Interested in going full-time bug bounty? Check out our blueprint!

Episode 97: Bcrypt Hash Input Truncation & Mobile Device Threat Modeling

Episode 97: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel jump into some cool news items, including a recent Okta Bcrypt vulnerability, insights into crypto bugs, and some intricacies of Android an...

The player is loading ...

Recent Episodes

View all

Nov. 14, 2024

Episode 97: Bcrypt Hash Input Truncation & Mobile Device Threat Modeling

Nov. 7, 2024

Episode 96: Cookies & Caching with MatanBer

Episode 96: In this episode of Critical Thinking - Bug Bounty Podcast we’re back with Matanber to hit some stuff we ran out of time on last episode. We talk about advanced cookie parsing techniques and exploitation methods, …

Oct. 31, 2024

Episode 95: Attacking Chrome Extensions with MatanBer - Big Impact on the Client-Side

Episode 95: In this episode of Critical Thinking - Bug Bounty Podcast In this episode, Justin is joined by MatanBer to delve into the intricacies of browser extensions. We talk about the structure and threat models, and cove…

Oct. 24, 2024

Episode 94: Zendesk Fiasco & the CTBB Naughty List

Episode 94: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel give their perspectives on the recent Zendesk fiasco and the ethical considerations surrounding it. They also highlight the launch of Auth…

Oct. 17, 2024

Episode 93: A Chat with Dr. Bouman - Life as a Hacker and a Doctor

Episode 93: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Dr. Jonathan Bouman to discuss his unique journey as both a Hacker and a Healthcare Professional. We talk through how he balances his dual…

Oct. 10, 2024

Episode 92 - SAML XPath Confusion, Chinese DNS Poisoning, and AI Powered 403 Bypasser

Episode 92: In this episode of Critical Thinking - Bug Bounty Podcast In this episode Justin and Joel tackle a host of new research and write-ups, including Ruby SAML, 0-Click exploits in MediaTek Wi-Fi, and Vulnerabilities …

View all Episodes

Join the Email List

About the Hosts

Justin Gardner (@rhynorater)

Full-time Bug Bounty Hunter

Justin is a full-time bug bounty hunter and top-ranked live hacking event competitor. He has taken home two Most Valuable Hacker awards and countless other 1st place & 2nd place trophies.

While Justin specializes in web hacking, he also dabbles in IoT and mobile hacking. He is also the HackerOne Ambassador for the Eastern US region.

Outside of hacking, Justin enjoys Volleyball, Brazilian Jiu Jitsu, and Real Estate investing.

Joel Margolis (@0xteknogeek)

AppSec @ Match Group

Joel is a appsec engineer at Match Group (the parent company of Tinder, Hinge, Plenty of Fish, OkCupid, Archer, and other dating apps). Joel is also a top bug bounty hunter and has participated and received awards in 30+ live hacking events.

Joel also has experience running a bug bounty program from his time with Uber and Tinder, so he understands the program side as well.

Outside of hacking, Joel enjoys hanging, playing Jazz music, playing with his dog, Max, and tinkering with his home automation system.

Reviews

The best bug bounty podcast

"Joel and Justin are extremely talented hackers sharing amazing insights into appsec. Give it a listen!"

Josephfuego555 | Feb. 3, 2023

Favorite Security Podcast

"Amazing content from two supremely talented hackers. A must-listen for anyone looking for high-quality security content."

threatacting | March 27, 2023

Great stuff by two goated hackers

"This podcast is incredible!! If you have any interest in cybersecurity, ethical hacking, or just tech in general then this is for you. Happy listening!"

nathanc0de | March 30, 2023

Fantastic pod

"So much great, fresh content. An absolute must for security researchers and engineers alike."

14erDave | April 4, 2023

See all reviews

Recent Episodes

Listen On

About the Hosts

Reviews