Interested in going full-time bug bounty? Check out our blueprint!

Videos

Feb. 12, 2026

Cross-Consumer Attacks & DTMF Tone Exfil (Ep. 161)

Cross-Consumer Attacks & DTMF Tone Exfil (Ep. 161)

Episode 161: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gives us some quick hits regarding CSRF and Cross Consumer Attacks, and also touches on some breaking questions surrounding HackerOne Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any…

View more
Feb. 11, 2026

NULL origin iframe trick

NULL origin iframe trick

#hacking #bugbounty #podcast #bugbountytips #infosec #iframe

View more
Feb. 9, 2026

This makes no sense at all but thanks, Chrome!

This makes no sense at all but thanks, Chrome!

#hacking #bugbounty #podcast #bugbountytips #infosec #javascript

View more
Feb. 7, 2026

WAFs cannot win this battle =)

WAFs cannot win this battle =)

#hacking #bugbounty #podcast #bugbountytips #infosec #WAF #firewall

View more
Feb. 6, 2026

Did you know that Java annotations run at compile time?

Did you know that Java annotations run at compile time?

#hacking #bugbounty #podcast #bugbountytips #infosec #Java

View more
Feb. 5, 2026

Cloudflare Zero-days & Mail Unsubscribing for XSS (Ep.160)

Cloudflare Zero-days & Mail Unsubscribing for XSS (Ep.160)

Episode 160: In this episode of Critical Thinking - Bug Bounty Podcast Joseph and Brandyn. Chat through some news, Including a Cloudflare Zero-day, Turning List-Unsubscribe into an SSRF/XSS Gadget, & Magic String Denial of Service in Claude. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free…

View more
Feb. 3, 2026

DNS Record doesn't exist... But the next does!

DNS Record doesn't exist... But the next does!

#hacking #bugbounty #podcast #bugbountytips #infosec #DNS #DNSSEC

View more
Feb. 1, 2026

Lesson learned: Old tech deserves a hack too

Lesson learned: Old tech deserves a hack too

#hacking #bugbounty #podcast #bugbountytips #infosec

View more
Jan. 30, 2026

Pwning in 3 minutes = Reverse Imposter Syndrome

Pwning in 3 minutes = Reverse Imposter Syndrome

#hacking #bugbounty #podcast #bugbountytips #infosec #impostersyndrome

View more
Jan. 29, 2026

Avoiding Downgrades on Google Cloud VRP with Michael Cote and Darby Hopkins (Ep. 159)

Avoiding Downgrades on Google Cloud VRP with Michael Cote and Darby Hopkins (Ep. 159)

Episode 159: In this episode of Critical Thinking - Bug Bounty Podcast we sit down with the Google Cloud VRP Team to deep-dive policy and reward changes, what the panel process looks like, and how to best configure for success. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and…

View more
Jan. 27, 2026

Supporting the Git scheme enables SO MUCH

Supporting the Git scheme enables SO MUCH

#hacking #bugbounty #podcast #bugbountytips #infosec

View more
Jan. 25, 2026

Hacking AI can be more than convincing it to get hacked

Hacking AI can be more than convincing it to get hacked

#hacking #bugbounty #podcast #bugbountytips #infosec

View more
Jan. 24, 2026

Give me 2 ways of doing something, I'll find the third

Give me 2 ways of doing something, I'll find the third

#hacking #bugbounty #podcast #bugbountytips #infosec

View more
Jan. 22, 2026

$300k Meta Client-Side Bugs + 10hr Marathon Hack-Along Recap (Ep. 158)

$300k Meta Client-Side Bugs + 10hr Marathon Hack-Along Recap (Ep. 158)

Episode 158: In this episode of Critical Thinking - Bug Bounty Podcast we talk about our personal takeaways from the CTBB Charity Hackalong, and then break down some InsertScript POCs, what a $55,000 bug can look like, and if Smart People Ever Say They’re Smart. Follow us on twitter at:…

View more
Jan. 19, 2026

Arbitrary File Read... As a Service

Arbitrary File Read... As a Service

#hacking #bugbounty #podcast #bugbountytips #infosec #mcp #mcphacking

View more
Jan. 18, 2026

Policy-Level Mitigation Strats

Policy-Level Mitigation Strats

#hacking #bugbounty #podcast #bugbountytips #infosec #mcp #mcphacking

View more
Jan. 16, 2026

My Kids' Friends Think I'm a Criminal

My Kids' Friends Think I'm a Criminal

#hacking #bugbounty #podcast #bugbountytips #infosec

View more
Jan. 15, 2026

Crushing Pwn2Own & H1 with Kernel Driver Exploits (Ep. 157)

Crushing Pwn2Own & H1 with Kernel Driver Exploits (Ep. 157)

Episode 157: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Hypr to talk about hacking Mediatek and his experiences with HackerOne and Pwn2Own Ecosystems. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout…

View more
Jan. 14, 2026

Conditional Breakpoints Are Underrated

Conditional Breakpoints Are Underrated

#hacking #bugbounty #podcast #bugbountytips #infosec

View more
Jan. 12, 2026

Break The School's Safety App (For Good Reasons)

Break The School's Safety App (For Good Reasons)

#hacking #bugbounty #podcast #bugbountytips #infosec

View more
Jan. 10, 2026

Pro Tip for JS Analysis With AI

Pro Tip for JS Analysis With AI

#hacking #bugbounty #podcast #bugbountytips #infosec

View more
Jan. 8, 2026

Justin Was Using FFUF Like a Caveman

Justin Was Using FFUF Like a Caveman

#hacking #bugbounty #podcast #bugbountytips #infosec #hackingtips #fuzzing

View more
Jan. 8, 2026

Chill AMA from bugbounty.forum (Ep. 156)

Chill AMA from bugbounty.forum (Ep. 156)

Episode 156: In this episode of Critical Thinking - Bug Bounty Podcast we answer some fantastic questions from over at bugbounty.forum Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to https://twitter.com/realytcracker for the awesome intro music! ======…

View more
Jan. 6, 2026

How To Get Fired as a Pentester

How To Get Fired as a Pentester

#hacking #bugbounty #podcast #bugbountytips #infosec #hackerstory

View more