Interested in going full-time bug bounty? Check out our blueprint!

Videos

March 17, 2025

Trick for popping XSS on AI apps

#hacking #bugbounty #bugbountytips #websecurity #infosec #xss #xsstricks #aihacking

View more
March 15, 2025

AI Hacking Kinda Feels Like Social Engineering

#hacking #bugbounty #bugbountytips #websecurity #infosec #aihacking #socialengineering

View more
March 14, 2025

Clever trick for bypassing SOP

#hacking #bugbounty #bugbountytips #websecurity #infosec #webhacking #sopbypass

View more
March 13, 2025

Single Page Application Hacking Playbook (Ep 114)

Episode 114: In this episode of Critical Thinking - Bug Bounty Podcast we’re diving into SPA and how to attack them.We also cover a host of news items, including some bug write-ups, AI updates, and a new tool called Hackadvisor. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and…

View more
March 12, 2025

Polluting LLM Memory for Future Exploits

#hacking #bugbounty #bugbountytips #websecurity #infosec #aihacking #llmhacking #openai #gemini #chatgpt

View more
March 10, 2025

Playing with DOMPurify’s Text Output

#hacking #bugbounty #bugbountytips #websecurity #infosec #dompurify

View more
March 6, 2025

(Ep. 113) Best Technical Takeaways from Portswigger Top 10 2024

Episode 113: In this episode of Critical Thinking - Bug Bounty Podcast we’re breaking down the Portswigger Top 10 from 2024. There’s some bangers in here! Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to https://twitter.com/realytcracker for…

View more
March 2, 2025

A Shortcut for Inspecting the Sanitize Function

#hacking #bugbounty #bugbountytips #websecurity #infosec #dompurify

View more
Feb. 28, 2025

Bug Bounty 101 - Identifying DOMPurify in Blind Scenarios

#hacking #bugbounty #bugbountytips #websecurity #infosec #dompurify

View more
Feb. 27, 2025

(Ep. 112) Interview with Ciarán Cotter (MonkeHack) Critical Lab Researcher and Full-time Hunter

Episode 112: In this episode of Critical Thinking - Bug Bounty Podcast Joseph Thacker is joined by Ciarán Cotter (Monke) to share his bug hunting journey and give us the rundown on some recent client-side and server-side bugs. Then they discuss WebSockets, SaaS security, and cover some AI news including…

View more
Feb. 25, 2025

Google is hard to hack, but that's exactly why it's worth trying

#hacking #bugbounty #bugbountytips #websecurity #infosec #google #googlehacking #websecurity #gemini

View more
Feb. 24, 2025

Treating public client keys as secret keys, great idea

#hacking #bugbounty #bugbountytips #websecurity #infosec #websecurity

View more
Feb. 23, 2025

Our community is truly the best

#hacking #bugbounty #bugbountytips #websecurity #infosec #discord #xss

View more
Feb. 21, 2025

Tracking OAuth Tokens Backwards

#hacking #bugbounty #bugbountytips #websecurity #infosec #oauth

View more
Feb. 20, 2025

(Ep 111) How to Bypass DOMPurify in Bug Bounty with Kevin Mizu

Episode 111: How to Bypass DOMPurify in Bug Bounty with Kevin Mizu Episode 111: In this episode of Critical Thinking - Bug Bounty Podcast Justin interviews Kevin Mizu to showcase his knowledge regarding DOMPurify and its misconfigurations. We walk through some of Kevin’s research, highlighting things like Dangerous allow-lists and…

View more
Feb. 19, 2025

[Bug Drop] XSSDoctor's Sick XSS Chain

We're going a bit outside the normal posts for CTBB Podcast today, and we're gonna give you a taste of what our premium content on Discord feels like. This time, we've got an AMAZING bug from XSSDoctor. If you'd like to get your hands on the lab for this one,…

View more
Feb. 13, 2025

(Ep. 110) Oauth Gadget Correlation and Common Attacks

Episode 110: In this episode of Critical Thinking - Bug Bounty Podcast we hit some quick news items including a DOMPurify 3.2.3 Bypass, O3 mini updates, and a cool postLogger Chrome Extension. Then, we hone in on OAuth vulnerabilities, API keys, and innovative techniques hackers use to exploit these systems.…

View more
Feb. 9, 2025

Cookie bombing, of course! hahah

#hacking #bugbounty #bugbountytips #websecurity #infosec #cookies #cookiebombing #SAASsecurity

View more
Feb. 7, 2025

Just get intimate with the app

#hacking #bugbounty #bugbountytips #websecurity #infosec

View more
Feb. 6, 2025

(Ep. 109) Creative Recon - Alternative Techniques

Episode 109: In this episode of Critical Thinking - Bug Bounty Podcast we start off with a quick recap of some of the DeepSeek Drama that’s been going down, and discuss AI in CAPTCHA and 2FA as well. Then we switch to cover some other news before settling in to…

View more
Feb. 5, 2025

Exploiting SAAS Misconfigurations

#hacking #bugbounty #bugbountytips #websecurity #infosec #saas

View more
Jan. 30, 2025

(Ep. 108) How to Hack Salesforce, ServiceNow, and Other SaaS Products With Aaron Costello

Episode 108: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph bring on Aaron Costello to discuss SaaS security and misconfigurations as a bug class. He also gives some in-depth examples from Salesforce, ServiceNow, and Power Pages. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas…

View more
Jan. 23, 2025

Bypassing Cross-Origin Browser Headers (Ep. 107)

Episode 107: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph are tackling the subject of cross-origin security headers. They also cover some news items including Google’s OAuth login flaw, RAINK, and gift card hacking. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions?…

View more
Jan. 16, 2025

Announcing our new cohost... (Ep. 106)

Episode 106: In this episode of Critical Thinking - Bug Bounty Podcast we are pleased to announce our new co-host of the podcast: Joseph Thacker Aka Rez0! We discuss Joseph's transition to full-time bug bounty hunting, his goals, and what he’s looking forward to bringing to the pod. We also…

View more