Episodios

  • Episode 167: Stealing Bugs with Valeriy Shevchenko

    Episode 167: Stealing Bugs with Valeriy Shevchenko
    Mar 26 2026

    Episode 167: In this episode of Critical Thinking - Bug Bounty Podcast we welcome Valeriy Shevchenko to talk about program management, anchor programs, and Theft in Bug Bounty.


    Follow us on twitter at: https://x.com/ctbbpodcast

    Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

    Shoutout to YTCracker for the awesome intro music!


    ====== Links ======

    Follow your hosts Rhynorater, rez0 and gr3pme on X:

    https://x.com/Rhynorater

    https://x.com/rez0__

    https://x.com/gr3pme


    Critical Research Lab:

    https://lab.ctbb.show/


    ====== Ways to Support CTBBPodcast ======

    Hop on the CTBB Discord at https://ctbb.show/discord!


    We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.


    You can also find some hacker swag at https://ctbb.show/merch!


    Today's Sponsor: Check out ThreatLocker Ringfencing

    https://www.criticalthinkingpodcast.io/tl-rf


    Today’s Guest: https://x.com/Krevetk0Valeriy


    ====== This Week in Bug Bounty ======


    HackerOne’s Bug Bounty Maturity Framework:

    https://www.hackerone.com/blog/program-maturity-framework-bug-bounty-operations


    Intigriti is hiring a Product Security Analyst

    https://jobs.criticalthinkingpodcast.io/jobs/product-security-analyst-25ef4706


    ====== Resources ======


    Valeriy’s Blog

    https://krevetk0.medium.com/


    ====== Timestamps ======

    (00:00:00) Introduction

    (00:03:15) Valeriy's Bug story

    (00:19:48) Anchor Programs and Bug Hunting Motivation

    (00:29:50) Stealing Bugs
    Más Menos
    52 m
  • Episode 166: Rez0’s Top Claude Skill Secrets

    Episode 166: Rez0’s Top Claude Skill Secrets
    Mar 19 2026

    Episode 166: In this episode of Critical Thinking - Bug Bounty Podcast we talk about Rez0’s Claude Skill Secrets, when AI Generated reports fall apart, and agents vs filters.


    Follow us on twitter at: https://x.com/ctbbpodcast

    Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

    Shoutout to YTCracker for the awesome intro music!


    ====== Links ======

    Follow your hosts Rhynorater, rez0 and gr3pme on X:

    https://x.com/Rhynorater

    https://x.com/rez0__

    https://x.com/gr3pme


    Critical Research Lab:

    https://lab.ctbb.show/


    ====== Ways to Support CTBBPodcast ======

    Hop on the CTBB Discord at https://ctbb.show/discord!


    We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.


    You can also find some hacker swag at https://ctbb.show/merch!


    Today’s Sponsor: Adobe


    ====== This Week in Bug Bounty ======


    Intigriti launched their ambassadors program. https://www.intigriti.com/ambassador


    Adobe will be at Hack The Bay

    https://www.hackthebay.org/


    Bug Bounty Maturity Framework

    https://bugbountymaturity.com/


    ====== Resources ======

    h1-brain

    https://github.com/PatrikFehrenbach/h1-brain


    caido skills

    http://github.com/caido/skills


    Tweet from Karpathy

    https://x.com/karpathy/status/2031767720933634100?s=20


    Find every inefficiency in your Claude workflow with one prompt

    https://x.com/shannholmberg/status/2030605364421595468


    ====== Timestamps ======

    (00:00:00) Introduction

    (00:08:28) Claude skills

    (00:30:00) How AI Generated reports fall apart

    (00:38:44) Orchestration

    (00:49:10) Agents vs Folders
    Más Menos
    53 m
  • Episode 165: Protobuf Hacking, AI-Powered Bug Hunting, and Self-Improving Claude Workflows

    Episode 165: Protobuf Hacking, AI-Powered Bug Hunting, and Self-Improving Claude Workflows
    Mar 12 2026

    Episode 165: In this episode of Critical Thinking - Bug Bounty Podcast Justin recaps his Zero Trust World experience, before we dive into Permissions issues client-side bugs, New Hardware Hacking Classes, and using AI to hack.


    Follow us on twitter at: https://x.com/ctbbpodcast

    Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

    Shoutout to YTCracker for the awesome intro music!



