Critical Thinking - Bug Bounty Podcast
Justin Gardner (Rhynorater) & Joel Margolis (teknogeek)
A "by Hackers for Hackers" podcast focused on technical content ranging from bug bounty tips, to write-up explanations, to the latest hacking techniques.
- 1 hour 16 minutesEpisode 153: Hacking the Robots of the Future: Hardware, AI, and Bug Bounties with Matt Brown
Episode 153: In this episode of Critical Thinking - Bug Bounty Podcast Matt Brown returns to talk with us about hacking robots, IOT hackbots, and his Zero-to-Hero Hardware Hacking Guide.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today’s Guest: Matt Brown
====== Resources ======
KeeYees USB Logic Analyzer Device
Hardware Hacking Tutorial by Make Me Hack
UART and SPI firmware extraction
UART Root Shell on Linux Router
UART Shell Jail and Unlocked Bootloader
Chinese IP Camera Firmware Extraction
====== Timestamps ======
(00:00:00) Introduction
(00:01:22) Incremental Session Token Story and Matt Brown Intro
(00:10:42) Hardware Bug Bounty Scene & AI on Devices
(00:24:30) Hacking Human Robot
(00:41:33) Zero-to-Hero Hardware Hacking Guide
(01:01:47) IOT Hackbot
18 December 2025, 11:00 am - 1 hour 21 minutesEpisode 152: GeminiJack and Agentic Security with Sasi Levi
Episode 152: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Sasi Levi from Noma Security to talk about AI and Agentic Security. We also talk about ForcedLeak, a Google Vertex Bug, and debate if Prompt Injection is a real Vuln.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
CHeck out our New Christmas Swag at https://ctbb.show/merch!
Today's Sponsor: ThreatLocker. Check out ThreatLocker Elevation Control
And Noma Security! https://noma.security/
Today’s Guest: https://x.com/sasi2103
====== This Week in Bug Bounty ======
Dedicated HackerOne program for Vercel WAF
YesWeHack Open Source Programs
Android recon for Bug Bounty hunters
====== Resources ======
ForcedLeak: AI Agent risks exposed in Salesforce AgentForce
Is Prompt Injection a Vulnerability?
====== Timestamps ======
(00:00:00) Introduction
(00:09:16) Google Vertex AI Bug
(00:29:28) Sasi's Background and Bug Bounty Journey
(00:38:55) Resources for AI and Agentic Security Methodology
(00:50:34) ForcedLeak
(01:02:06) Is Prompt Injection a Vuln?
11 December 2025, 11:00 am - 1 hour 7 minutesEpisode 151: Client-side Advanced Topics
Episode 151: In this episode of Critical Thinking - Bug Bounty Podcast we’re covering Client-side advanced topics. Justin talks Joseph (and us) through Third-Party Cookie Nuances, Iframe Tricks, URL Parsing, and more.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today's Sponsor: ThreatLocker. Check out ThreatLocker Elevation Control
====== Resources ======
Nowasky's Tweet #1
https://x.com/nowaskyjr/status/1993421017381744974
Nowasky's Tweet #2
https://x.com/nowaskyjr/status/1992717862398800081
rep+ in Chrome DevTools
https://x.com/BourAbdelhadi/status/1992622964077179229
Terjanq Post from 2021
https://x.com/terjanq/status/1421093136022048775
====== Timestamps ======
(00:00:00) Introduction
(00:02:58) Client-side news & AI Updates
(00:12:02) Third-Party Cookie Nuances & PostMessages
(00:30:09) Iframe Tricks
(00:47:43) URL Parsing, CSPTS, and Client-side Routes
4 December 2025, 11:00 am - 57 minutes 20 secondsEpisode 150: ASP.NET MVC Patterns, Popping Oracle Identity, and Esoteric Subdomain Enumeration
Episode 150: In this episode of Critical Thinking - Bug Bounty Podcast we're highlighting some cool news and research, but not before expressing our gratitude to the Hacker community. We are so thankful for you all!
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today's Sponsor: ThreatLocker. Check out ThreatLocker Elevation Control
====== This Week in Bug Bounty ======
====== Resources ======
Breaking Oracle’s Identity Manager
ASP.NET MVC View Engine Search Patterns
Lesser known techniques for large-scale subdomain enum
Caido version of AssetNote Surf
====== Timestamps ======
(00:00:00) Introduction
(00:09:47) Breaking Oracle’s Identity Manager & Who Needs a Blind XSS?
