Critical Thinking - Bug Bounty Podcast

Jaksot

• Episode 178: 600k in ~3 months - BruteCat pt 2 11.06.2026 1t 23min

  Episode 178: In this episode of Critical Thinking - Bug Bounty Podcast we’re back with BruteCat to finish up our discussion on hacking Google. This week we hit AI.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/ Need a Pentest? We just launched CTBB Pentests!https://pentest.ctbb.show/Hack full time? Check out the Full-Time Hunter’s Guild!https://ctbb.show/fthg====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today’s Guest: https://x.com/brutecat====== Resources ======Hacking Google with AIhttps://brutecat.com/articles/hacking-google-with-ai/====== Timestamps ======(00:00:00) Introduction(00:03:07) Discovery Docs Refresher & AI at BugSWAT Mexico(00:30:49) Auth & Enumeration of Referer and Origin(00:45:59) Pwning Google Stories(01:09:32) Batch Execute & GraphQL
• Episode 177: 2x Google RCE with VRP Legend Brutecat 04.06.2026 1t 25min

  Episode 177: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by BruteCat to talk about his journey hacking Google Cloud, Gmail, Youtube, and Google Phone.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/ Need a Pentest? We just launched CTBB Pentests!https://pentest.ctbb.show/Hack full time? Check out the Full-Time Hunter’s Guild!https://ctbb.show/fthg====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor: Check out Zero Trust Cloud Access from ThreatLockerhttps://www.criticalthinkingpodcast.io/tl-ztcaToday’s Guest: https://x.com/brutecat====== Resources ======StubZero: $148,337 RCE in Google Cloud Productionhttps://brutecat.com/articles/google-cloud-rce/Leaking the email of any YouTube user for $10,000https://brutecat.com/articles/leaking-youtube-emails/Disclosing YouTube Creator Emails for a $20k Bountyhttps://brutecat.com/articles/youtube-creator-emails/Leaking the phone number of any Google userhttps://brutecat.com/articles/leaking-google-phones/====== Timestamps ======(00:00:00) Introduction(00:29:14) 2nd RCE in Application Integration(00:39:55) BruteCat's Background & RCE Follow-up Questions(00:48:02) Google VRP and Youtube Bugs(01:10:17) Google Phone Leak(01:18:36) Discovery Docs and Episode 178 Teaser
• Episode 176: 600+ CVEs on Adobe AEM with Jim Green (GreenJam) 28.05.2026 1t 50min

  Episode 176: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by top Adobe hacker Jim Green to deep-dive AEM. We talk through Sling selectors, Permissions, and how to spot AEM Red Flags.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/ Need a Pentest? We just launched CTBB Pentests!https://pentest.ctbb.show/Hack full time? Check out the Full-Time Hunter’s Guild!https://ctbb.show/fthg====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today’s Sponsor: Adobe. Earn more for AI bugs with Adobe’s new AI Tier! https://blog.adobe.com/security/adobe-expands-bug-bounty-program-to-incentivize-ai-security-researchAlso don’t forget to also grab a 10% bonus for valid AI vulnerabilities in Adobe Stock and Lightroom Web. Use code: CTBB063026 in your report.Expires June 30, 2026. ====== This Week in Bug Bounty ======Scaling Bug Bounty triage in the AI era(https://www.yeswehack.com/security-best-practices/scaling-bug-bounty-triage-ai)The AI impact: a triager’s perspectivehttps://www.intigriti.com/blog/business-insights/the-ai-impact-a-triagers-perspective====== Resources ======Sling Selectors - The Key to Unlocking AEM's Attack Surfacehttps://greenjam.co.uk/blog/sling-selectors/Just a Moment CTFhttps://poc.greenjam.co.uk/just-a-moment.htmlGeneral XSS jquery .text()https://poc.greenjam.co.uk/text-xss.htmlURL XXS Challengehttps://poc.greenjam.co.uk/url-xss.html====== Timestamps ======(00:00:00) Introduction(00:04:35) Background and AEM Bug(00:17:40) Sling Selectors & the Tech Stack(00:38:14) Permissions & Apache Sling Resolution(01:01:37) The Bugs & AEM Red Flags(01:31:55) Moment in Time CTF(01:40:38) General XSS jquery .text()(01:45:45) URL XXS Challenge
• Episode 175: Rhyno’s Hackbot Setup, Sick Bugs, and ZDI Drama 21.05.2026 49min

