Interested in going full-time bug bounty? Check out our blueprint!

Latest Episode

Episode 110: Oauth Gadget Correlation and Common Attacks

Episode 110: In this episode of Critical Thinking - Bug Bounty Podcast we hit some quick news items including a DOMPurify 3.2.3 Bypass, O3 mini updates, and a cool postLogger Chrome Extension. Then, we hone in on OAuth vulner...

The player is loading ...

Recent Episodes

View all

Feb. 13, 2025

Episode 110: Oauth Gadget Correlation and Common Attacks

Listen to the Episode

Feb. 6, 2025

Episode 109: Creative Recon - Alternative Techniques

Episode 109: In this episode of Critical Thinking - Bug Bounty Podcast we start off with a quick recap of some of the DeepSeek Drama that’s been going down, and discuss AI in CAPTCHA and 2FA as well. Then we switch to cover …

Listen to the Episode

Jan. 30, 2025

Episode 108: How to Hack Salesforce, ServiceNow, and Other SaaS Products With Aaron Costello

Episode 108: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph bring on Aaron Costello to discuss SaaS security and misconfigurations as a bug class. He also gives some in-depth examples from Salesf…

Listen to the Episode

Jan. 23, 2025

Episode 107: Bypassing Cross-Origin Browser Headers

Episode 107: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph are tackling the subject of cross-origin security headers. They also cover some news items including Google’s OAuth login flaw, RAINK, …

Listen to the Episode

Jan. 16, 2025

Episode 106: Announcing our new cohost...

Episode 106: In this episode of Critical Thinking - Bug Bounty Podcast we are pleased to announce our new co-host of the podcast: Joseph Thacker Aka Rez0! We discuss Joseph's transition to full-time bug bounty hunting, his g…

Listen to the Episode

Jan. 9, 2025

Episode 105: Best Critical Thinking Moments from 2024

Episode 105: In this episode of Critical Thinking - Bug Bounty Podcast we're back with another Best-of episode recapping some of our top moments of 2024. Follow us on twitter at: @ctbbpodcast Ssend us any feedback here: info…

Listen to the Episode

View all Episodes

Join the Email List

About the Hosts

Justin Gardner (@rhynorater)

Full-time Bug Bounty Hunter

Justin is a full-time bug bounty hunter and top-ranked live hacking event competitor. He has taken home two Most Valuable Hacker awards and countless other 1st place & 2nd place trophies.

While Justin specializes in web hacking, he also dabbles in IoT and mobile hacking. He is also the HackerOne Ambassador for the Eastern US region.

Outside of hacking, Justin enjoys Volleyball, Brazilian Jiu Jitsu, and Real Estate investing.

Joseph Thacker (@Rez0)

Full-time Bug Bounty Hunter

Joseph is a security researcher and full-time bug bounty hunter specializing in application security and AI. He has helped Fortune 500 companies avoid costly vulnerabilities and has contributed to over 1,000 security findings through platforms like HackerOne and Bugcrowd. Passionate about identifying recurring security flaws, works to address them through hacking, teaching, and consulting.

Reviews

Fantastic pod

"So much great, fresh content. An absolute must for security researchers and engineers alike."

14erDave | April 4, 2023

Great stuff by two goated hackers

"This podcast is incredible!! If you have any interest in cybersecurity, ethical hacking, or just tech in general then this is for you. Happy listening!"

nathanc0de | March 30, 2023

Favorite Security Podcast

"Amazing content from two supremely talented hackers. A must-listen for anyone looking for high-quality security content."

threatacting | March 27, 2023

The best bug bounty podcast

"Joel and Justin are extremely talented hackers sharing amazing insights into appsec. Give it a listen!"

Josephfuego555 | Feb. 3, 2023

See all reviews

Recent Episodes

Listen On

About the Hosts

Reviews