A "by Hackers for Hackers" podcast focused on technical content ranging from bug bounty tips, to write-up explanations, to the latest hacking techniques.
…
continue reading
A Podcast about bugs, bounties and its researchers. Hosted by Fisher.
…
continue reading
Episode 97: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel jump into some cool news items, including a recent Okta Bcrypt vulnerability, insights into crypto bugs, and some intricacies of Android and Chrome security. They also explore the latest research from Portswigger on payload concealment techniques, and the introduc…
…
continue reading
Episode 96: In this episode of Critical Thinking - Bug Bounty Podcast we’re back with Matanber to hit some stuff we ran out of time on last episode. We talk about advanced cookie parsing techniques and exploitation methods, Safari's unique behaviors regarding cookie handling and debugging methods, and some of the writeups from the HeroCTF v6. Follo…
…
continue reading
1
Episode 95: Attacking Chrome Extensions with MatanBer - Big Impact on the Client-Side
1:56:23
1:56:23
Відтворити пізніше
Відтворити пізніше
Списки
Подобається
Подобається
1:56:23
Episode 95: In this episode of Critical Thinking - Bug Bounty Podcast In this episode, Justin is joined by MatanBer to delve into the intricacies of browser extensions. We talk about the structure and threat models, and cover things like service workers, extension pages, and isolated worlds. Follow us on twitter at: @ctbbpodcast We're new to this p…
…
continue reading
Episode 94: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel give their perspectives on the recent Zendesk fiasco and the ethical considerations surrounding it. They also highlight the launch of AuthzAI and some research from Ophion Security Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel f…
…
continue reading
1
Episode 93: A Chat with Dr. Bouman - Life as a Hacker and a Doctor
1:41:29
1:41:29
Відтворити пізніше
Відтворити пізніше
Списки
Подобається
Подобається
1:41:29
Episode 93: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Dr. Jonathan Bouman to discuss his unique journey as both a Hacker and a Healthcare Professional. We talk through how he balances his dual careers, some ethical considerations of hacking in the context of healthcare, and highlight some experiences he’s had with Am…
…
continue reading
Episode 92: In this episode of Critical Thinking - Bug Bounty Podcast In this episode Justin and Joel tackle a host of new research and write-ups, including Ruby SAML, 0-Click exploits in MediaTek Wi-Fi, and Vulnerabilities caused by The Great Firewall Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us…
…
continue reading
1
Episode 91: Zero to LHE in 9 Months (feat gr3pme)
1:22:50
1:22:50
Відтворити пізніше
Відтворити пізніше
Списки
Подобається
Подобається
1:22:50
Episode 91: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner sits down with Critical Thinking’s own HackerNotes writer Brandyn Murtagh (gr3pme) to talk about his journey with Bug Bounty. We cover mentorship, networking and LHEs, ecosystem hacking, emotional regulation, and the need for self-care. Then we wrap up with some fu…
…
continue reading
Episode 90: In this episode of Critical Thinking - Bug Bounty Podcast Joel and Justin recap some of their recent hacking ups and downs and have a lively chat about Cursor. Then they cover some some research about SQL Injections, Clickjacking in Google Docs, and how to steal your Telegram account in 10 seconds. Follow us on twitter at: @ctbbpodcast …
…
continue reading
1
Episode 89: The Untapped Bug Bounty Landscape of IoT w/ Matt Brown
1:58:03
1:58:03
Відтворити пізніше
Відтворити пізніше
Списки
Подобається
Подобається
1:58:03
Episode 89: In this episode of Critical Thinking - Bug Bounty Podcast We’re joined live by Matt Brown to talk about his journey with hacking in the IoT. We cover the specializations and challenges in hardware hacking, and Matt’s personal Methodology. Then we switch over to touch on BGA Reballing, Certificate Pinning and Validation, and some of his …
…
continue reading
1
Episode 88: News, Tools, and Writeups
1:06:08
1:06:08
Відтворити пізніше
Відтворити пізніше
Списки
Подобається
Подобається
1:06:08
Episode 88: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel tackle a whole slate of new research including a new cheat sheet for URL validation bypass from Portswigger, the introduction of Sanic DNS as a high-speed DNS resolver, xsstools, and the Dockerization of Orange Confusion Attacks. Follow us on twitter at: @ctbbpodc…
…
