Interested in going full-time bug bounty? Check out our blueprint!
Critical Thinking - Bug Bounty Podcast
Latest Episode

Episode 139: James Kettle - Pwning in Prod & How to do Web Security Research

Episode 139: In this episode of Critical Thinking - Bug Bounty Podcast Justin finally sits down with the great James Kettle to talk about HTTP Proxys, metagaming research, avoiding burnout, and why HTTP/1.1 must die! Follow u...

The player is loading ...
Episode 139: James Kettle - Pwning in Prod & How to do Web Security Research
Episode 139: James Kettle - Pwning in Prod & How to do Web Security Research
Apple Podcasts podcast player icon Spotify podcast player icon Castro podcast player icon RSS Feed podcast player icon YouTube podcast player icon

Recent Episodes

View all
Episode 139: James Kettle - Pwning in Prod & How to do Web Security Research
Sept. 11, 2025

Episode 139: James Kettle - Pwning in Prod & How to do Web Security Research

Episode 139: In this episode of Critical Thinking - Bug Bounty Podcast Justin finally sits down with the great James Kettle to talk about HTTP Proxys, metagaming research, avoiding burnout, and why HTTP/1.1 must die! Follow u...
Listen to the Episode
Episode 138: Caido Tools and Workflows
Sept. 4, 2025

Episode 138: Caido Tools and Workflows

Episode 138: In this episode of Critical Thinking - Bug Bounty Podcast We’re talking Caido tools and workflows. Justin gives us a list of some of the Caido tools that have caught his interest, as well as how he’s using them. ...
Listen to the Episode
Episode 137: How We Do AI-Assisted Whitebox Review, New CSPT Gadgets, and Tools from SLCyber
Aug. 28, 2025

Episode 137: How We Do AI-Assisted Whitebox Review, New CSPT Gadgets, and Tools from SLCyber

Episode 137: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner and Joseph Thacker reunite to talk about AI Hacking Assistants, CSPT and cache deception, and a bunch of tools like ch.at , Slice, Ebka, an...
Listen to the Episode
Episode 136: Hacking Cluely, AI Prod Sec, and How To Not Get Sued with Jack Cable
Aug. 21, 2025

Episode 136: Hacking Cluely, AI Prod Sec, and How To Not Get Sued with Jack Cable

Episode 136: In this episode of Critical Thinking - Bug Bounty Podcast, Joseph Thacker sits down with Jack Cable to get the scoop on a significant bug in Cluely’s desktop application, as well as the resulting drama. They also...
Listen to the Episode
Episode 135: Akamai's Ryan Barnett on WAFs, Unicode Confusables, and Triage Stories
Aug. 14, 2025

Episode 135: Akamai's Ryan Barnett on WAFs, Unicode Confusables, and Triage Stories

Episode 135: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Ryan Barnett for a deep dive on WAFs. We also recap his Exploiting Unicode Normalization talk from DEFCON, and get his perspective o...
Listen to the Episode
Episode 134: XBOW - AI Hacking Agent and Human in the Loop with Diego Djurado
Aug. 4, 2025

Episode 134: XBOW - AI Hacking Agent and Human in the Loop with Diego Djurado

Episode 134: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Diego Djurado to give us the scoop on XBOW. We cover a little about its architecture and approach to hunting, the challenges with hallucin...
Listen to the Episode
View all Episodes

About the Hosts

Justin Gardner (@rhynorater) Profile Photo

Justin Gardner (@rhynorater)

Full-time Bug Bounty Hunter

Justin is a full-time bug bounty hunter and top-ranked live hacking event competitor. He has taken home two Most Valuable Hacker awards and countless other 1st place & 2nd place trophies.

While Justin specializes in web hacking, he also dabbles in IoT and mobile hacking. He is also the HackerOne Ambassador for the Eastern US region.

Outside of hacking, Justin enjoys Volleyball, Brazilian Jiu Jitsu, and Real Estate investing.

Joseph Thacker (@Rez0) Profile Photo

Joseph Thacker (@Rez0)

Full-time Bug Bounty Hunter

Joseph is a security researcher and full-time bug bounty hunter specializing in application security and AI. He has helped Fortune 500 companies avoid costly vulnerabilities and has contributed to over 1,000 security findings through platforms like HackerOne and Bugcrowd. Passionate about identifying recurring security flaws, works to address them through hacking, teaching, and consulting.

Reviews

Fantastic pod

"So much great, fresh content. An absolute must for security researchers and engineers alike."

14erDave | April 4, 2023

Great stuff by two goated hackers

"This podcast is incredible!! If you have any interest in cybersecurity, ethical hacking, or just tech in general then this is for you. Happy listening!"

nathanc0de | March 30, 2023

Favorite Security Podcast

"Amazing content from two supremely talented hackers. A must-listen for anyone looking for high-quality security content."

threatacting | March 27, 2023

The best bug bounty podcast

"Joel and Justin are extremely talented hackers sharing amazing insights into appsec. Give it a listen!"

Josephfuego555 | Feb. 3, 2023
See all reviews