  Episode 175: In this episode of Critical Thinking - Bug Bounty Podcast we’re comparing Hackbot setups and results. We also talk about some of the recent ZDI drama, as well as the importance of freaking beautiful POCsFollow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/ Need a Pentest? We just launched CTBB Pentests!https://pentest.ctbb.show/Hack full time? Check out the Full-Time Hunter’s Guild!https://ctbb.show/fthg====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor: Check out Zero Trust Cloud Access from ThreatLockerhttps://www.criticalthinkingpodcast.io/tl-ztca====== Resources ======Another day, another universal linux LPEhttps://x.com/v12sec/status/2054491454064746629ZDI Dramahttps://x.com/ryotkak/status/2052881664909660521Orange Tsai Bug on Edgehttps://x.com/thezdi/status/2054868495888777266Chompie's Exploit in NV Container Toolkithttps://x.com/chompie1337/status/2054882193055601140GitHub Security April bug bounty statshttps://x.com/GitHubSecurity/status/2054274356403138932====== Timestamps ======(00:00:00) Introduction(00:02:14) q param prompt injection & Mobile CSPT(00:14:17) Admin API Key MegaCrit(00:17:13) Hackbots(00:37:10) Pretty POCs and ZDI Drama(00:44:48) GitHub Security April Stats
• Episode 174: Saving Bug Bounty Programs + AMPScript, tessl & GPT-5.5 14.05.2026 1t 9min

  Episode 174: In this episode of Critical Thinking - Bug Bounty Podcast we follow up from last episode with some advice for BB platforms, as well as cover a slew of writeups from Searchlight Cyber, watchTowr, and Starstrike.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/ ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Need a Pentest? We just launched CTBB Pentests!https://pentest.ctbb.show/Hack full time? Check out the Full-Time Hunter’s Guild!https://ctbb.show/fthg====== This Week in Bug Bounty ======COST, AI frontier models and more: A measured take on the future of security testinghttps://www.yeswehack.com/security-best-practices/cost-mythos-future-security-testingCommon AI misconceptions debugged!https://www.intigriti.com/blog/business-insights/common-misconceptions-debugged#trend-3-validity-ratios-remain-constant-ai-slop-isnt-rising-as-a-proportionBountySync + Socialhttps://luma.com/bountysync_social====== Resources ======Ghosts of Encryption Pasthttps://slcyber.io/research-center/ghosts-of-encryption-past-salesforce-exacttarget/tessl Skill Optimizerhttps://tessl.io/registry/tessl/skill-optimizer/0.8.0The Internet Is Falling Down, Falling Down, Falling Downhttps://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/High Fidelity Check for the cPanel Authentication Bypasshttps://slcyber.io/research-center/high-fidelity-check-for-the-cpanel-authentication-bypass-cve-2026-41940/Achieving Deterministic Prompt Injection Through Client-Side Feedback Loopshttps://blog.starstrike.ai/posts/achieving-deterministic-prompt-injection-through-client-side-feedback-loops/GPT-5.5: Mythos-Like Hacking, Open To Allhttps://xbow.com/blog/mythos-like-hacking-open-to-allRemote Command Execution in Google Cloud with Single Directory Deletionhttps://flatt.tech/research/posts/remote-command-execution-in-google-cloud-with-single-directory-deletion/?utm_source=bugbountydaily.com&utm_medium=referral====== Timestamps ======(00:00:00) Introduction(00:09:20) AMPScript(00:25:10) Tessl Skill Optimizer(00:33:07) cPanel & WHM Authentication Bypass(00:40:46) Advice for Bug Bounty Programs(00:50:07) Prompt Injection Through Client-Side Feedback Loops(00:54:37) GPT 5.5(01:01:00) Remote Command Execution in Google Cloud
• Episode 173: Bug Bounty is Dead and AI Killed it. 07.05.2026 1t 1min

