For members-only perks and exclusive content, join our Discord server!

Episode 68: 0-days & HTMX-SS with Mathias

Episode 68: In this episode of Critical Thinking - Bug Bounty Podcast Mathias is back with some fresh HTMX research, including CSP bypass using HTMX triggers, converting client-side response header injection to XSS, bypassing...

The player is loading ...

Recent Episodes

View all

April 25, 2024

Episode 68: 0-days & HTMX-SS with Mathias

April 18, 2024

Episode 67: VDPs & Accidental Program VS Hacker Debate Part 2

Episode 67: In this episode of Critical Thinking - Bug Bounty Podcast we deepdive on the topic of Vulnerability Disclosure Programs (VDPs) and whether they are beneficial or not. We also touch on the topic of leaderboard acc…

April 11, 2024

Episode 66: CDN-CGI Resarch, Intent To Ship, and Louis Vuitton

Episode 66: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel discuss the recent YesWeHack Louis Vuitton LHE, the importance of failure as growth in bug bounty, and Justin shares his research on CDN C…

April 4, 2024

Episode 65: Motivation and Methodology with Sam Curry (Zlz)

Episode 65: In this episode of Critical Thinking - Bug Bounty Podcast we sit down with Sam Curry to discuss the ethical considerations and effectiveness of hacking, the importance of good intent, and the enjoyment Sam derive…

March 28, 2024

Episode 64: .NET Remoting, CDN Attack Surface, and Recon vs Main App

Episode 64: In this episode of Critical Thinking - Bug Bounty Podcast we talk about Justin and Joel delve into .NET remoting and how it can be exploited, a recent bypass in the Dom Purify library and some interesting functio…

March 21, 2024

Episode 63: JHaddix Returns

Episode 63: In this episode of Critical Thinking - Bug Bounty Podcast we welcome back Jason Haddix (From Episode 12) to talk about some updates to his The Bug Hunter's Methodology, as well as his own personal life and hackin…

View all Episodes

Join the Email List

About the Hosts

Justin Gardner (@rhynorater)

Full-time Bug Bounty Hunter

Justin is a full-time bug bounty hunter and top-ranked live hacking event competitor. He has taken home two Most Valuable Hacker awards and countless other 1st place & 2nd place trophies.

While Justin specializes in web hacking, he also dabbles in IoT and mobile hacking. He is also the HackerOne Ambassador for the Eastern US region.

Outside of hacking, Justin enjoys Volleyball, Brazilian Jiu Jitsu, and Real Estate investing.

Joel Margolis (@0xteknogeek)

AppSec @ Match Group

Joel is a appsec engineer at Match Group (the parent company of Tinder, Hinge, Plenty of Fish, OkCupid, Archer, and other dating apps). Joel is also a top bug bounty hunter and has participated and received awards in 30+ live hacking events.

Joel also has experience running a bug bounty program from his time with Uber and Tinder, so he understands the program side as well.

Outside of hacking, Joel enjoys hanging, playing Jazz music, playing with his dog, Max, and tinkering with his home automation system.

Reviews

Fantastic pod

"So much great, fresh content. An absolute must for security researchers and engineers alike."

14erDave | April 4, 2023

Great stuff by two goated hackers

"This podcast is incredible!! If you have any interest in cybersecurity, ethical hacking, or just tech in general then this is for you. Happy listening!"

nathanc0de | March 30, 2023

Favorite Security Podcast

"Amazing content from two supremely talented hackers. A must-listen for anyone looking for high-quality security content."

threatacting | March 27, 2023

The best bug bounty podcast

"Joel and Justin are extremely talented hackers sharing amazing insights into appsec. Give it a listen!"

Josephfuego555 | Feb. 3, 2023

See all reviews

Recent Episodes

Listen On

About the Hosts

Reviews