<p>Episode 156: In this episode of Critical Thinking - Bug Bounty Podcast we answer some fantastic questions from over at <a target="_blank" rel="noopener noreferrer nofollow" href="http://bugbounty.forum">bugbounty.forum</a></p><p>Follow us on twitter at: <a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/ctbbpodcast">https://x.com/ctbbpodcast</a></p><p>Got any ideas and suggestions? Feel free to send us any feedback here: <a target="_blank" rel="noopener noreferrer nofollow" href="mailto:
[email protected]">
[email protected]</a></p><p>Shoutout to<a target="_blank" rel="noopener noreferrer nofollow" href="https://twitter.com/realytcracker"> YTCracker</a> for the awesome intro music!</p><p>====== Links ======</p><p>Follow your hosts Rhynorater, rez0 and gr3pme on X:</p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/Rhynorater">https://x.com/Rhynorater</a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/rez0__">https://x.com/rez0__</a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/gr3pme">https://x.com/gr3pme</a></p><p>====== Ways to Support CTBBPodcast ======</p><p>Hop on the CTBB Discord at <a target="_blank" rel="noopener noreferrer nofollow" href="https://ctbb.show/discord">https://ctbb.show/discord</a>!</p><p>We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.</p><p>You can also find some hacker swag at <a target="_blank" rel="noopener noreferrer nofollow" href="https://ctbb.show/merch">https://ctbb.show/merch</a>!</p><p>====== Resources ======</p><p>Critical Thinking Lab</p><p><a target="_blank" rel="noopener noreferrer nofollow" href="http://lab.ctbb.show">lab.ctbb.show</a></p><p>Cross-Site ETag Length Leak</p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://blog.arkark.dev/2025/12/26/etag-length-leak">https://blog.arkark.dev/2025/12/26/etag-length-leak</a></p><p>Clawdbot</p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://github.com/clawdbot/clawdbot/">https://github.com/clawdbot/clawdbot/</a></p><p>Post from Steve Caldwell</p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/moreconfetti/status/2006494133159162008">https://x.com/moreconfetti/status/2006494133159162008</a></p><p>====== Timestamps ======</p><p>(00:00:00) Introduction</p><p>(00:00:58) Crit Lab update</p><p>(00:04:36) Cross-Site ETag Length Leak</p><p>(00:13:26) Clawdbot</p><p>(00:16:56) Will bug hunting become obsolete, LHE invitations, and Fulltime vs Part time?</p><p>(00:30:52) 10 bugs at $5k or 1 bug at $5k, CTBB Background, & Future Plans</p><p>(00:38:32) Mentoring, Conquering Classes, and what angles we implement from the podcast</p><p>(00:49:27) Best approach on new targets, tips for making 500k in a year, AI/Vibecoding & Human in the Loop</p><p>(00:59:07) Mentally mapping the target, anti-patterns that waste time, and BB beliefs that were wrong.</p><p>(01:10:12) Tackling small scope, staying on one program, picking up after a break, & moving on</p><p>(01:17:41) Invisible elements that make the difference between $2k and $20k</p>
