Podcast Guru LogoPodcast Guru LogosearchSearchDiscoverMy Podcasts
Apple App Store BadgeGoogle Play Badge
sign-inSign In
menu
close
sign-inSign In
Discover
My Podcasts
Apple App Store Badge
Google Play Badge
Critical Thinking - Bug Bounty Podcast
Critical Thinking - Bug Bounty Podcast

Critical Thinking - Bug Bounty Podcast

Justin Gardner (Rhynorater) & Joseph Thacker (Rez0)

Overview
Episodes

Details

A "by Hackers for Hackers" podcast focused on technical content ranging from bug bounty tips, to write-up explanations, to the latest hacking techniques.

Recent Episodes

Episode 115: Mentee to Career Hacker - Mokusou (So Sakaguchi)
MAR 20, 2025
Episode 115: Mentee to Career Hacker - Mokusou (So Sakaguchi)
<p>Episode 115: In this episode of Critical Thinking - Bug Bounty Podcast Justin and So Sakaguchi sit down to walk through some recent bugs, before having a live mentorship session. They also talk about Reflector, and finish up by doing a bonus podcast segment in Japanese!</p><p>Follow us on twitter at: <a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/ctbbpodcast">https://x.com/ctbbpodcast</a></p><p>Got any ideas and suggestions? Feel free to send us any feedback here: <a target="_blank" rel="noopener noreferrer nofollow" href="mailto:info@criticalthinkingpodcast.io">info@criticalthinkingpodcast.io</a></p><p>Shoutout to <a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/realytcracker">https://x.com/realytcracker</a> for the awesome intro music!</p><p><strong>====== Links ======</strong></p><p>Follow your hosts Rhynorater and Rez0 on Twitter: </p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/Rhynorater"><strong>https://x.com/Rhynorater</strong></a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/rez0__"><strong>https://x.com/rez0__</strong></a></p><p><strong>====== Ways to Support CTBBPodcast ======</strong></p><p>Hop on the CTBB Discord at <a target="_blank" rel="noopener noreferrer nofollow" href="https://ctbb.show/discord">https://ctbb.show/discord</a>!</p><p>We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.</p><p>You can also find some hacker swag at <a target="_blank" rel="noopener noreferrer nofollow" href="https://ctbb.show/merch">https://ctbb.show/merch</a>!</p><p>Today’s Sponsor: ThreatLocker Cloud Control - <a target="_blank" rel="noopener noreferrer nofollow" href="https://www.threatlocker.com/platform/cloud-control">https://www.threatlocker.com/platform/cloud-control</a></p><p>Today’s Guest: <a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/Mokusou4">https://x.com/Mokusou4</a></p><p><strong>====== Resources ======</strong></p><p>So's last appearance in episode 40</p><p><a target="_blank" rel="noopener noreferrer nofollow" href="http://ctbb.show/40">ctbb.show/40</a></p><p><strong>====== Timestamps ======</strong></p><p>(00:00:00) Introduction</p><p>(00:04:11) So's Facebook Bug</p><p>(00:14:37) So and Justin's Google Bug</p><p>(00:33:39) Live Mentorship Session</p><p>(00:56:29) Reflector</p><p>(01:13:22) Bonus - Podcast in Japanese</p>
play-circle
100 MIN
Episode 114: Single Page Application Hacking Playbook
MAR 13, 2025
Episode 114: Single Page Application Hacking Playbook
<p>Episode 114: In this episode of Critical Thinking - Bug Bounty Podcast we’re diving into SPA and how to attack them.We also cover a host of news items, including some bug write-ups, AI updates, and a new tool called Hackadvisor.</p><p>Follow us on twitter at: <a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/ctbbpodcast">https://x.com/ctbbpodcast</a></p><p>Got any ideas and suggestions? Feel free to send us any feedback here: <a target="_blank" rel="noopener noreferrer nofollow" href="mailto:info@criticalthinkingpodcast.io">info@criticalthinkingpodcast.io</a></p><p>Shoutout to<a target="_blank" rel="noopener noreferrer nofollow" href="https://twitter.com/realytcracker"> YTCracker</a> for the awesome intro music!</p><p><strong>====== Links ======</strong></p><p>Follow your hosts Rhynorater and Rez0 on Twitter: </p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/Rhynorater"><strong>https://x.com/Rhynorater</strong></a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/rez0__"><strong>https://x.com/rez0__</strong></a></p><p><strong>====== Ways to Support CTBBPodcast ======</strong></p><p>Hop on the CTBB Discord at <a target="_blank" rel="noopener noreferrer nofollow" href="https://ctbb.show/discord">https://ctbb.show/discord</a>!