Interested in going full-time bug bounty? Check out our blueprint!

Videos

April 17, 2025

Abusing iframes from a Client-side Hacker (Ep. 119)

Episode 119: In this episode of Critical Thinking - Bug Bounty Podcast Justin does a mini deep dive into the world of iframes, starting with why they’re significant, their attributes, and how to attack them. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send…

View more
April 10, 2025

Hacking Happy Hour: 0days on Tap and SQLi Shots (Ep. 118)

Episode 118: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph cover a host of news and writeups, including clientside tidbits, “Credentialless” iframes, prototype pollution, and what constitutes a polyglot in llms.txt. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to…

View more
April 3, 2025

Vulnus Ex Machina - AI Hacking Part 1 (Ep. 117)

Episode 117: In this episode of Critical Thinking - Bug Bounty Podcast Joseph introduces Vulus Ex Machina: A 3-part mini-series on hacking AI applications. In this part, he lays the groundwork and focuses on AI reconnaissance. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to…

View more
March 27, 2025

Auth Bypasses and Google VRP Writeups (Ep. 116)

Episode 116: Auth Bypasses and Google VRP Writeups Episode 116: In this episode of Critical Thinking - Bug Bounty Podcast Justin gives a quick rundown of Portswigger’s SAML Roulette writeup, as well as some Google VRP reports, and a Next.js middleware exploit. Follow us on twitter at: https://x.com/ctbbpodcast Got any…

View more
March 20, 2025

Mentee to Career Hacker - Mokusou (So Sakaguchi) (Ep 115)

Episode 115: In this episode of Critical Thinking - Bug Bounty Podcast Justin and So Sakaguchi sit down to walk through some recent bugs, before having a live mentorship session. They also talk about Reflector, and finish up by doing a bonus podcast segment in Japanese! Follow us on twitter…

View more
March 17, 2025

Trick for popping XSS on AI apps

#hacking #bugbounty #bugbountytips #websecurity #infosec #xss #xsstricks #aihacking

View more
March 15, 2025

AI Hacking Kinda Feels Like Social Engineering

#hacking #bugbounty #bugbountytips #websecurity #infosec #aihacking #socialengineering

View more
March 14, 2025

Clever trick for bypassing SOP

#hacking #bugbounty #bugbountytips #websecurity #infosec #webhacking #sopbypass

View more
March 13, 2025

Single Page Application Hacking Playbook (Ep 114)

Episode 114: In this episode of Critical Thinking - Bug Bounty Podcast we’re diving into SPA and how to attack them.We also cover a host of news items, including some bug write-ups, AI updates, and a new tool called Hackadvisor. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and…

View more
March 12, 2025

Polluting LLM Memory for Future Exploits

#hacking #bugbounty #bugbountytips #websecurity #infosec #aihacking #llmhacking #openai #gemini #chatgpt

View more
March 10, 2025

Playing with DOMPurify’s Text Output

#hacking #bugbounty #bugbountytips #websecurity #infosec #dompurify

View more
March 6, 2025

(Ep. 113) Best Technical Takeaways from Portswigger Top 10 2024

Episode 113: In this episode of Critical Thinking - Bug Bounty Podcast we’re breaking down the Portswigger Top 10 from 2024. There’s some bangers in here! Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to https://twitter.com/realytcracker for…

View more
March 2, 2025

A Shortcut for Inspecting the Sanitize Function

#hacking #bugbounty #bugbountytips #websecurity #infosec #dompurify

View more
Feb. 28, 2025

Bug Bounty 101 - Identifying DOMPurify in Blind Scenarios

#hacking #bugbounty #bugbountytips #websecurity #infosec #dompurify

View more
Feb. 27, 2025

(Ep. 112) Interview with Ciarán Cotter (MonkeHack) Critical Lab Researcher and Full-time Hunter

Episode 112: In this episode of Critical Thinking - Bug Bounty Podcast Joseph Thacker is joined by Ciarán Cotter (Monke) to share his bug hunting journey and give us the rundown on some recent client-side and server-side bugs. Then they discuss WebSockets, SaaS security, and cover some AI news including…

View more
Feb. 25, 2025

Google is hard to hack, but that's exactly why it's worth trying

#hacking #bugbounty #bugbountytips #websecurity #infosec #google #googlehacking #websecurity #gemini

View more
Feb. 24, 2025

Treating public client keys as secret keys, great idea

#hacking #bugbounty #bugbountytips #websecurity #infosec #websecurity

View more
Feb. 23, 2025

Our community is truly the best

#hacking #bugbounty #bugbountytips #websecurity #infosec #discord #xss

View more
Feb. 21, 2025

Tracking OAuth Tokens Backwards

#hacking #bugbounty #bugbountytips #websecurity #infosec #oauth

View more
Feb. 20, 2025

(Ep 111) How to Bypass DOMPurify in Bug Bounty with Kevin Mizu

Episode 111: How to Bypass DOMPurify in Bug Bounty with Kevin Mizu Episode 111: In this episode of Critical Thinking - Bug Bounty Podcast Justin interviews Kevin Mizu to showcase his knowledge regarding DOMPurify and its misconfigurations. We walk through some of Kevin’s research, highlighting things like Dangerous allow-lists and…

View more
Feb. 19, 2025

[Bug Drop] XSSDoctor's Sick XSS Chain

We're going a bit outside the normal posts for CTBB Podcast today, and we're gonna give you a taste of what our premium content on Discord feels like. This time, we've got an AMAZING bug from XSSDoctor. If you'd like to get your hands on the lab for this one,…

View more
Feb. 13, 2025

(Ep. 110) Oauth Gadget Correlation and Common Attacks

Episode 110: In this episode of Critical Thinking - Bug Bounty Podcast we hit some quick news items including a DOMPurify 3.2.3 Bypass, O3 mini updates, and a cool postLogger Chrome Extension. Then, we hone in on OAuth vulnerabilities, API keys, and innovative techniques hackers use to exploit these systems.…

View more
Feb. 9, 2025

Cookie bombing, of course! hahah

#hacking #bugbounty #bugbountytips #websecurity #infosec #cookies #cookiebombing #SAASsecurity

View more
Feb. 7, 2025

Just get intimate with the app

#hacking #bugbounty #bugbountytips #websecurity #infosec

View more