Critical Thinking - Bug Bounty Podcast

Episode 180: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Steve Hernandez, founder of the Bug Bounty Maturity Framework (BBMF), to walk us through the inaugural State of Bug Bounty Maturity Posture Report. We go through the scores and cover Asset Hygiene, Operational Signal, how to re-engage the relationship between trust and researcher participation.

Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!

====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
https://x.com/Rhynorater
https://x.com/rez0__
https://x.com/gr3pme

Critical Research Lab:
https://lab.ctbb.show/

Need a Pentest? We just launched CTBB Pentests!
https://pentest.ctbb.show/

Hack full time? Check out the Full-Time Hunter’s Guild!
https://ctbb.show/fthg

====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today’s Guest: https://x.com/SteveHernandezM
Email Steve at info@bugbountymaturity.com

Fill out this form to enter a Critical Thinkers raffle
https://forms.ctbb.show/mdaz

====== Resources ======
State of Bug Bounty Maturity Posture
https://bugbountymaturity.com/research/state-of-bug-bounty-maturity-posture-2026

Take the Bug Bounty Maturity Assessment
https://bugbountymaturity.com/assessment

AI Is Compressing the Bug Bounty Maturity Curve
https://bugbountymaturity.com/research/ai-is-compressing-the-bug-bounty-maturity-curve

====== Timestamps ======
(00:00:00) Introduction
(00:04:09) State of Bug Bounty Maturity Posture
(00:22:33) Researcher Interface & Program Trust
(00:44:38) Maturity Bands and Scoring
(01:08:19) AI Is Compressing the Bug Bounty Maturity Curve

Episode 179: In this episode of Critical Thinking - Bug Bounty Podcast we talk about how to stay motivated and keep the vibes strong during this trying time for Bug Bounty.

Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!

====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
https://x.com/Rhynorater
https://x.com/rez0__
https://x.com/gr3pme

Critical Research Lab:
https://lab.ctbb.show/

Need a Pentest? We just launched CTBB Pentests!
https://pentest.ctbb.show/

Hack full time? Check out the Full-Time Hunter’s Guild!
https://ctbb.show/fthg

====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today's Sponsor: Check out Zero Trust Cloud Access:
https://www.threatlocker.com/capabilities/zero-trust-cloud-access

====== Timestamps ======
(00:00:00) Introduction
(00:04:57) Managing Hacker Motivation
(00:10:45) Community, Competition, & Curosity
(00:16:54) Using AI with Passion
(00:23:10) The LHE Method & Sharing Wins
(00:28:01) Video POCs, Scripts, & Talking about Bugs
(00:40:49) Watching your health & stopping mid-hack

Episode 178: In this episode of Critical Thinking - Bug Bounty Podcast we’re back with BruteCat to finish up our discussion on hacking Google. This week we hit AI.

Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!

====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
https://x.com/Rhynorater
https://x.com/rez0__
https://x.com/gr3pme

Critical Research Lab:
https://lab.ctbb.show/

Need a Pentest? We just launched CTBB Pentests!
https://pentest.ctbb.show/

Hack full time? Check out the Full-Time Hunter’s Guild!
https://ctbb.show/fthg

====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today’s Guest: https://x.com/brutecat

====== Resources ======
Hacking Google with AI
https://brutecat.com/articles/hacking-google-with-ai/

====== Timestamps ======
(00:00:00) Introduction
(00:03:07) Discovery Docs Refresher & AI at BugSWAT Mexico
(00:30:49) Auth & Enumeration of Referer and Origin
(00:45:59) Pwning Google Stories
(01:09:32) Batch Execute & GraphQL

Episode 177: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by BruteCat to talk about his journey hacking Google Cloud, Gmail, Youtube, and Google Phone.

Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!

====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
https://x.com/Rhynorater
https://x.com/rez0__
https://x.com/gr3pme

Critical Research Lab:
https://lab.ctbb.show/

Need a Pentest? We just launched CTBB Pentests!
https://pentest.ctbb.show/

Hack full time? Check out the Full-Time Hunter’s Guild!
https://ctbb.show/fthg

====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today's Sponsor: Check out Zero Trust Cloud Access from ThreatLocker
https://www.criticalthinkingpodcast.io/tl-ztca

Today’s Guest: https://x.com/brutecat

====== Resources ======
StubZero: $148,337 RCE in Google Cloud Production
https://brutecat.com/articles/google-cloud-rce/

Leaking the email of any YouTube user for $10,000
https://brutecat.com/articles/leaking-youtube-emails/

Disclosing YouTube Creator Emails for a $20k Bounty
https://brutecat.com/articles/youtube-creator-emails/

Leaking the phone number of any Google user
https://brutecat.com/articles/leaking-google-phones/

====== Timestamps ======
(00:00:00) Introduction
(00:29:14) 2nd RCE in Application Integration
(00:39:55) BruteCat's Background & RCE Follow-up Questions
(00:48:02) Google VRP and Youtube Bugs
(01:10:17) Google Phone Leak
(01:18:36) Discovery Docs and Episode 178 Teaser

Episode 176: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by top Adobe hacker Jim Green to deep-dive AEM. We talk through Sling selectors, Permissions, and how to spot AEM Red Flags.

Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!

====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
https://x.com/Rhynorater
https://x.com/rez0__
https://x.com/gr3pme

Critical Research Lab:
https://lab.ctbb.show/

Need a Pentest? We just launched CTBB Pentests!
https://pentest.ctbb.show/

Hack full time? Check out the Full-Time Hunter’s Guild!
https://ctbb.show/fthg

====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today’s Sponsor: Adobe. Earn more for AI bugs with Adobe’s new AI Tier! https://blog.adobe.com/security/adobe-expands-bug-bounty-program-to-incentivize-ai-security-research

Also don’t forget to also grab a 10% bonus for valid AI vulnerabilities in Adobe Stock and Lightroom Web. Use code: CTBB063026 in your report.
Expires June 30, 2026.

====== This Week in Bug Bounty ======
Scaling Bug Bounty triage in the AI era
(https://www.yeswehack.com/security-best-practices/scaling-bug-bounty-triage-ai)

The AI impact: a triager’s perspective
https://www.intigriti.com/blog/business-insights/the-ai-impact-a-triagers-perspective

====== Resources ======
Sling Selectors - The Key to Unlocking AEM's Attack Surface
https://greenjam.co.uk/blog/sling-selectors/

Just a Moment CTF
https://poc.greenjam.co.uk/just-a-moment.html

General XSS jquery .text()
https://poc.greenjam.co.uk/text-xss.html

URL XXS Challenge
https://poc.greenjam.co.uk/url-xss.html

====== Timestamps ======
(00:00:00) Introduction
(00:04:35) Background and AEM Bug
(00:17:40) Sling Selectors & the Tech Stack
(00:38:14) Permissions & Apache Sling Resolution
(01:01:37) The Bugs & AEM Red Flags
(01:31:55) Moment in Time CTF
(01:40:38) General XSS jquery .text()
(01:45:45) URL XXS Challenge