  Episode 173: In this episode of Critical Thinking - Bug Bounty Podcast we’re talking about the negative effects that AI is having on the Bug Bounty scene as a whole. Is it over, or are we so back?Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/ ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor: Check out Zero Trust Cloud Access:https://www.criticalthinkingpodcast.io/tl-ztca====== Resources ======We want your feedback on this!https://forms.ctbb.show/future_of_bug_bountyEvolving the Android & Chrome VRPs for the AI Erahttps://bughunters.google.com/blog/evolving-the-android-chrome-vrps-for-the-ai-eraPaid Submissions?https://x.com/d0rsky/status/2047744193976742120Keep the Robots Out of the Gymhttps://danielmiessler.com/blog/keep-the-robots-out-of-the-gymIs my data used for model training?https://privacy.claude.com/en/articles/10023580-is-my-data-used-for-model-training====== Timestamps ======(00:00:00) Introduction(00:06:28) Network effects of Bug Bounty(00:31:55) Hopium/Copium(00:47:21) The Great Training Data Debate
• Episode 172: Source Code Review Meta Analysis 30.04.2026 51min

  Episode 172: In this episode of Critical Thinking - Bug Bounty Podcast trying out a new structure of episode: a Meta Analysis of sorts of many Source Code Review techniques. This episode features tips gathered from Shubs, Rafax, and FSI. Justin highlights best approaches, patterns, and common pitfalls.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/ ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today’s Sponsor: Adobe - Get 10% bonus for valid AI vulnerabilities in Adobe Stock and Lightroom Web. Use code: CTBB063026 in your report.Expires June 30, 2026. ====== This Week in Bug Bounty ======Open-source security testing: the Bug Bounty guide to code analysishttps://www.yeswehack.com/learn-bug-bounty/open-source-guide-code-analysis?utm_source=youtube&utm_medium=sponsor-critical-thinking&utm_campaign=open-source-guide-code-analysis====== Resources ======Abusing Windows, .NET quirks, and Unicode Normalization to exploit DNN (DotNetNuke)https://slcyber.io/research-center/abusing-windows-net-quirks-and-unicode-normalization-to-exploit-dnn-dotnetnuke/#:~:text=across%20different%20languages.-,A%20MUST%2DKNOW%20BEHAVIOUR%20OF%20PATH.COMBINE,-Another%20key%20implementation====== Timestamps ======(00:00:00) Introduction(00:06:49) Tracing Data Flow, knowing where your playload is landing, and developer mistakes.(00:17:33) Mapping the software(00:24:46) Sniffing for blood(00:31:54) Common Patterns and Pitfalls
• Episode 171: Path-Scoped Cookie Hacks with Uppercase & Post-based Raw Protobuf XSS 23.04.2026 22min

  Episode 171: In this episode of Critical Thinking - Bug Bounty Podcast Justin gives us some quick tips from his own hacking, including some clickjacking, using capital letters, and the potential value of leaking agesFollow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/ ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor: Check out ThreatLocker Ringfencinghttps://www.criticalthinkingpodcast.io/tl-rf====== Resources ======The ultimate Bug Bounty guide to OS command injection vulnerabilitieshttps://www.yeswehack.com/learn-bug-bounty/ultimate-guide-os-command-injection?utm_source=critical-thinking-podcast&utm_medium=youtube&utm_campaign=article-os-command-injectionCritical auth bypass in WordPress Azure AD SSO plugin due to missing OIDC id_token validationhttps://www.yeswehack.com/news/auth-bypass-wordpress-azure-plugin?utm_source=critical-thinking-podcast&utm_medium=youtube&utm_campaign=article-wordpress-bypass-pluginAituglo featured on YWHhttps://www.yeswehack.com/community/developer-aituglo-bug-bounty-storyAdobe will be sponsoring Ekoparty in Miami and hosting a live hacking event on May 21sthttps://ekoparty.org/ekoparty-miami-2026-super-live-hacking-event/====== Resources ======SVG clickjackinghttps://lyra.horse/blog/2025/12/svg-clickjacking/ ====== Timestamps ======(00:00:00) Introduction(00:06:35) Protobuff XSS(00:12:51) Leaking Age & CSPTs(00:15:59) Capital Letters and Clickjacking
• Episode 170: Claude Code + Tmux, Websockets, and Other Korea LHE Takeaways 16.04.2026 32min

