PodcastsTechnologyCritical Thinking - Bug Bounty Podcast

Critical Thinking - Bug Bounty Podcast

Justin Gardner (Rhynorater), Joseph Thacker (Rez0), & Brandyn Murtagh (gr3pme)
Critical Thinking - Bug Bounty Podcast
Latest episode

184 episodes

  • Critical Thinking - Bug Bounty Podcast

    Episode 182: Partial Auth, Hackbot GraphQL, and AI's #1 Mission

    2026-07-09 | 39 mins.
    Episode 182: In this episode of Critical Thinking - Bug Bounty Podcast we talk about some recent bugs involving WPM, MCP, and a possible emerging bug class using Wayback. We also talk about some GraphQL Hackbot finds, and what AI’s #1 mission should be.

    Follow us on twitter at: https://x.com/ctbbpodcast
    Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io
    Shoutout to YTCracker for the awesome intro music!

    ====== Links ======
    Follow your hosts Rhynorater, rez0 and gr3pme on X:
    https://x.com/Rhynorater
    https://x.com/rez0__
    https://x.com/gr3pme

    Critical Research Lab:
    https://lab.ctbb.show/

    Need a Pentest? We just launched CTBB Pentests!
    https://pentest.ctbb.show/

    Hack full time? Check out the Full-Time Hunter’s Guild!
    https://ctbb.show/fthg

    ====== Ways to Support CTBBPodcast ======
    Hop on the CTBB Discord at https://ctbb.show/discord!

    We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

    You can also find some hacker swag at https://ctbb.show/merch!

    ====== This Week in Bug Bounty ======
    LeHack 2026 Recap
    https://event.yeswehack.com/events/lehack-2026

    Don’t eat the ChocoPoCs! How vulnerability researchers were repeatedly targeted by trojanised exploits
    https://www.yeswehack.com/fr/news/chocopocs-vulnerability-researchers-trojanised-exploits

    Navigating the AI Wave: How We're Keeping Security Research Meaningful
    https://www.hackerone.com/blog/ai-driven-report-volume-insights-and-actions

    ====== Resources ======
    Caido Skills
    https://github.com/caido/skills/pull/22

    Hunting For AWS Cognito Security
    Misconfigurations
    https://www.yassineaboukir.com/talks/NahamConEU2022.pdf

    X MCP
    https://docs.x.com/tools/mcp

    US South Summer Sessions: Hack the Heat
    https://h1.community/events/details/hackerone-us-south-hackerone-club-presents-us-south-summer-sessions-hack-the-heat/

    ====== Timestamps ======
    (00:00:00) Introduction
    (00:08:31) WPM Bug & Wayback to Guest Bearer
    (00:18:42) GraphQL Hackbot Finds, Fable Updates, & AI's #1 Mission
    (00:29:45) MCP, US South H1 Event, & AI Sandbox Escapes
  • Critical Thinking - Bug Bounty Podcast

    Episode 181: Bug Bounty Singularity

    2026-07-02 | 52 mins.
    Episode 181: In this episode of Critical Thinking - Bug Bounty Podcast Joseph and XSSDoctor talk about building a Hackbot.

    Follow us on twitter at: https://x.com/ctbbpodcast
    Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io
    Shoutout to YTCracker for the awesome intro music!

    ====== Links ======
    Follow your hosts Rhynorater, rez0 and gr3pme on X:
    https://x.com/Rhynorater
    https://x.com/rez0__
    https://x.com/gr3pme

    Critical Research Lab:
    https://lab.ctbb.show/

    Need a Pentest? We just launched CTBB Pentests!
    https://pentest.ctbb.show/

    Hack full time? Check out the Full-Time Hunter’s Guild!
    https://ctbb.show/fthg

    ====== Ways to Support CTBBPodcast ======
    Hop on the CTBB Discord at https://ctbb.show/discord!

    We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

    You can also find some hacker swag at https://ctbb.show/merch!

    Today's Sponsor: Check out Zero Trust Network Access:
    https://www.criticalthinkingpodcast.io/tl-ztna

    ====== Resources ======

    Are bug bounties cooked?
    https://hakluke.com/are-bug-bounties-cooked

    We built a Hackbot
    https://josephthacker.com/hacking/2026/07/01/we-built-a-hackbot.html

    ====== Timestamps ======
    (00:00:00) Introduction
    (00:07:22) Manual vs. AI Hacking
    (00:17:27) Building a Hackbot
    (00:23:53) Negatives of Hackbots
    (00:31:34) Logistics and Problems of Singularity
    (00:46:21) Successes
  • Critical Thinking - Bug Bounty Podcast

    Episode 180: State of Bug Bounty Maturity Posture Report

    2026-06-25 | 1h 12 mins.
    Episode 180: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Steve Hernandez, founder of the Bug Bounty Maturity Framework (BBMF), to walk us through the inaugural State of Bug Bounty Maturity Posture Report. We go through the scores and cover Asset Hygiene, Operational Signal, how to re-engage the relationship between trust and researcher participation.

    Follow us on twitter at: https://x.com/ctbbpodcast
    Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io
    Shoutout to YTCracker for the awesome intro music!