continue reading
1
Episode 87: 'Hacker Wife' Mariah Gardner on Bug Bounty mentality and relationships
1:26:41
1:26:41
Відтворити пізніше
Відтворити пізніше
Списки
Подобається
Подобається
1:26:41
Episode 87: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with none other than his wife Mariah to talk about Bug Bounty from the perspective of a Significant Other. They share how they’ve traversed travel and Live Hacking Events, household chores, hobbies, goals, rewards, as well as how best to encourage and support the…
…
continue reading
Episode 86: In this episode of Critical Thinking - Bug Bounty Podcast Frans blows Justin’s mind with a sneak peak of his new presentation. Note: This is a little different from our normal episode, and video is recommended. So head over to ctbb.show/yt if you feel like you’re missing something. Follow us on twitter at: @ctbbpodcast We're new to this…
…
continue reading
1
Episode 85: Practical Applications of DEFCON 32 Web Research
1:30:30
1:30:30
Відтворити пізніше
Відтворити пізніше
Списки
Подобається
Подобається
1:30:30
Episode 85: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel talk through some of the research coming out of DEFCON, mainly from the PortSwigger team. Web timing attacks, cache exploitation, and exploits related to email protocols are all featured. Plus we also talk some fun Apache hacks from Orange Tsai Follow us on twitte…
…
continue reading
Episode 84: In this episode of Critical Thinking - Bug Bounty Podcast, Justin is joined by Roni Carta (@0xLupin) to discuss their MVH win at the recent Google LHE, and share some technical observations they had with the target and the event. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedba…
…
continue reading
Episode 83: In this episode of Critical Thinking - Bug Bounty Podcast Joel and Justin are brainstorming new features and improvements for Caido, such as the implementation of a 403 bypassing workflow, a text expander, Tracing Cookies, and more. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any fee…
…
continue reading
Episode 82: In this episode of Critical Thinking - Bug Bounty Podcast Joel Margolis discusses strategies and tips for part-time bug bounty hunting. He covers things like finding (and enforcing) balance, picking programs and goals, and streamlining your process to optimize productivity. Follow us on twitter at: @ctbbpodcast We're new to this podcast…
…
continue reading
1
Episode 81: Crushing Client-Side on Any Scope with MatanBer
2:04:48
2:04:48
Відтворити пізніше
Відтворити пізніше
Списки
Подобається
Подобається
2:04:48
Episode 81: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by MatanBer to go over some recent bug reports, as well as share some tips and tricks on client-side hacking and using DevTools effectively. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@…
…
continue reading
1
Episode 80: Pwn2Own VS H1 Live Hacking Event (feat SinSinology)
2:49:26
2:49:26
Відтворити пізніше
Відтворити пізніше
Списки
Подобається
Подобається
2:49:26
Episode 80: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by Sina Kheirkhah to talk about the start of his hacking journey and explore the differences between the Pwn2Own and HackerOne Events Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@critica…
…
continue reading
1
Episode 79: The State of CSS Injection - Leaking Text Nodes & HTML Attributes
1:10:25
1:10:25
Відтворити пізніше
Відтворити пізніше
Списки
Подобається
Подобається
1:10:25
Episode 79: In this episode of Critical Thinking - Bug Bounty Podcast we deepdive CSS injection, and explore topics like sequential import chaining, font ligatures, and attribute exfiltration. Follow us on twitter at: @ctbbpodcast Send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Li…
…
continue reading
1
Episode 78: Less Writing, More Hacking - Reporting Efficiency Techniques
1:06:25
1:06:25
Відтворити пізніше
Відтворити пізніше
Списки
Подобається
Подобається
1:06:25
Episode 78: In this episode of Critical Thinking - Bug Bounty Podcast we’re talking about writing reports. We share some tips that we’ve learned, and discuss ways that AI can (and can’t) help with that process. We also talk about the benefit of using tools like Fabric, Loom, and ShareX. Follow us on twitter at: @ctbbpodcast We're new to this podcas…
…
continue reading
1
Episode 77: Bug Bounty Mental - Practical Tips for Staying Sharp & Motivated
1:50:26
1:50:26
Відтворити пізніше
Відтворити пізніше
Списки
Подобається
Подобається
1:50:26