  Episode 170: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph their trip to Korea with some quick takeaways from the LHE. Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/ ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!====== Timestamps ======(00:00:00) Introduction(00:01:41) Google LHE Debrief(00:09:27) Old AI Exfils & AI report writing(00:18:14) Human Tokens(00:26:13) Protoscope & Caido Websocket Repeater
• Episode 169: Attacking OAuth 2.1 09.04.2026 30min

  Episode 169: In this episode of Critical Thinking - Bug Bounty Podcast gr3pme goes over some of the changes from OAuth 2.0 vs 2.1 and how Hackers can capitalize.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/ ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor: Check out ThreatLocker Ringfencinghttps://www.criticalthinkingpodcast.io/tl-rf====== This Week in Bug Bounty ======Intigriti is providing free Burp Pro for Hackers!https://www.intigriti.com/blog/news/intigriti-collaborates-with-portswigger-to-support-ethical-hacking-excellence====== Resources ======Django-allauth Account Takeover (ZeroPath Audit)https://zeropath.com/blog/django-allauth-account-takeover-vulnerabilitiesCVE-2025-4144: Cloudflare Workers PKCE Bypasshttps://github.com/cloudflare/workers-oauth-provider/security/advisories/GHSA-qgp8-v765-qxx9CVE-2025-54576: OAuth2-Proxy Auth Bypasshttps://zeropath.com/blog/cve-2025-54576-oauth2-proxy-auth-bypass====== Timestamps ======(00:00:00) Introduction(00:02:16) OAuth 2.0 Standards(00:12:08) Agent to Agent Communication(00:17:19) CVE Case studies
• Episode 168: XSSDoctor - Client-side Path Traversal Research 02.04.2026 1t 35min

  Episode 168: In this episode of Critical Thinking - Bug Bounty Podcast we’re getting a visit from the XSS Doctor. Jonathan joins us to go through his Client-side workflow, run labs, and diagnose some bugs live.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/ ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today’s Guest: https://x.com/xssdoctor====== Resources ======The Dot-Dot-Slash That Frameworks Hand You: CSPT Across Every Major Frontend Frameworkhttps://lab.ctbb.show/research/the-dot-dot-slash-that-frameworks-hand-youURL validation bypass cheat sheethttps://portswigger.net/web-security/ssrf/url-validation-bypass-cheat-sheet====== Timestamps ======(00:00:00) Introduction(00:01:37) Home Automation AI Hack & E-signature bug stories(00:12:15) E-signature bug(00:17:01) XSS DR Intro and Bug Bounty Journey(00:31:51) CSPT Workflows(01:07:57) Wildcard Path Parameters (01:30:34) Custom Sinks
• Episode 167: Stealing Bugs with Valeriy Shevchenko 26.03.2026 51min

  Episode 167: In this episode of Critical Thinking - Bug Bounty Podcast we welcome Valeriy Shevchenko to talk about program management, anchor programs, and Theft in Bug Bounty.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/ ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor: Check out ThreatLocker Ringfencinghttps://www.criticalthinkingpodcast.io/tl-rfToday’s Guest: https://x.com/Krevetk0Valeriy====== This Week in Bug Bounty ======HackerOne’s Bug Bounty Maturity Framework:https://www.hackerone.com/blog/program-maturity-framework-bug-bounty-operationsIntigriti is hiring a Product Security Analysthttps://jobs.criticalthinkingpodcast.io/jobs/product-security-analyst-25ef4706====== Resources ======Valeriy’s Bloghttps://krevetk0.medium.com/====== Timestamps ======(00:00:00) Introduction(00:03:15) Valeriy's Bug story(00:19:48) Anchor Programs and Bug Hunting Motivation(00:29:50) Stealing Bugs
• Episode 166: Rez0’s Top Claude Skill Secrets 19.03.2026 53min

  Episode 166: In this episode of Critical Thinking - Bug Bounty Podcast we talk about Rez0’s Claude Skill Secrets, when AI Generated reports fall apart, and agents vs filters.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/ ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today’s Sponsor: Adobe====== This Week in Bug Bounty ======Intigriti launched their ambassadors program. https://www.intigriti.com/ambassadorAdobe will be at Hack The Bayhttps://www.hackthebay.org/Bug Bounty Maturity Frameworkhttps://bugbountymaturity.com/====== Resources ======h1-brainhttps://github.com/PatrikFehrenbach/h1-braincaido skillshttp://github.com/caido/skillsTweet from Karpathyhttps://x.com/karpathy/status/2031767720933634100?s=20Find every inefficiency in your Claude workflow with one prompthttps://x.com/shannholmberg/status/2030605364421595468====== Timestamps ======(00:00:00) Introduction(00:08:28) Claude skills(00:30:00) How AI Generated reports fall apart(00:38:44) Orchestration(00:49:10) Agents vs Folders
• Episode 165: Protobuf Hacking, AI-Powered Bug Hunting, and Self-Improving Claude Workflows 12.03.2026 44min