(00:20:37) ASP.NET MVC View Engine Search Patterns & Heretic
(00:29:04) Lesser known techniques for large-scale subdomain enum
(00:35:29) Gemini 3 & Antigravity.
(00:45:57) Bug Bounty Daily
(00:52:42) Surf for Caido
27 November 2025, 11:00 am - 1 hour 2 minutesEpisode 149: DEFCON Debrief: AI Vulns, Unicode Weirdness, and Wild Vulnerability Chains
Episode 149: In this episode of Critical Thinking - Bug Bounty Podcast The DEFCON videos are up, and Justin and Joseph talk through some of their favorites.
Follow us on X
Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
====== Resources ======
Breaking into thousands of cloud based VPNs with 1 bug
Examining Access Control Vulnerabilities in GraphQL
Bypassing Intent Destination Checks
Gemini Agents in Google Calendar
Exploitation of DOM Clobbering Vuln at Scale
====== Timestamps ======
(00:00:00) Introduction
(00:10:10) Prompt. Scan. Exploit
(00:23:52) Breaking into thousands of cloud based VPNs with 1 bug
(00:33:25) Access Control Vulns in GraphQL, Smart Bus Hacking, & Passkeys Pwned
(00:44:10) Bypassing Intent Destination Checks & Invoking Gemini Agents
(00:57:08) DOM Clobbering, Mac PRT Cookie Theft, & Smart Devices, Dumb Resets
20 November 2025, 11:00 am - 32 minutes 26 secondsEpisode 148: MCP Hacking Guide
Episode 148: In this episode of Critical Thinking - Bug Bounty Podcast Justin gives us a crash course on Model Context Protocol.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
====== Timestamps ======
(00:00:00) Introduction
(00:02:51) MCP Architecture & Authentication
(00:13:08) Roots, Sampling, & Elicitation
(00:19:15) Tools and Resources
13 November 2025, 11:00 am - 58 minutes 48 secondsEpisode 147: Stupid Simple Hacking Workflow Tips
Episode 147: In this episode of Critical Thinking - Bug Bounty Podcast we're talking tips and tricks that help us in hacking that we really should’ve learned sooner.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today's Sponsor: ThreatLocker. Check out ThreatLocker Network Control
https://www.criticalthinkingpodcast.io/tl-nc
====== This Week in Bug Bounty ======
Netscaler's new program
https://hackerone.com/netscaler_public_program?type=team
The ultimate Bug Bounty guide to HTTP request smuggling vulnerabilities
https://www.yeswehack.com/learn-bug-bounty/http-request-smuggling-guide-vulnerabilities
Hackers now have 2 Request-a-Response
https://docs.bugcrowd.com/changelog/researchers/request-a-response-researcher/
Evan Connelly Spotlight
https://www.bugcrowd.com/blog/hacker-spotlight-evan-connelly/
Epic Games Jobs Openings
====== Timestamps ======
(00:00:00) Introduction
(00:09:23) Command Palette, Auto-decoding, & Evenbetter
(00:17:28) Chrome Devtools Edit as html & Raycast
(00:33:23) ffuf -request flag
(00:41:33) JXScout
(00:48:55) Conditional Breakpoints in Devtools & Lightning round tips
6 November 2025, 11:01 am - 1 hour 50 minutesEpisode 146: Hacking Horror Stories
Episode 146: In this episode of Critical Thinking - Bug Bounty Podcast Justin, Joseph, and Brandyn all sit down to celebrate the spooky season by swapping their scariest bug stories. From frightening fails and firings to hacks with chilling and critical consequences. Grab your flashlight and a blanket for this one!
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today's Sponsor: ThreatLocker. Check out ThreatLocker Network Control
https://www.criticalthinkingpodcast.io/tl-nc
====== This Week in Bug Bounty ======
Methodology tips from top Bug Bounty hunters
YesWeHack marks first year of partnership with Singapore’s Government
HackerOne Hacker-Powered Security Report
====== Resources ======
Hacking the World Poker Tour: Inside ClubWPT Gold’s Back Office
File Creation via SQLite Injection
====== Timestamps ======
(00:00:00) Introduction
(00:10:11) Crit Research Lab News
(00:21:31) Hacking the World Poker Tour & File Creation via SQLite Injection
(00:30:40) Brandyn's Spooky Bug
(00:38:02) Joseph's Spooky Bug
(00:44:18) Justin's Spooky Bug
(00:54:44) Banking Bugs, LHE Scares, and Workday weirdness.