Episode 77: In this episode of Critical Thinking - Bug Bounty Podcast Joel and Justin discuss some fresh writeups including some MongoDB injections, ORMs, and exploits in Kakao and iOS before pivoting into a conversation about staying motivated and avoiding burnout while hunting. Follow us on twitter at: @ctbbpodcast We're new to this podcasting th…
…
continue reading
1
Episode 76: Match & Replace - HTTP Proxies' Most Underrated Feature
1:34:43
1:34:43
Відтворити пізніше
Відтворити пізніше
Списки
Подобається
Подобається
1:34:43
Episode 76: In this episode of Critical Thinking - Bug Bounty Podcast we’re talking about Match and Replace and the often overlooked use cases for it, like bypassing paywalls, modifying host headers, and storing payloads. We also talk about the HackerOne Ambassador World Cup and the issues with dupe submissions, and go through some write-ups. Follo…
…
continue reading
1
Episode 75: *Rerun* of The OG Bug Bounty King - Frans Rosen
2:44:52
2:44:52
Відтворити пізніше
Відтворити пізніше
Списки
Подобається
Подобається
2:44:52
Episode 75: In this episode of Critical Thinking - Bug Bounty Podcast, Justin and Joel are sick, So instead of a new full episode, we're going back 30 episodes to review. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the …
…
continue reading
1
Episode 74: Supply Chain Attack Primer - Popping RCE Without an HTTP Request (feat 0xLupin)
1:38:20
1:38:20
Відтворити пізніше
Відтворити пізніше
Списки
Подобається
Подобається
1:38:20
Episode 74: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Roni "Lupin" Carta for a deep dive into supply chain attacks and dependency confusion. We explore the supply chain attacks, the ethical considerations surrounding maintainers and hosting packages on public registries, and chat about the vision and uses of hi…
…
continue reading
Episode 73: In this episode of Critical Thinking - Bug Bounty Podcast we give a brief recap of Nahamcon and then touch on some topics like WAF bypass tools, sandboxed iframes, and programs redacting your reports. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkin…
…
continue reading
Episode 72: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel discuss some hot research from the past couple months. This includes ways to smuggle payloads in phone numbers and IPv6 Addresses, the NextJS SSRF, the PDF.JS PoC drop, and a GitHub Enterprise Indirect Method Information bug. Also, we have an attack vector feature…
…
continue reading
1
Episode 71: More VDP Chats & AI Bias Bounty Strats with Keith Hoodlet
1:45:21
1:45:21
Відтворити пізніше
Відтворити пізніше
Списки
Подобається
Подобається
1:45:21
Episode 71: In this episode of Critical Thinking - Bug Bounty Podcast Keith Hoodlet joins us to weigh in on the VDP Debate. He shares some of his insights on when VDPs are appropriate in a company's security posture, and the challenges of securing large organizations. Then we switch gears and talk about AI bias bounties, where Keith explains the ap…
…
continue reading
Episode 70: In this episode of Critical Thinking - Bug Bounty Podcast we’re once again joined by Ben Sadeghipour to talk about some Nahamcon news, as well as discuss a couple other LHE’s taking place. Then they cover CI/CD and drop some cool CSP Bypasses. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send…
…
continue reading
1
Episode 69: Johan Carlsson - 3 Month Check-in on Full-time Bug Bounty.
1:49:04
1:49:04
Відтворити пізніше
Відтворити пізніше
Списки
Подобається
Подобається
1:49:04
Episode 69: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Johan Carlsson to hear about some updates on his bug hunting journey. We deep-dive a CSP bypass he found in GitHub, a critical he found in GitLab's pipeline, and also talk through his approach to using script gadgets and adapting to highly CSP'd environments. Then…
…
continue reading
1
Episode 68: 0-days & HTMX-SS with Mathias
1:03:53
1:03:53
Відтворити пізніше
Відтворити пізніше
Списки
Подобається
Подобається
1:03:53
Episode 68: In this episode of Critical Thinking - Bug Bounty Podcast Mathias is back with some fresh HTMX research, including CSP bypass using HTMX triggers, converting client-side response header injection to XSS, bypassing HTMX disable, and the challenges of using HTMX in larger applications and the potential performance trade-offs. We also talk…
…
continue reading
1
Episode 67: VDPs & Accidental Program VS Hacker Debate Part 2
1:19:51
1:19:51
Відтворити пізніше
Відтворити пізніше
Списки
Подобається
Подобається
1:19:51
