Interested in going full-time bug bounty? Check out our blueprint!

Videos

June 12, 2025

Hacking AI Series: Vulnus ex Machina - Part 3 (Ep. 126)

Episode 126: Hacking AI Series: Vulnus ex Machina - Part 3 Episode 126: In this episode of Critical Thinking - Bug Bounty Podcast we wrap up Rez0’s AI miniseries ‘Vulnus Ex Machina’. Part 3 includes a showcase of AI Vulns that Rez0 himself has found, and how much they paid…

View more
June 5, 2025

How to Win Live Hacking Events (Ep. 125)

Episode 125: In this episode of Critical Thinking - Bug Bounty Podcast Justin shares insights on how to succeed at live hacking events. We cover pre-event preparations, challenges of collaboration, on-site strategies, and the importance of maintaining a healthy mindset throughout the entire process. Follow us on twitter at: https://x.com/ctbbpodcast…

View more
May 29, 2025

Balancing Bug Bounty Freedom with Hacking Time (Ep. 124)

Episode 124: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph cover some news from around the community, hitting on Joseph’s Anthropic safety testing, Justin’s guest appearance on For Crying Out Cloud, and several fascinating tweets. Then they have a quick Full-time Bug Bounty check-in. Follow…

View more
May 22, 2025

Hacking AI Series: Vulnus ex Machina - Part 2 (Ep.123)

Episode 123: Hacking AI Series: Vulnus ex Machina - Part 2 Episode 123: In this episode of Critical Thinking - Bug Bounty Podcast we’re back with part 2 of Rez0’s miniseries. Today we talk about mastering Prompt Injection, taxonomy of impact, and both triggering traditional Vulns and exploiting AI-specific features.…

View more
May 17, 2025

Just Patch the Binary... What the—?

#hacking #bugbounty #bugbountytips #websecurity #infosec

View more
May 16, 2025

Watch & Learn — Looking Back at the AWS Event

#hacking #bugbounty #bugbountytips #websecurity #infosec #AWS #LHE

View more
May 15, 2025

We Won Google's AI Hacking Event in Tokyo - Main Takeaways (Ep.122)

Episode 122: In this episode of Critical Thinking - Bug Bounty Podcast your boys are MVH winners! First we’re joined by Zak, to discuss the Google LHE as well as surprising us with a bug of his own! Then, we sit down with Lupin and Monke for a winners roundtable…

View more
May 13, 2025

Bring Back Full Disclosure

#hacking #bugbounty #bugbountytips #websecurity #infosec

View more
May 8, 2025

Slonser's Image Injection 0-day - ATO & New Caido Collab Plugin (Ep. 121)

Episode 121: In this episode of Critical Thinking - Bug Bounty Podcast we catch up on a bunch of news and research. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to https://twitter.com/realytcracker for the awesome intro music!…

View more
May 1, 2025

SpaceRaccoon - From Day Zero to Zero Day (Ep.120)

Episode 120: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner welcomes Eugene to talk (aka fanboy) about his new book, 'From Day Zero to Zero Day.' We walk through what to expect in each chapter, including Binary Analysis, Source and Sink Discovery, and Fuzzing everything.Then we…

View more
April 17, 2025

Abusing iframes from a Client-side Hacker (Ep. 119)

Episode 119: In this episode of Critical Thinking - Bug Bounty Podcast Justin does a mini deep dive into the world of iframes, starting with why they’re significant, their attributes, and how to attack them. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send…

View more
April 10, 2025

Hacking Happy Hour: 0days on Tap and SQLi Shots (Ep. 118)

Episode 118: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph cover a host of news and writeups, including clientside tidbits, “Credentialless” iframes, prototype pollution, and what constitutes a polyglot in llms.txt. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to…

View more
April 3, 2025

Vulnus Ex Machina - AI Hacking Part 1 (Ep. 117)

Episode 117: In this episode of Critical Thinking - Bug Bounty Podcast Joseph introduces Vulus Ex Machina: A 3-part mini-series on hacking AI applications. In this part, he lays the groundwork and focuses on AI reconnaissance. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to…

View more
March 27, 2025

Auth Bypasses and Google VRP Writeups (Ep. 116)

Episode 116: Auth Bypasses and Google VRP Writeups Episode 116: In this episode of Critical Thinking - Bug Bounty Podcast Justin gives a quick rundown of Portswigger’s SAML Roulette writeup, as well as some Google VRP reports, and a Next.js middleware exploit. Follow us on twitter at: https://x.com/ctbbpodcast Got any…

View more
March 20, 2025

Mentee to Career Hacker - Mokusou (So Sakaguchi) (Ep 115)

Episode 115: In this episode of Critical Thinking - Bug Bounty Podcast Justin and So Sakaguchi sit down to walk through some recent bugs, before having a live mentorship session. They also talk about Reflector, and finish up by doing a bonus podcast segment in Japanese! Follow us on twitter…

View more
March 17, 2025

Trick for popping XSS on AI apps

#hacking #bugbounty #bugbountytips #websecurity #infosec #xss #xsstricks #aihacking

View more
March 15, 2025

AI Hacking Kinda Feels Like Social Engineering

#hacking #bugbounty #bugbountytips #websecurity #infosec #aihacking #socialengineering

View more
March 14, 2025

Clever trick for bypassing SOP

#hacking #bugbounty #bugbountytips #websecurity #infosec #webhacking #sopbypass

View more
March 13, 2025

Single Page Application Hacking Playbook (Ep 114)

Episode 114: In this episode of Critical Thinking - Bug Bounty Podcast we’re diving into SPA and how to attack them.We also cover a host of news items, including some bug write-ups, AI updates, and a new tool called Hackadvisor. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and…

View more
March 12, 2025

Polluting LLM Memory for Future Exploits

#hacking #bugbounty #bugbountytips #websecurity #infosec #aihacking #llmhacking #openai #gemini #chatgpt

View more
March 10, 2025

Playing with DOMPurify’s Text Output

#hacking #bugbounty #bugbountytips #websecurity #infosec #dompurify

View more
March 6, 2025

(Ep. 113) Best Technical Takeaways from Portswigger Top 10 2024

Episode 113: In this episode of Critical Thinking - Bug Bounty Podcast we’re breaking down the Portswigger Top 10 from 2024. There’s some bangers in here! Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to https://twitter.com/realytcracker for…

View more
March 2, 2025

A Shortcut for Inspecting the Sanitize Function

#hacking #bugbounty #bugbountytips #websecurity #infosec #dompurify

View more
Feb. 28, 2025

Bug Bounty 101 - Identifying DOMPurify in Blind Scenarios

#hacking #bugbounty #bugbountytips #websecurity #infosec #dompurify

View more