</p><p>We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.</p><p>You can also find some hacker swag at <a target="_blank" rel="noopener noreferrer nofollow" href="https://ctbb.show/merch">https://ctbb.show/merch</a>!</p><p>Today’s Sponsor: <a target="_blank" rel="noopener noreferrer nofollow" href="https://www.threatlocker.com/platform/cloud-control">ThreatLocker Cloud Control</a></p><p><strong>====== Resources ======</strong></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://vitorfalcao.com/posts/hacking-high-profile-targets/">Hacking High-Profile Bug Bounty Targets: Deep Dive into a Client-Side Chain</a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/trufflesec/status/1895170902872223752">Research finds 12,000 ‘Live’ API Keys and Passwords in DeepSeek's Training Data</a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://hackadvisor.io/programs">Hackadvisor</a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/yousukezan/status/1894703104421191835">WP Extensions</a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://notebooklm.google/">Notebook LM</a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/J0R1AN/status/1893667396658893125">Pressing Buttons with Popups</a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/RenwaX23/status/1893709501393489976">Response to @RenwaX23</a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/0xAsm0d3us/status/1896187800258830666">Prompt Injection Attacks for Dummies</a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://portswigger.net/research/shadow-repeater-ai-enhanced-manual-testing">Shadow Repeater</a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://github.com/microsoft/parallel-prettier">parallel-prettier</a></p><p><strong>====== Timestamps ======</strong></p><p>(00:00:00) Introduction</p><p>(00:02:15) Bug Write-up from @busf4ctor</p><p>(00:09:44) Scanning Common Crawl</p><p>(00:16:30) Hackadvisor and WP/Chrome Extension News</p><p>(00:24:15) Notebook LM, and Recent AI Updates</p><p>(00:31:58) Write-up from @J0R1AN and Related POC from @RenwaX23</p><p>(00:38:10) Prompt Injection Attacks for Dummies</p><p>(00:42:29) ShadowRepeater</p><p>(00:47:04) Single-page applications</p>
play-circle
82 MIN
Episode 113: Best Technical Takeaways from Portswigger Top 10 2024
MAR 6, 2025
Episode 113: Best Technical Takeaways from Portswigger Top 10 2024
<p>Episode 113: In this episode of Critical Thinking - Bug Bounty Podcast we’re breaking down the Portswigger Top 10 from 2024. There’s some bangers in here!</p><p>Follow us on X at: <a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/ctbbpodcast">https://x.com/ctbbpodcast</a></p><p>Got any ideas and suggestions? Feel free to send us any feedback here: <a target="_blank" rel="noopener noreferrer nofollow" href="mailto:info@criticalthinkingpodcast.io">info@criticalthinkingpodcast.io</a></p><p>Shoutout to<a target="_blank" rel="noopener noreferrer nofollow" href="https://twitter.com/realytcracker"> YTCracker</a> for the awesome intro music!</p><p><strong>====== Links ======</strong></p><p>Follow your hosts <a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/Rhynorater">Rhynorater</a> and <a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/rez0__">Rez0</a> on X: </p><p><strong>====== Ways to Support CTBBPodcast ======</strong></p><p>Hop on the <a target="_blank" rel="noopener noreferrer nofollow" href="https://ctbb.show/discord">CTBB Discord</a>!</p><p>We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.</p><p>You can also find some <a target="_blank" rel="noopener noreferrer nofollow" href="https://ctbb.show/merch">hacker swag</a>!