  Episode 165: In this episode of Critical Thinking - Bug Bounty Podcast Justin recaps his Zero Trust World experience, before we dive into Permissions issues client-side bugs, New Hardware Hacking Classes, and using AI to hack.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/ ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor: Check out ThreatLocker Ringfencinghttps://www.criticalthinkingpodcast.io/tl-rf====== Resources ======bbscope Updatehttps://x.com/sw33tLie/status/2029344643154919720Matt Brown's Youtube Channelhttps://www.youtube.com/channel/UC3VDCeZYZH7mCihtMVHqppwMatt's Twitter:https://x.com/nmatt0MCP server for HackerOne to search reportshttps://x.com/OriginalSicksec/status/2029503063095124461?s=20Caido Skillshttps://github.com/caido/skillsThe Agentic Hacking Era: Ramblings and a Toolhttps://josephthacker.com/hacking/2026/03/06/the-agentic-hacking-era.htmlAnnouncing AI-driven Caidohttps://caido.io/blog/2026-03-06-caido-skill====== Timestamps ======(00:00:00) Introduction(00:06:23) bbscope report dumping & Matt Brown Training(00:13:10) MCP server for HackerOne to search reports & protobuff success(00:24:24) Hacking Mics with Permissions issues client-side bugs(00:27:26) Can AI Hack things?
• Episode 164: Tommy DeVoss: From Black Hat to Bug Bounty LEGEND 05.03.2026 1t 11min

  Episode 164: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Tommy DeVoss to talk about his origin story, Yahoo bugs, and how Tommy first got Justin into Bug BountyFollow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/ ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today’s Guest: https://x.com/thedawgyg====== This Week in Bug Bounty ======Python pitfalls: Turning developer mistakes into vulnerabilitieshttps://www.yeswehack.com/learn-bug-bounty/python-pitfalls-turning-developer-mistakes?utm_source=critical-thinking&utm_medium=sponsored&utm_campaign=article-research-python-pitfalls====== Timestamps ======(00:00:00) Introduction(00:06:22) Yahoo SSRF(00:14:56) Tommy's Origin(00:44:10) Bug Bounty(00:51:47) SSRF Attraction, AI implementation, & Browser Hacking
• Episode 163: Best Technical Takeaways from Portswigger Top 10 2025 26.02.2026 1t 8min

  Episode 163: In this episode of Critical Thinking - Bug Bounty Podcast It’s that time of year again! We’re looking at the Portswigger Research list of top 10 web hacking techniques of 2025.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/ ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!====== Resources ======Parser Differentials: When Interpretation Becomes a Vulnerabilityhttps://www.youtube.com/watch?v=Dq_KVLXzxH8XSS-Leak: Leaking Cross-Origin Redirectshttps://blog.babelo.xyz/posts/cross-site-subdomain-leak/Playing with HTTP/2 CONNECThttps://blog.flomb.net/posts/http2connect/Next.js, cache, and chains: the stale elixirhttps://zhero-web-sec.github.io/research-and-things/nextjs-cache-and-chains-the-stale-elixirSOAPwn: Pwning .NET Framework Apps Through HTTP Client Proxies And WSDLhttps://watchtowr.com/wp-content/uploads/SOAPwnwatchtowr_soappwn-research-whitepaper_10-12-2025.pdfCross-Site ETag Length Leakhttps://blog.arkark.dev/2025/12/26/etag-length-leakLost in Translation: Exploiting Unicode Normalizationhttps://www.youtube.com/watch?v=ETB2w-f3pM4ORM Leaking More Than You Joined Forhttps://www.elttam.com/blog/leaking-more-than-you-joined-for/Novel SSRF Technique Involving HTTP Redirect Loopshttps://slcyber.io/research-center/novel-ssrf-technique-involving-http-redirect-loops/Successful Errors: New Code Injection and SSTI Techniqueshttps://github.com/vladko312/Research_Successful_Errors====== Timestamps ======(00:00:00) Introduction(00:02:33) Parser Differentials: When Interpretation Becomes a Vulnerability(00:11:02) XSS-Leak: Leaking Cross-Origin Redirects(00:18:25) Playing with HTTP/2 CONNECT(00:22:10) Next.js, cache, and chains: the stale elixir(00:29:15) SOAPwn: Pwning .NET Framework Apps Through HTTP Client Proxies And WSDL(00:34:27) Cross-Site ETag Length Leak(00:41:47) Lost in Translation: Exploiting Unicode Normalization(00:47:27) ORM Leaking More Than You Joined For(00:54:07) Novel SSRF Technique Involving HTTP Redirect Loops(00:58:40) Successful Errors: New Code Injection and SSTI Techniques
• Episode 162: HackerOne Training AI on Bug Bounty Data? 19.02.2026 53min