    ====== Links ======

    Follow your hosts Rhynorater, rez0 and gr3pme on X:

    https://x.com/Rhynorater

    https://x.com/rez0__

    https://x.com/gr3pme


    Critical Research Lab:

    https://lab.ctbb.show/


    ====== Ways to Support CTBBPodcast ======

    Hop on the CTBB Discord at https://ctbb.show/discord!


    We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.


    You can also find some hacker swag at https://ctbb.show/merch!


    Today's Sponsor: Check out ThreatLocker Ringfencing

    https://www.criticalthinkingpodcast.io/tl-rf


    ====== Resources ======


    bbscope Update

    https://x.com/sw33tLie/status/2029344643154919720


    Matt Brown's Youtube Channel

    https://www.youtube.com/channel/UC3VDCeZYZH7mCihtMVHqppw


    Matt's Twitter:

    https://x.com/nmatt0


    MCP server for HackerOne to search reports

    https://x.com/OriginalSicksec/status/2029503063095124461?s=20


    Caido Skills

    https://github.com/caido/skills


    The Agentic Hacking Era: Ramblings and a Tool

    https://josephthacker.com/hacking/2026/03/06/the-agentic-hacking-era.html


    Announcing AI-driven Caido

    https://caido.io/blog/2026-03-06-caido-skill


    ====== Timestamps ======

    (00:00:00) Introduction

    (00:06:23) bbscope report dumping & Matt Brown Training

    (00:13:10) MCP server for HackerOne to search reports & protobuff success

    (00:24:24) Hacking Mics with Permissions issues client-side bugs

    (00:27:26) Can AI Hack things?
    Más Menos
    44 m
  • Episode 164: Tommy DeVoss: From Black Hat to Bug Bounty LEGEND

    Episode 164: Tommy DeVoss: From Black Hat to Bug Bounty LEGEND
    Mar 5 2026

    Episode 164: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Tommy DeVoss to talk about his origin story, Yahoo bugs, and how Tommy first got Justin into Bug Bounty


    Follow us on twitter at: https://x.com/ctbbpodcast

    Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

    Shoutout to YTCracker for the awesome intro music!



    ====== Links ======

    Follow your hosts Rhynorater, rez0 and gr3pme on X:

    https://x.com/Rhynorater

    https://x.com/rez0__

    https://x.com/gr3pme


    Critical Research Lab:

    https://lab.ctbb.show/


    ====== Ways to Support CTBBPodcast ======

    Hop on the CTBB Discord at https://ctbb.show/discord!


    We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.


    You can also find some hacker swag at https://ctbb.show/merch!


    Today’s Guest: https://x.com/thedawgyg


    ====== This Week in Bug Bounty ======


    Python pitfalls: Turning developer mistakes into vulnerabilities

    https://www.yeswehack.com/learn-bug-bounty/python-pitfalls-turning-developer-mistakes?utm_source=critical-thinking&utm_medium=sponsored&utm_campaign=article-research-python-pitfalls


    ====== Timestamps ======

    (00:00:00) Introduction

    (00:06:22) Yahoo SSRF

    (00:14:56) Tommy's Origin

    (00:44:10) Bug Bounty

    (00:51:47) SSRF Attraction, AI implementation, & Browser Hacking
    Más Menos
    1 h y 12 m
  • Episode 163: Best Technical Takeaways from Portswigger Top 10 2025