Episode 67: In this episode of Critical Thinking - Bug Bounty Podcast we deepdive on the topic of Vulnerability Disclosure Programs (VDPs) and whether they are beneficial or not. We also touch on the topic of leaderboard accuracy, and continue the Program VS Hacker debate regarding allocating funds for bounties. Follow us on twitter at: @ctbbpodcas…
…
continue reading
Episode 66: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel discuss the recent YesWeHack Louis Vuitton LHE, the importance of failure as growth in bug bounty, and Justin shares his research on CDN CGI. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@…
…
continue reading
1
Episode 65: Motivation and Methodology with Sam Curry (Zlz)
2:29:05
2:29:05
Відтворити пізніше
Відтворити пізніше
Списки
Подобається
Подобається
2:29:05
Episode 65: In this episode of Critical Thinking - Bug Bounty Podcast we sit down with Sam Curry to discuss the ethical considerations and effectiveness of hacking, the importance of good intent, and the enjoyment Sam derives from pushing the boundaries to find bugs. He shares stories of his experiences, including hacking Tesla, online casinos,Star…
…
continue reading
1
Episode 64: .NET Remoting, CDN Attack Surface, and Recon vs Main App
1:08:04
1:08:04
Відтворити пізніше
Відтворити пізніше
Списки
Подобається
Подобається
1:08:04
Episode 64: In this episode of Critical Thinking - Bug Bounty Podcast we talk about Justin and Joel delve into .NET remoting and how it can be exploited, a recent bypass in the Dom Purify library and some interesting functionality in the Cloudflare CDN-CGI endpoint. They also touch on the importance of collaboration and knowledge sharing, JavaScrip…
…
continue reading
1
Episode 63: JHaddix Returns
1:21:35
1:21:35
Відтворити пізніше
Відтворити пізніше
Списки
Подобається
Подобається
1:21:35
Episode 63: In this episode of Critical Thinking - Bug Bounty Podcast we welcome back Jason Haddix (From Episode 12) to talk about some updates to his The Bug Hunter's Methodology, as well as his own personal life and hacking journey. We talk about the start of his new company, and then venture into topics such as using threat intelligence and buyi…
…
continue reading
Episode 62: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel are back with some additional research resources that didn’t make the Portswigger Top-Ten, but that are worth looking at. Follow us on twitter at: @ctbbpodcast Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the aw…
…
continue reading
1
Episode 61: A Hacker on Wall Street - JR0ch17
1:27:00
1:27:00
Відтворити пізніше
Відтворити пізніше
Списки
Подобається
Подобається
1:27:00
Episode 61: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by Jasmin Landry to share some stories about startup security, bug bounty, and the challenges of balancing both. He also shares his methodology for discovering OAuth-related bugs, highlights some differences between structured learning and self-teaching, and then…
…
continue reading
1
Episode 60: Our Take on PortSwigger's Top 10 Web Hacking Techniques of 2023
1:24:37
1:24:37
Відтворити пізніше
Відтворити пізніше
Списки
Подобається
Подобається
1:24:37
Episode 60: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel review the Portswigger Research list of top 10 web hacking techniques of 2023. Follow us on twitter at: @ctbbpodcast Send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts…
…
continue reading
1
Episode 59: Bug Bounty Gadget Hunting & Hacker's Intuition
1:39:09
1:39:09
Відтворити пізніше
Відтворити пізніше
Списки
Подобається
Подобається
1:39:09
Episode 59: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel discuss the concept of gadgets and how they can be used to escalate the impact of vulnerabilities. We talk through things like HTML injection, image injection, CRLF injection, web cache deception, leaking window location, self-stored XSS, and much more. Follow us …
…
continue reading
1
Episode 58: Youssef Sammouda - Client-Side & ATO War Stories
1:54:51
1:54:51
Відтворити пізніше
Відтворити пізніше
Списки
Подобається
Подобається
1:54:51
Episode 58: In this episode of Critical Thinking - Bug Bounty Podcast we finally sit down with Youssef Samouda and grill him on his various techniques for finding and exploiting client-side bugs and postMessage vulnerabilities. He shares some crazy stories about race conditions, exploiting hash change events, and leveraging scroll to text fragments…
…
continue reading
Episode 57: In this episode of Critical Thinking - Bug Bounty Podcast, Justin and Joel are live from Miami, and recap their experience and share takeaways from the live hacking event. They highlight the importance of paying attention to client-side routing and the growing bug class of client-side path traversal. They also discuss the challenges of …