(01:14:52) Firings and failures
(01:22:49) Bank Bug Redux
(01:35:55) Wedding planning/registry app & Amazon Rufus bugs
(01:40:52) New Relic bug
30 October 2025, 10:00 am - 28 minutes 17 secondsEpisode 145: Gr3pme's Secret: Bug Bounty Note Taking Methodology
Episode 145: In this episode of Critical Thinking - Bug Bounty Podcast Brandyn lets us in on some of his notetaking tips, including his Templates, Threat Modeling, and ways he uses notes to help with collaboration.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater, Rez0, & gr3pme on Twitter:
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today's Sponsor: ThreatLocker. Check out ThreatLocker Network Control
https://www.criticalthinkingpodcast.io/tl-nc
====== This Week in Bug Bounty ======
The minefield between syntaxes
https://www.yeswehack.com/learn-bug-bounty/syntax-confusion-ambiguous-parsing-exploits
====== Resources ======
Brandyn's Notion Template
https://terrific-dart-70e.notion.site/Example-Target-CTBB-294f4ca0f42481cca0b0ca6ac0a7c81d
====== Timestamps ======
(00:00:00) Introduction
(00:07:25) Templates, Target, and Tech Stack
(00:13:33) Threat Modeling and Attack Vectors
23 October 2025, 10:00 am - 52 minutes 40 secondsEpisode 144: Google’s Top AI Hackers: Busfactor and Monke
Episode 144: In this episode of Critical Thinking - Bug Bounty Podcast Joseph is joined by Vitor Falcão and Ciarán Cotter to discuss their success at the recent Mexico LHE, as well as their journey and routines in fulltime hacking.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater and Rez0 on Twitter:
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today's Sponsor: ThreatLocker. Check out ThreatLocker DAC
https://www.criticalthinkingpodcast.io/tl-dac
Today’s Guests:
Vitor Falcão
Ciarán Cotter
====== This Week in Bug Bounty======
Securing the Age of AI Autonomy: Priorities for 2026
https://www.hackerone.com/events/bionic-hacking
====== Resources ======
AI Vulnerability Reward Program Rules
My First 3 Months as a Full-Time Bug Bounty Hunter
https://vitorfalcao.com/posts/3-months-as-a-full-time-bug-bounty-hunter/
====== Timestamps ======
(00:00:00) Introduction
(00:02:32) Client side Bug Story & Vitor's BB journey
(00:13:59) Google LHE Mexico takeaways
(00:26:55) Full-time hunting reflections
(00:33:39) Hacking routines
(00:42:56) Hacking AI
16 October 2025, 10:00 am - 1 hour 4 minutesEpisode 143: New Cohost + Client-Side Gadgets, LHE Meta — Instant Global Admin in Entra!
Episode 143: In this episode of Critical Thinking - Bug Bounty Podcast Justin brings Brandyn back to announce him as our newest co-host. We chat about recent LHE experiences, and then break down some news.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater and Rez0 on Twitter:
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
====== This Week in Bug Bounty ======
YesWeHack won the European commission: https://www.yeswehack.com/news/european-commission-tender-won-yeswehack
YesWeHack now have authorised cve numbering authority: https://www.yeswehack.com/news/yeswehack-authorised-cve-numbering-authority
A wide range of highly used open source bug bounty program such as Log4J, Systemd, GNOME and a lot more:
https://event.yeswehack.com/events/open-the-code-source-the-bounty
====== Resources ======
Attributes reference inside HTML
Explaining XSS without parentheses and semi-colons
Beyond Sandbox Domains: Rendering Untrusted Web Content with SafeContentFrame
====== Timestamps ======
(00:00:00) Introduction
(00:03:16) LHE approaches and accomplishments
(00:30:54) Attributes reference inside HTML & Explaining XSS without parentheses and semi-colons
(00:44:33) One Token to rule them all
(00:57:13) Flareprox & Caido 101
9 October 2025, 10:00 am - More Episodes? Get the App