    Episode 163: Best Technical Takeaways from Portswigger Top 10 2025
    Feb 26 2026
    Episode 163: In this episode of Critical Thinking - Bug Bounty Podcast It’s that time of year again! We’re looking at the Portswigger Research list of top 10 web hacking techniques of 2025.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/ ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!====== Resources ======Parser Differentials: When Interpretation Becomes a Vulnerabilityhttps://www.youtube.com/watch?v=Dq_KVLXzxH8XSS-Leak: Leaking Cross-Origin Redirectshttps://blog.babelo.xyz/posts/cross-site-subdomain-leak/Playing with HTTP/2 CONNECThttps://blog.flomb.net/posts/http2connect/Next.js, cache, and chains: the stale elixirhttps://zhero-web-sec.github.io/research-and-things/nextjs-cache-and-chains-the-stale-elixirSOAPwn: Pwning .NET Framework Apps Through HTTP Client Proxies And WSDLhttps://watchtowr.com/wp-content/uploads/SOAPwnwatchtowr_soappwn-research-whitepaper_10-12-2025.pdfCross-Site ETag Length Leakhttps://blog.arkark.dev/2025/12/26/etag-length-leakLost in Translation: Exploiting Unicode Normalizationhttps://www.youtube.com/watch?v=ETB2w-f3pM4ORM Leaking More Than You Joined Forhttps://www.elttam.com/blog/leaking-more-than-you-joined-for/Novel SSRF Technique Involving HTTP Redirect Loopshttps://slcyber.io/research-center/novel-ssrf-technique-involving-http-redirect-loops/Successful Errors: New Code Injection and SSTI Techniqueshttps://github.com/vladko312/Research_Successful_Errors====== Timestamps ======(00:00:00) Introduction(00:02:33) Parser Differentials: When Interpretation Becomes a Vulnerability(00:11:02) XSS-Leak: Leaking Cross-Origin Redirects(00:18:25) Playing with HTTP/2 CONNECT(00:22:10) Next.js, cache, and chains: the stale elixir(00:29:15) SOAPwn: Pwning .NET Framework Apps Through HTTP Client Proxies And WSDL(00:34:27) Cross-Site ETag Length Leak(00:41:47) Lost in Translation: Exploiting Unicode Normalization(00:47:27) ORM Leaking More Than You Joined For(00:54:07) Novel SSRF Technique Involving HTTP Redirect Loops(00:58:40) Successful Errors: New Code Injection and SSTI Techniques
    Más Menos
    1 h y 8 m
  • Episode 162: HackerOne Training AI on Bug Bounty Data?

    Episode 162: HackerOne Training AI on Bug Bounty Data?
    Feb 19 2026
    Episode 162: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph sit down with HackerOne Founder & CTO Alex Rice to discuss concerns of Using Hacker Data for AI and decreasing bounties.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/ ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor: Join Justin at Zero Trust World in March and get $200 off registration with Code ZTWCTBB26https://ztw.com/Today’s Guest: https://x.com/senorarroz====== This Week in Bug Bounty ======XML external entity: The ultimate Bug Bounty guide to exploiting XXE vulnerabilitieshttps://www.yeswehack.com/learn-bug-bounty/xml-external-entity-guide-xxe?utm_source=Critical_Thinking&utm_medium=Youtube&utm_campaign=XXE_Critical_Thinking&utm_id=XXE_CTBug Bounty Maturity Frameworkhttps://bugbountymaturity.com/====== Resources ======Confidential Information and Confidentiality Obligationshttps://www.hackerone.com/terms/general#:~:text=HackerOne%20may%20use%20Confidential%20Information%20to%20develop%20and/or%20improve%20its%20Services%20(for%20example%2C%20to%20identify%20trends%2C%20and%20to%20train%20AI%20models)%20provided%20such%20use%20does%20not%20result%20in%20disclosure%20of%20Confidential%20Information%20to%20unauthorized%20third%20partiesOwnership and Licenseshttps://www.hackerone.com/terms/community#:~:text=8.%20Ownership%20and%20LicensesI argued with an AI regarding HackerOne using Hacker reports to train PtaaShttps://bugbounty.forum/post/183ff0fc-eb9e-47f8-991d-c0aa5b0bba71HackerOne PTaaS (likely training their AI on private reports data)https://www.reddit.com/r/bugbounty/comments/1r5hixk/hackerone_ptaas_likely_training_their_ai_on/What Makes Agentic PTaaS Different in Real Environmentshttps://www.hackerone.com/blog/agentic-penetration-testing-as-a-service#:~:text=Our%20agents%20are,real%20enterprise%20constraints====== Timestamps ======(00:00:00) Introduction(00:08:44) HackerOne AI Terms of Service (00:24:56) Agentic PTaaS(00:38:09) Selling data(00:43:49) Decrease in Bounties
    Más Menos
    53 m
  • Episode 161: Cross-Consumer Attacks & DTMF Tone Exfil

    Episode 161: Cross-Consumer Attacks & DTMF Tone Exfil
    Feb 12 2026

    Episode 161: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gives us some quick hits regarding CSRF and Cross Consumer Attacks, and also touches on some breaking questions surrounding HackerOne


    Follow us on twitter at: https://x.com/ctbbpodcast

    Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

    Shoutout to YTCracker for the awesome intro music!



    ====== Links ======

    Follow your hosts Rhynorater, rez0 and gr3pme on X:

    https://x.com/Rhynorater

    https://x.com/rez0__

    https://x.com/gr3pme


    Critical Research Lab:

    https://lab.ctbb.show/


    ====== Ways to Support CTBBPodcast ======

    Hop on the CTBB Discord at https://ctbb.show/discord!


    We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.


    You can also find some hacker swag at https://ctbb.show/merch!