    ====== Links ======
    Follow your hosts Rhynorater, rez0 and gr3pme on X:
    https://x.com/Rhynorater
    https://x.com/rez0__
    https://x.com/gr3pme

    Critical Research Lab:
    https://lab.ctbb.show/

    Need a Pentest? We just launched CTBB Pentests!
    https://pentest.ctbb.show/

    Hack full time? Check out the Full-Time Hunter’s Guild!
    https://ctbb.show/fthg

    ====== Ways to Support CTBBPodcast ======
    Hop on the CTBB Discord at https://ctbb.show/discord!

    We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

    You can also find some hacker swag at https://ctbb.show/merch!

    Today’s Guest: https://x.com/SteveHernandezM
    Email Steve at info@bugbountymaturity.com

    Fill out this form to enter a Critical Thinkers raffle
    https://forms.ctbb.show/mdaz

    ====== Resources ======
    State of Bug Bounty Maturity Posture
    https://bugbountymaturity.com/research/state-of-bug-bounty-maturity-posture-2026

    Take the Bug Bounty Maturity Assessment
    https://bugbountymaturity.com/assessment

    AI Is Compressing the Bug Bounty Maturity Curve
    https://bugbountymaturity.com/research/ai-is-compressing-the-bug-bounty-maturity-curve

    ====== Timestamps ======
    (00:00:00) Introduction
    (00:04:09) State of Bug Bounty Maturity Posture
    (00:22:33) Researcher Interface & Program Trust
    (00:44:38) Maturity Bands and Scoring
    (01:08:19) AI Is Compressing the Bug Bounty Maturity Curve
  • Critical Thinking - Bug Bounty Podcast

    Episode 179: Maintaining Motivation in Post-AI Bug Bounty World

    2026-06-18 | 46 mins.
    Episode 179: In this episode of Critical Thinking - Bug Bounty Podcast we talk about how to stay motivated and keep the vibes strong during this trying time for Bug Bounty.

    Follow us on twitter at: https://x.com/ctbbpodcast
    Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io
    Shoutout to YTCracker for the awesome intro music!

    ====== Links ======
    Follow your hosts Rhynorater, rez0 and gr3pme on X:
    https://x.com/Rhynorater
    https://x.com/rez0__
    https://x.com/gr3pme

    Critical Research Lab:
    https://lab.ctbb.show/

    Need a Pentest? We just launched CTBB Pentests!
    https://pentest.ctbb.show/

    Hack full time? Check out the Full-Time Hunter’s Guild!
    https://ctbb.show/fthg

    ====== Ways to Support CTBBPodcast ======
    Hop on the CTBB Discord at https://ctbb.show/discord!

    We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

    You can also find some hacker swag at https://ctbb.show/merch!

    Today's Sponsor: Check out Zero Trust Cloud Access:
    https://www.threatlocker.com/capabilities/zero-trust-cloud-access

    ====== Timestamps ======
    (00:00:00) Introduction
    (00:04:57) Managing Hacker Motivation
    (00:10:45) Community, Competition, & Curosity
    (00:16:54) Using AI with Passion
    (00:23:10) The LHE Method & Sharing Wins
    (00:28:01) Video POCs, Scripts, & Talking about Bugs
    (00:40:49) Watching your health & stopping mid-hack
  • Critical Thinking - Bug Bounty Podcast

    Episode 178: 600k in ~3 months - BruteCat pt 2

    2026-06-11 | 1h 23 mins.
    Episode 178: In this episode of Critical Thinking - Bug Bounty Podcast we’re back with BruteCat to finish up our discussion on hacking Google. This week we hit AI.

    Follow us on twitter at: https://x.com/ctbbpodcast
    Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io
    Shoutout to YTCracker for the awesome intro music!

    ====== Links ======
    Follow your hosts Rhynorater, rez0 and gr3pme on X:
    https://x.com/Rhynorater
    https://x.com/rez0__
    https://x.com/gr3pme

    Critical Research Lab:
    https://lab.ctbb.show/

    Need a Pentest? We just launched CTBB Pentests!
    https://pentest.ctbb.show/

    Hack full time? Check out the Full-Time Hunter’s Guild!
    https://ctbb.show/fthg

    ====== Ways to Support CTBBPodcast ======
    Hop on the CTBB Discord at https://ctbb.show/discord!

    We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

    You can also find some hacker swag at https://ctbb.show/merch!

    Today’s Guest: https://x.com/brutecat

    ====== Resources ======
    Hacking Google with AI
    https://brutecat.com/articles/hacking-google-with-ai/

    ====== Timestamps ======
    (00:00:00) Introduction
    (00:03:07) Discovery Docs Refresher & AI at BugSWAT Mexico
    (00:30:49) Auth & Enumeration of Referer and Origin
    (00:45:59) Pwning Google Stories
    (01:09:32) Batch Execute & GraphQL
More Technology podcasts
About Critical Thinking - Bug Bounty Podcast
A "by Hackers for Hackers" podcast focused on technical content ranging from bug bounty tips, to write-up explanations, to the latest hacking techniques.
Podcast website

Listen to Critical Thinking - Bug Bounty Podcast, Better Offline and many other podcasts from around the world with the radio.net app

Get the free radio.net app

  • Stations and podcasts to bookmark
  • Stream via Wi-Fi or Bluetooth
  • Supports Carplay & Android Auto
  • Many other app features