</p><p><strong>====== Resources ======</strong></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://snyk.io/articles/hijacking-oauth-flows-via-cookie-tossing/">Hijacking OAUTH flows via Cookie Tossing</a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://nokline.github.io/bugbounty/2024/02/04/ChatGPT-ATO.html">ChatGPT Account Takeover - Wildcard Web Cache Deception</a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://blog.voorivex.team/oauth-non-happy-path-to-ato">OAuth Non-Happy Path to ATO</a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/">CVE-2024-4367 - Arbitrary JavaScript execution in PDF.js</a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://www.paulosyibelo.com/2024/12/doubleclickjacking-what.html">DoubleClickjacking: A New Era of UI Redressing</a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://blog.orange.tw/posts/2025-01-worstfit-unveiling-hidden-transformers-in-windows-ansi/">WorstFit: Unveiling Hidden Transformers in Windows ANSI</a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn%27t%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf">SQL Injection Isn't Dead: Smuggling Queries at the Protocol Level</a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://blog.orange.tw/posts/2024-08-confusion-attacks-en/">Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server</a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://labs.detectify.com/ethical-hacking/middleware-middleware-everywhere-and-lots-of-misconfigurations-to-fix/">Middleware, middleware everywhere – and lots of misconfigurations to fix</a></p><p><strong>====== Timestamps ======</strong></p><p>(00:00:00) Introduction</p><p>(00:09:56) Hijacking OAuth flows via Cookie Tossing</p><p>(00:17:30) ChatGPT Account Takeover</p><p>(00:25:28) OAuth Non-Happy Path to ATO</p><p>(00:29:24) CVE-2024-4367</p><p>(00:37:37) DoubleClickjacking:</p><p>(00:44:54) Exploring the DOMPurify library</p><p>(00:48:01) WorstFit</p><p>(00:56:29) Unveiling TE.0 HTTP Request Smuggling</p><p>(01:06:40) SQL Injection Isn't Dead: Smuggling Queries at the Protocol Level </p><p>(01:14:05) Confusion Attacks</p>
play-circle
89 MIN
Episode 112: Interview with Ciarán Cotter (MonkeHack) - Critical Lab Researcher and Full-time Hunter
FEB 27, 2025
Episode 112: Interview with Ciarán Cotter (MonkeHack) - Critical Lab Researcher and Full-time Hunter
<p>Episode 112: In this episode of Critical Thinking - Bug Bounty Podcast Joseph Thacker is joined by Ciarán Cotter (Monke) to share his bug hunting journey and give us the rundown on some recent client-side and server-side bugs. Then they discuss WebSockets, SaaS security, and cover some AI news including Grok 3, Nuclei -AI Flag, and some articles by Johann Rehberger.</p><p>Follow us on twitter at: <a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/ctbbpodcast">https://x.com/ctbbpodcast</a></p><p>Got any ideas and suggestions? Feel free to send us any feedback here: <a target="_blank" rel="noopener noreferrer nofollow" href="mailto:info@criticalthinkingpodcast.io">info@criticalthinkingpodcast.io</a></p><p>Shoutout to<a target="_blank" rel="noopener noreferrer nofollow" href="https://twitter.com/realytcracker"> YTCracker</a> for the awesome intro music!</p><p><strong>====== Links ======</strong></p><p>Follow your hosts Rhynorater and Rez0 on Twitter:</p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/Rhynorater"><strong>https://x.com/Rhynorater</strong></a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/rez0__"><strong>https://x.com/rez0__</strong></a></p><p><strong>====== Ways to Support CTBBPodcast ======</strong></p><p>Hop on the CTBB Discord at <a target="_blank" rel="noopener noreferrer nofollow" href="https://ctbb.show/discord">https://ctbb.show/discord</a>!</p><p>We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.</p><p>You can also find some hacker swag at <a target="_blank" rel="noopener noreferrer nofollow" href="https://ctbb.show/merch">https://ctbb.show/merch</a>!</p><p>Today’s Guest - Ciarán Cotter</p><ul><li><a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/monkehack">https://x.com/monkehack</a></li></ul><p><strong>====== Resources ======</strong></p><p>Msty</p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://msty.app/">https://msty.app/</a></p><p>From Day Zero to Zero Day</p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://nostarch.com/zero-day">https://nostarch.com/zero-day</a></p><p>Nuclei - ai flag</p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/pdiscoveryio/status/1890082913900982763">https://x.com/pdiscoveryio/status/1890082913900982763</a></p><p>ChatGPT Operator: Prompt Injection Exploits &amp; Defenses</p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://embracethered.com/blog/posts/2025/chatgpt-operator-prompt-injection-exploits/">https://embracethered.com/blog/posts/2025/chatgpt-operator-prompt-injection-exploits/</a></p><p>Hacking