    Today's Sponsor: Join Justin at Zero Trust World in March and get $200 off registration with Code ZTWCTBB26

    https://ztw.com/


    ====== This Week in Bug Bounty ======


    AS Watson

    https://app.intigriti.com/programs/aswatson/watsons/detail


    YesWeHack 2026 Report

    https://choose.yeswehack.com/bug-bounty-report-2026-trends-and-key-insights-yeswehack?utm_source=youtube&utm_medium=sponsor-critical-thinking&utm_campaign=yeswehack-report-2026


    ====== Resources ======


    PhoneLeak: Data Exfiltration in Gemini via Phone Call

    https://blog.starstrike.ai/posts/phoneleak-data-exfiltration-in-gemini-via-phone-call/


    Max's Tweet about decreasing bounties

    https://x.com/0xw2w/status/2020788164378427483


    HackerOne General Terms and Conditions

    https://www.hackerone.com/terms/general


    Research Review #-2: RCE in Google's AI code editor Antigravity (sudi)

    https://www.youtube.com/watch?v=JqvJSF2UMyY


    ====== Timestamps ======

    (00:00:00) Introduction

    (00:03:26) YesWeHack 2026 Report

    (00:09:12) CSRF Realizations & Data Exfiltration in Gemini via Phone Call

    (00:14:38) 7urb0's Youtube, HackerOne decreasing bounties and Section 3.1 controversy.

    (00:19:06) Cross Consumer Attacks
    Más Menos
    25 m
  • Episode 160: Cloudflare Zero-days & Mail Unsubscribing for XSS

    Episode 160: Cloudflare Zero-days & Mail Unsubscribing for XSS
    Feb 5 2026

    Episode 160: In this episode of Critical Thinking - Bug Bounty Podcast Joseph and Brandyn. Chat through some news, Including a Cloudflare Zero-day, Turning List-Unsubscribe into an SSRF/XSS Gadget, & Magic String Denial of Service in Claude.


    Follow us on twitter at: https://x.com/ctbbpodcast

    Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

    Shoutout to YTCracker for the awesome intro music!


    ====== Links ======

    Follow your hosts Rhynorater, rez0 and gr3pme on X:

    https://x.com/Rhynorater

    https://x.com/rez0__

    https://x.com/gr3pme


    Critical Research Lab:

    https://lab.ctbb.show/


    ====== Ways to Support CTBBPodcast ======

    Hop on the CTBB Discord at https://ctbb.show/discord!


    We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.


    You can also find some hacker swag at https://ctbb.show/merch!


    Today’s Sponsor: Adobe.

    Use code CTBB040126, and get a 10% bonus on your bounty for any AI vulnerability which is mapped to the OWASP LLM top 10.

    Valid on Adobe Acrobat Web - AI Assistant / PDF Spaces / Content Creation and presentation features using Express

    Adobe Express AI Assistant.

    Valid through April 1st, 2026


    Also we have a Google Cloud VRP Swag Bonus! Mention the podcast in any rewarded (cash or credit) VRP report submission before the end of April to receive bonus swag!


    ====== Resources ======

    Cloudflare Zero-day

    https://fearsoff.org/research/cloudflare-acme


    Turning List-Unsubscribe into an SSRF/XSS Gadget

    https://security.lauritz-holtmann.de/post/xss-ssrf-list-unsubscribe/


    Breaking Multi-Tenant Isolation in Heroku Postgres

    https://allistair.sh/blog/breaking-heroku-postgres/


    Parse and Parse: MIME Validation Bypass to XSS via Parser Differential

    https://lab.ctbb.show/research/parse-and-parse-mime-validation-bypass-to-xss-via-parser-differential


    Claude Magic String Denial of Service

    https://x.com/Frichette_n/status/2013988503336415522


    From WebView to Remote Code Injection

    https://djini.ai/from-webview-to-remote-code-injection/


    DOM XSS Is Not Dead: The Rise of Polyglot Payloads

    https://blogs.jsmon.sh/dom-xss-is-not-dead-the-rise-of-polyglot-payloads/


    ====== Timestamps ======

    (00:00:00) Introduction

    (00:06:17) Cloudflare Zero-day & Turning List-Unsubscribe into an SSRF/XSS Gadget

    (00:16:57) Breaking Multi-Tenant Isolation in Heroku Postgres & CTBB Research

    (00:25:46) Claude Magic String Denial of Service & From WebView to Remote Code Injection
    Más Menos
    45 m