…
continue reading
1
Episode 56: Using Data Science to win Bug Bounty - Mayonaise (aka Jon Colston)
1:47:40
1:47:40
Відтворити пізніше
Відтворити пізніше
Списки
Подобається
Подобається
1:47:40
Episode 56: Using Data Science to win Bug Bounty - Mayonaise (aka Jon Colston) Episode 56: In this episode of Critical Thinking - Bug Bounty Podcast, Justin sits down with Jon Colston to discuss how his background in digital marketing and data science has influenced his hunting methodology. We dive into subjects like data sources, automation, worki…
…
continue reading
1
Episode 55: Popping WordPress Plugins - Methodology Braindump
1:44:04
1:44:04
Відтворити пізніше
Відтворити пізніше
Списки
Подобається
Подобається
1:44:04
Episode 55: In this episode of Critical Thinking - Bug Bounty Podcast, Justin is joined by Wordpress Security Researcher Ram Gall to discuss both functionality and vulnerabilities within Wordpress Plugins. Follow us on twitter Send us any feedback here: Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynora…
…
continue reading
1
Episode 54: White Box Formulas - Vulnerable Coding Patterns
1:12:38
1:12:38
Відтворити пізніше
Відтворити пізніше
Списки
Подобається
Подобається
1:12:38
Episode 54: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel are back with news items and new projects. Joel shares about his personal scraping project to gather data on bug bounty programs and distribution Next, they announce the launch of HackerNotes, a podcast companion that will summarize the main technical points of ea…
…
continue reading
1
Episode 53: 500k/yr as Full-Time Bug Hunter & Content Creator - Nahamsec
1:40:47
1:40:47
Відтворити пізніше
Відтворити пізніше
Списки
Подобається
Подобається
1:40:47
Episode 53: In this episode of Critical Thinking - Bug Bounty Podcast,we’re joined by none other than NahamSec. We start by discusses the challenges he faced on his journey in bug bounty hunting and content creation, including personal struggles and the pressure of success.We also talk about finding balance and managing mental energy, going the ext…
…
continue reading
1
Episode 52: Best Technical Content from Year 1 of CTBB Podcast
3:00:00
3:00:00
Відтворити пізніше
Відтворити пізніше
Списки
Подобається
Подобається
3:00:00
Episode 52: In this episode of Critical Thinking - Bug Bounty Podcast we're going back and highlighting some of the best technical moments from the past year! Hope you enjoy this best of 2023 Supercut! Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io…
…
continue reading
1
Episode 51: Hacker Stats 2023 & 2024 Goals
1:21:31
1:21:31
Відтворити пізніше
Відтворити пізніше
Списки
Подобається
Подобається
1:21:31
Episode 51: In this episode of Critical Thinking - Bug Bounty Podcast, Justin and Joel are back for the last episode of 2023. We discuss some noteworthy news items including a Hacker One Crit, Caido updates, and some Blind CSS. Then we dive into our own personal ‘Hackers Wrapped’ recap of the year, before laying out some goals for 2024. Follow us o…
…
continue reading
1
Episode 50: Mathias "Fall in a well" Karlsson - Bug Bounty Prophet
2:24:31
2:24:31
Відтворити пізніше
Відтворити пізніше
Списки
Подобається
Подобається
2:24:31
Episode 50: In this episode of Critical Thinking - Bug Bounty Podcast, Justin catches up with hacking master Mathias Karlsson, and talks about burnout, collaboration, and the importance of specialization. Then we dive into the technical details of MXSS and XSLT, character encoding, and give some predictions of what Bug Bounty might look like in the…
…
continue reading
Episode 49: In this episode of Critical Thinking - Bug Bounty Podcast, Justin Gardner is once again joined by Nagli to discuss some of their recent hacking discoveries. They talk about finding and exploiting a backup file in an ASP.NET app, discovering vulnerabilities through Swagger files, and debating the vulnerability of a specific ‘undisclosed’…
…
continue reading
1
Episode 48: MVH, DEFCON Black Badge, Googler - Sam Erb
1:36:45
1:36:45
Відтворити пізніше
Відтворити пізніше
Списки
Подобається
Подобається
1:36:45
Episode 48: In this episode, joined by the spectacular Sam Erb, Google Security Engineer and DEFCON Black Badge winner. We talk about the importance of understanding how systems work to find vulnerabilities, and how his engineering background influences his hunting style and methodologies. Then we jump over to his Career Development and his work wi…
…
continue reading