless Browser SSRF & RebindMultiA Tool Release + Web3 Bug
|
Mar 02, 2023 |
|
Episode 8: PostMessage Bugs, CSS Injection, and Bug Drops
|
Feb 22, 2023 |
|
Episode 7: PortSwigger Top 10, TruffleSecurity Drama, and More!
|
Feb 16, 2023 |
|
Episode 6: Mobile Hacking Attack Vectors with Teknogeek (Joel Margolis)
|
Feb 09, 2023 |
|
Episode 4: H1-407 Event Madness & Takeaways Part 2 w/ Special Guest Spaceraccoon
|
Feb 02, 2023 |
|
Episode 5: AI Security, Hacking WiFi, the New XSS Hunter, and more
|
Feb 02, 2023 |
|
Episode 3: H1-407 Event Madness & Takeaways Part 1
|
Jan 26, 2023 |
|
Episode 2: Exploit Writing & Automation / Do you need to know how to program to hack?
|
Jan 18, 2023 |
|
Episode 1: Introductions, Bug Bounty Reports, and BB Tips
|
Jan 10, 2023 |