Critical Thinking - Bug Bounty Podcast Podcast By Justin Gardner (Rhynorater) Joseph Thacker (Rez0) & Brandyn Murtagh (gr3pme) cover art

Critical Thinking - Bug Bounty Podcast

Critical Thinking - Bug Bounty Podcast

By: Justin Gardner (Rhynorater) Joseph Thacker (Rez0) & Brandyn Murtagh (gr3pme)
Listen for free

A "by Hackers for Hackers" podcast focused on technical content ranging from bug bounty tips, to write-up explanations, to the latest hacking techniques.

Critical Thinking Podcast
Episodes
  • Episode 170: Claude Code + Tmux, Websockets, and Other Korea LHE Takeaways

    Episode 170: Claude Code + Tmux, Websockets, and Other Korea LHE Takeaways
    Apr 16 2026

    Episode 170: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph their trip to Korea with some quick takeaways from the LHE.


    Follow us on twitter at: https://x.com/ctbbpodcast

    Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

    Shoutout to YTCracker for the awesome intro music!


    ====== Links ======

    Follow your hosts Rhynorater, rez0 and gr3pme on X:

    https://x.com/Rhynorater

    https://x.com/rez0__

    https://x.com/gr3pme


    Critical Research Lab:

    https://lab.ctbb.show/


    ====== Ways to Support CTBBPodcast ======

    Hop on the CTBB Discord at https://ctbb.show/discord!


    We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.


    You can also find some hacker swag at https://ctbb.show/merch!


    ====== Timestamps ======

    (00:00:00) Introduction

    (00:01:41) Google LHE Debrief

    (00:09:27) Old AI Exfils & AI report writing

    (00:18:14) Human Tokens

    (00:26:13) Protoscope & Caido Websocket Repeater
    Show more Show less
    33 mins
  • Episode 169: Attacking OAuth 2.1

    Episode 169: Attacking OAuth 2.1
    Apr 9 2026

    Episode 169: In this episode of Critical Thinking - Bug Bounty Podcast gr3pme goes over some of the changes from OAuth 2.0 vs 2.1 and how Hackers can capitalize.


    Follow us on twitter at: https://x.com/ctbbpodcast

    Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

    Shoutout to YTCracker for the awesome intro music!



    ====== Links ======

    Follow your hosts Rhynorater, rez0 and gr3pme on X:

    https://x.com/Rhynorater

    https://x.com/rez0__

    https://x.com/gr3pme


    Critical Research Lab:

    https://lab.ctbb.show/


    ====== Ways to Support CTBBPodcast ======

    Hop on the CTBB Discord at https://ctbb.show/discord!


    We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.


    You can also find some hacker swag at https://ctbb.show/merch!


    ====== This Week in Bug Bounty ======


    Intigriti is providing free Burp Pro for Hackers!

    https://www.intigriti.com/blog/news/intigriti-collaborates-with-portswigger-to-support-ethical-hacking-excellence


    ====== Resources ======

    Django-allauth Account Takeover (ZeroPath Audit)

    https://zeropath.com/blog/django-allauth-account-takeover-vulnerabilities


    CVE-2025-4144: Cloudflare Workers PKCE Bypass

    https://github.com/cloudflare/workers-oauth-provider/security/advisories/GHSA-qgp8-v765-qxx9


    CVE-2025-54576: OAuth2-Proxy Auth Bypass

    https://zeropath.com/blog/cve-2025-54576-oauth2-proxy-auth-bypass


    ====== Timestamps ======

    (00:00:00) Introduction

    (00:02:16) OAuth 2.0 Standards

    (00:12:08) Agent to Agent Communication

    (00:17:19) CVE Case studies
    Show more Show less
    30 mins
  • Episode 168: XSSDoctor - Client-side Path Traversal Research

    Episode 168: XSSDoctor - Client-side Path Traversal Research
    Apr 2 2026

    Episode 168: In this episode of Critical Thinking - Bug Bounty Podcast we’re getting a visit from the XSS Doctor. Jonathan joins us to go through his Client-side workflow, run labs, and diagnose some bugs live.


    Follow us on twitter at: https://x.com/ctbbpodcast

    Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

    Shoutout to YTCracker for the awesome intro music!


    ====== Links ======

    Follow your hosts Rhynorater, rez0 and gr3pme on X:

    https://x.com/Rhynorater

    https://x.com/rez0__

    https://x.com/gr3pme


    Critical Research Lab:

    https://lab.ctbb.show/


    ====== Ways to Support CTBBPodcast ======

    Hop on the CTBB Discord at https://ctbb.show/discord!


    We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.


    You can also find some hacker swag at https://ctbb.show/merch!


    Today’s Guest: https://x.com/xssdoctor


    ====== Resources ======


    The Dot-Dot-Slash That Frameworks Hand You: CSPT Across Every Major Frontend Framework

    https://lab.ctbb.show/research/the-dot-dot-slash-that-frameworks-hand-you


    URL validation bypass cheat sheet

    https://portswigger.net/web-security/ssrf/url-validation-bypass-cheat-sheet


    ====== Timestamps ======

    (00:00:00) Introduction

    (00:01:37) Home Automation AI Hack & E-signature bug stories

    (00:12:15) E-signature bug

    (00:17:01) XSS DR Intro and Bug Bounty Journey

    (00:31:51) CSPT Workflows

    (01:07:57) Wildcard Path Parameters

    (01:30:34) Custom Sinks
    Show more Show less
    1 hr and 36 mins
All stars
Most relevant
as someone who is still very new to the industry, I like listening to this podcast as I find the information very useful

great information

Something went wrong. Please try again in a few minutes.