  Episode 162: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph sit down with HackerOne Founder & CTO Alex Rice to discuss concerns of Using Hacker Data for AI and decreasing bounties.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/ ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor: Join Justin at Zero Trust World in March and get $200 off registration with Code ZTWCTBB26https://ztw.com/Today’s Guest: https://x.com/senorarroz====== This Week in Bug Bounty ======XML external entity: The ultimate Bug Bounty guide to exploiting XXE vulnerabilitieshttps://www.yeswehack.com/learn-bug-bounty/xml-external-entity-guide-xxe?utm_source=Critical_Thinking&utm_medium=Youtube&utm_campaign=XXE_Critical_Thinking&utm_id=XXE_CTBug Bounty Maturity Frameworkhttps://bugbountymaturity.com/====== Resources ======Confidential Information and Confidentiality Obligationshttps://www.hackerone.com/terms/general#:~:text=HackerOne%20may%20use%20Confidential%20Information%20to%20develop%20and/or%20improve%20its%20Services%20(for%20example%2C%20to%20identify%20trends%2C%20and%20to%20train%20AI%20models)%20provided%20such%20use%20does%20not%20result%20in%20disclosure%20of%20Confidential%20Information%20to%20unauthorized%20third%20partiesOwnership and Licenseshttps://www.hackerone.com/terms/community#:~:text=8.%20Ownership%20and%20LicensesI argued with an AI regarding HackerOne using Hacker reports to train PtaaShttps://bugbounty.forum/post/183ff0fc-eb9e-47f8-991d-c0aa5b0bba71HackerOne PTaaS (likely training their AI on private reports data)https://www.reddit.com/r/bugbounty/comments/1r5hixk/hackerone_ptaas_likely_training_their_ai_on/What Makes Agentic PTaaS Different in Real Environmentshttps://www.hackerone.com/blog/agentic-penetration-testing-as-a-service#:~:text=Our%20agents%20are,real%20enterprise%20constraints====== Timestamps ======(00:00:00) Introduction(00:08:44) HackerOne AI Terms of Service (00:24:56) Agentic PTaaS(00:38:09) Selling data(00:43:49) Decrease in Bounties
• Episode 161: Cross-Consumer Attacks & DTMF Tone Exfil 12.02.2026 24min

  Episode 161: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gives us some quick hits regarding CSRF and Cross Consumer Attacks, and also touches on some breaking questions surrounding HackerOneFollow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/ ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor: Join Justin at Zero Trust World in March and get $200 off registration with Code ZTWCTBB26https://ztw.com/====== This Week in Bug Bounty ======AS Watsonhttps://app.intigriti.com/programs/aswatson/watsons/detailYesWeHack 2026 Reporthttps://choose.yeswehack.com/bug-bounty-report-2026-trends-and-key-insights-yeswehack?utm_source=youtube&utm_medium=sponsor-critical-thinking&utm_campaign=yeswehack-report-2026 ====== Resources ======PhoneLeak: Data Exfiltration in Gemini via Phone Callhttps://blog.starstrike.ai/posts/phoneleak-data-exfiltration-in-gemini-via-phone-call/Max's Tweet about decreasing bountieshttps://x.com/0xw2w/status/2020788164378427483HackerOne General Terms and Conditionshttps://www.hackerone.com/terms/generalResearch Review #-2: RCE in Google's AI code editor Antigravity (sudi)https://www.youtube.com/watch?v=JqvJSF2UMyY====== Timestamps ======(00:00:00) Introduction(00:03:26) YesWeHack 2026 Report(00:09:12) CSRF Realizations & Data Exfiltration in Gemini via Phone Call(00:14:38) 7urb0's Youtube, HackerOne decreasing bounties and Section    3.1 controversy.(00:19:06) Cross Consumer Attacks
• Episode 160: Cloudflare Zero-days & Mail Unsubscribing for XSS 05.02.2026 45min