Gemini's Memory with Prompt Injection and Delayed Tool Invocation</p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://embracethered.com/blog/posts/2025/gemini-memory-persistence-prompt-injection/">https://embracethered.com/blog/posts/2025/gemini-memory-persistence-prompt-injection/</a></p><p><strong>====== Timestamps ======</strong></p><p>(00:00:00) Introduction</p><p>(00:01:04) Bug Rundowns</p><p>(00:13:05) Monke's Bug Bounty Background</p><p>(00:20:03) Websocket Research</p><p>(00:34:01) Connecting Hackers with Companies</p><p>(00:34:56) Grok 3, Msty, From Day Zero to Zero Day</p><p>(00:42:58) Full time Bug Bounty, SaaS security, and Threat Modeling while AFK</p><p>(00:54:49) Nuclei - ai flag, ChatGPT Operator, and Hacking Gemini's Memory</p>
play-circle
67 MIN
Episode 111: How to Bypass DOMPurify in Bug Bounty with Kevin Mizu
FEB 20, 2025
Episode 111: How to Bypass DOMPurify in Bug Bounty with Kevin Mizu
<p>Episode 111: In this episode of Critical Thinking - Bug Bounty Podcast Justin interviews Kevin Mizu to showcase his knowledge regarding DOMPurify and its misconfigurations. We walk through some of Kevin’s research, highlighting things like Dangerous allow-lists and URI Attributes, DOMPurify hooks, node manipulation, and DOM Clobbering.</p><p>Follow us on twitter at: <a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/ctbbpodcast">https://x.com/ctbbpodcast</a></p><p>Got any ideas and suggestions? Feel free to send us any feedback here: <a target="_blank" rel="noopener noreferrer nofollow" href="mailto:info@criticalthinkingpodcast.io">info@criticalthinkingpodcast.io</a></p><p>Shoutout to<a target="_blank" rel="noopener noreferrer nofollow" href="https://twitter.com/realytcracker"> YTCracker</a> for the awesome intro music!</p><p><strong>====== Links ======</strong></p><p>Follow your hosts Rhynorater and Rez0 on Twitter:</p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/Rhynorater"><strong>https://x.com/Rhynorater</strong></a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/rez0__"><strong>https://x.com/rez0__</strong></a></p><p><strong>====== Ways to Support CTBBPodcast ======</strong></p><p>Hop on the CTBB Discord at <a target="_blank" rel="noopener noreferrer nofollow" href="https://ctbb.show/discord">https://ctbb.show/discord</a>!</p><p>We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.</p><p>You can also find some hacker swag at <a target="_blank" rel="noopener noreferrer nofollow" href="https://ctbb.show/merch">https://ctbb.show/merch</a>!</p><p><strong>====== Resources ======</strong></p><p>Exploring the DOMPurify library: Bypasses and Fixes (1/2)</p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://mizu.re/post/exploring-the-dompurify-library-bypasses-and-fixes">https://mizu.re/post/exploring-the-dompurify-library-bypasses-and-fixes</a></p><p>Exploring the DOMPurify library: Hunting for Misconfigurations (2/2)</p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://mizu.re/post/exploring-the-dompurify-library-hunting-for-misconfigurations">https://mizu.re/post/exploring-the-dompurify-library-hunting-for-misconfigurations</a></p><p>Dom-Explorer tool</p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://yeswehack.github.io/Dom-Explorer/shared?id=772a440c-b0c2-4991-be71-3e271cf7954f">https://yeswehack.github.io/Dom-Explorer/shared?id=772a440c-b0c2-4991-be71-3e271cf7954f</a></p><p>CT Episode 61: A Hacker on Wall Street - JR0ch17</p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://www.criticalthinkingpodcast.io/episode-61-a-hacker-on-wall-street-jr0ch17/">https://www.criticalthinkingpodcast.io/episode-61-a-hacker-on-wall-street-jr0ch17/</a></p><p><strong>====== Timestamps ======</strong></p><p>(00:00:00) Introduction</p><p>(00:01:44) Kevin Mizu - Background and Bring-a-bug</p><p>(00:15:09) DOMPurify</p><p>(00:29:04) Misconfigurations - Dangerous allow-lists</p><p>(00:39:09) Dangerous URI attributes configuration</p><p>(00:46:08) Bad usage</p><p>(00:59:55) DOMPurify Hooks: before, after, and upon SanitizeAttribute</p><p>(01:29:15) Node manipulation, nodeName namespace case confusion, &amp; DOM Clobbering DOS</p><p>(01:36:51) Misc concepts for future research</p>
play-circle
109 MIN