Interested in going full-time bug bounty? Check out our blueprint!

Videos

Feb. 20, 2026

Incremental IDORs are common... Bet you've never seen Incremental TOKENS

Incremental IDORs are common... Bet you've never seen Incremental TOKENS

#hacking #bugbounty #podcast #bugbountytips #infosec

View more
Feb. 19, 2026

HackerOne Training AI on Bug Bounty Data? (Ep. 162)

HackerOne Training AI on Bug Bounty Data? (Ep. 162)

Episode 162: HackerOne Training AI on Bug Bounty Data? Episode 162: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph sit down with HackerOne Founder & CTO Alex Rice to discuss concerns of Using Hacker Data for AI and decreasing bounties. Follow us on twitter at:…

View more
Feb. 17, 2026

An EXPLOIT made in Heaven

An EXPLOIT made in Heaven

#hacking #bugbounty #podcast #bugbountytips #infosec

View more
Feb. 14, 2026

.innerHTML can make your XSS run!

.innerHTML can make your XSS run!
View more
Feb. 13, 2026

Is it even a bypass if they left you an EXTRA key?

Is it even a bypass if they left you an EXTRA key?

#hacking #bugbounty #podcast #bugbountytips #infosec #CSP

View more
Feb. 12, 2026

Cross-Consumer Attacks & DTMF Tone Exfil (Ep. 161)

Cross-Consumer Attacks & DTMF Tone Exfil (Ep. 161)

Episode 161: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gives us some quick hits regarding CSRF and Cross Consumer Attacks, and also touches on some breaking questions surrounding HackerOne Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any…

View more
Feb. 11, 2026

NULL origin iframe trick

NULL origin iframe trick

#hacking #bugbounty #podcast #bugbountytips #infosec #iframe

View more
Feb. 9, 2026

This makes no sense at all but thanks, Chrome!

This makes no sense at all but thanks, Chrome!

#hacking #bugbounty #podcast #bugbountytips #infosec #javascript

View more
Feb. 7, 2026

WAFs cannot win this battle =)

WAFs cannot win this battle =)

#hacking #bugbounty #podcast #bugbountytips #infosec #WAF #firewall

View more
Feb. 6, 2026

Did you know that Java annotations run at compile time?

Did you know that Java annotations run at compile time?

#hacking #bugbounty #podcast #bugbountytips #infosec #Java

View more
Feb. 5, 2026

Cloudflare Zero-days & Mail Unsubscribing for XSS (Ep.160)

Cloudflare Zero-days & Mail Unsubscribing for XSS (Ep.160)

Episode 160: In this episode of Critical Thinking - Bug Bounty Podcast Joseph and Brandyn. Chat through some news, Including a Cloudflare Zero-day, Turning List-Unsubscribe into an SSRF/XSS Gadget, & Magic String Denial of Service in Claude. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free…

View more
Feb. 3, 2026

DNS Record doesn't exist... But the next does!

DNS Record doesn't exist... But the next does!

#hacking #bugbounty #podcast #bugbountytips #infosec #DNS #DNSSEC

View more
Feb. 1, 2026

Lesson learned: Old tech deserves a hack too

Lesson learned: Old tech deserves a hack too

#hacking #bugbounty #podcast #bugbountytips #infosec

View more
Jan. 30, 2026

Pwning in 3 minutes = Reverse Imposter Syndrome

Pwning in 3 minutes = Reverse Imposter Syndrome

#hacking #bugbounty #podcast #bugbountytips #infosec #impostersyndrome

View more
Jan. 29, 2026

Avoiding Downgrades on Google Cloud VRP with Michael Cote and Darby Hopkins (Ep. 159)

Avoiding Downgrades on Google Cloud VRP with Michael Cote and Darby Hopkins (Ep. 159)

Episode 159: In this episode of Critical Thinking - Bug Bounty Podcast we sit down with the Google Cloud VRP Team to deep-dive policy and reward changes, what the panel process looks like, and how to best configure for success. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and…

View more
Jan. 27, 2026

Supporting the Git scheme enables SO MUCH

Supporting the Git scheme enables SO MUCH

#hacking #bugbounty #podcast #bugbountytips #infosec

View more
Jan. 25, 2026

Hacking AI can be more than convincing it to get hacked

Hacking AI can be more than convincing it to get hacked

#hacking #bugbounty #podcast #bugbountytips #infosec

View more
Jan. 24, 2026

Give me 2 ways of doing something, I'll find the third

Give me 2 ways of doing something, I'll find the third

#hacking #bugbounty #podcast #bugbountytips #infosec

View more
Jan. 22, 2026

$300k Meta Client-Side Bugs + 10hr Marathon Hack-Along Recap (Ep. 158)

$300k Meta Client-Side Bugs + 10hr Marathon Hack-Along Recap (Ep. 158)

Episode 158: In this episode of Critical Thinking - Bug Bounty Podcast we talk about our personal takeaways from the CTBB Charity Hackalong, and then break down some InsertScript POCs, what a $55,000 bug can look like, and if Smart People Ever Say They’re Smart. Follow us on twitter at:…

View more
Jan. 19, 2026

Arbitrary File Read... As a Service

Arbitrary File Read... As a Service

#hacking #bugbounty #podcast #bugbountytips #infosec #mcp #mcphacking

View more
Jan. 18, 2026

Policy-Level Mitigation Strats

Policy-Level Mitigation Strats

#hacking #bugbounty #podcast #bugbountytips #infosec #mcp #mcphacking

View more
Jan. 16, 2026

My Kids' Friends Think I'm a Criminal

My Kids' Friends Think I'm a Criminal

#hacking #bugbounty #podcast #bugbountytips #infosec

View more
Jan. 15, 2026

Crushing Pwn2Own & H1 with Kernel Driver Exploits (Ep. 157)

Crushing Pwn2Own & H1 with Kernel Driver Exploits (Ep. 157)

Episode 157: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Hypr to talk about hacking Mediatek and his experiences with HackerOne and Pwn2Own Ecosystems. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout…

View more
Jan. 14, 2026

Conditional Breakpoints Are Underrated

Conditional Breakpoints Are Underrated

#hacking #bugbounty #podcast #bugbountytips #infosec

View more