  Episode 160: In this episode of Critical Thinking - Bug Bounty Podcast Joseph and Brandyn. Chat through some news, Including a Cloudflare Zero-day, Turning List-Unsubscribe into an SSRF/XSS Gadget, & Magic String Denial of Service in Claude.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/ ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today’s Sponsor: Adobe.Use code CTBB040126, and get a 10% bonus on your bounty for any AI vulnerability which is mapped to the OWASP LLM top 10.Valid on Adobe Acrobat Web - AI Assistant / PDF Spaces / Content Creation and presentation features using ExpressAdobe Express AI Assistant. Valid through April 1st, 2026Also we have a Google Cloud VRP Swag Bonus! Mention the podcast in any rewarded (cash or credit) VRP report submission before the end of April to receive bonus swag!====== Resources ======Cloudflare Zero-dayhttps://fearsoff.org/research/cloudflare-acmeTurning List-Unsubscribe into an SSRF/XSS Gadgethttps://security.lauritz-holtmann.de/post/xss-ssrf-list-unsubscribe/Breaking Multi-Tenant Isolation in Heroku Postgreshttps://allistair.sh/blog/breaking-heroku-postgres/Parse and Parse: MIME Validation Bypass to XSS via Parser Differentialhttps://lab.ctbb.show/research/parse-and-parse-mime-validation-bypass-to-xss-via-parser-differentialClaude Magic String Denial of Servicehttps://x.com/Frichette_n/status/2013988503336415522From WebView to Remote Code Injectionhttps://djini.ai/from-webview-to-remote-code-injection/DOM XSS Is Not Dead: The Rise of Polyglot Payloadshttps://blogs.jsmon.sh/dom-xss-is-not-dead-the-rise-of-polyglot-payloads/====== Timestamps ======(00:00:00) Introduction(00:06:17) Cloudflare Zero-day & Turning List-Unsubscribe into an SSRF/XSS Gadget(00:16:57) Breaking Multi-Tenant Isolation in Heroku Postgres & CTBB Research(00:25:46) Claude Magic String Denial of Service & From WebView to Remote Code Injection
• Episode 159: Avoiding Downgrades on Google Cloud VRP with Cote and Darby Hopkins 29.01.2026 1t 46min

  Episode 159: In this episode of Critical Thinking - Bug Bounty Podcast we sit down with the Google Cloud VRP Team to deep-dive policy and reward changes, what the panel process looks like, and how to best configure for success.Follow us on XGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X:====== Ways to Support CTBBPodcast ======Hop on the CTBB DiscordWe also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Get some hacker swagToday's Sponsor: Join Justin at Zero Trust World in March and get $200 off registration with Code ZTWCTBB26https://ztw.com/Google Cloud VRP Swag Bonus! Mention the podcast in any rewarded (cash or credit) VRP report submission before the end of April to receive bonus swag!Today’s Guests:Darby HopkinsMichael Cote====== This Week in Bug Bounty ======AI Red Teaming Explained by AI Red TeamersGood Faith AI Research Safe HarborJoin the Adobe LHE at NULLCON GOA====== Resources ======‘Legendary Guy’ - Jakub DomerackiGoogle Cloud VRP rewards rulesGoogle Cloud VRP product tiersBug Hunters blog on the 2025 Google Cloud VRP bugSWATGoogle VRP DiscordGoogle VRP on X====== Timestamps ======(00:00:00) Introduction(00:10:03) CloudVRP Bugswat Event Breakdown(00:16:40) VRP Policy & Rewards Changes(00:04:50) Panel Process(01:00:08) Configuring for Success & Avoiding Downgrades(01:33:47) Scenarios for Success