Episode 125: In this episode of Critical Thinking - Bug Bounty Podcast Justin shares insights on how to succeed at live hacking events. We cover pre-event preparations, challenges of collaboration, on-site strategies, and the importance of maintaining a healthy mindset throughout the entire process.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to https://twitter.com/realytcracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater and Rez0 on Twitter:
https://x.com/Rhynorater
https://x.com/rez0__
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
====== This Week in Bug Bounty ======
Decathlon Public Bug Bounty Program on YesWeHack
https://yeswehack.com/programs/decathlon
====== Resources ======
The Ultimate Double-Clickjacking PoC
https://jorianwoltjer.com/blog/p/hacking/ultimate-doubleclickjacking-poc
Grafana Full read SSRF and Account Takeover: CVE-2025-4123:
https://nightbloodz.github.io/grafana-CVE-2025-4123/
Grafana CVE-2025-4123 Exploit
https://github.com/NightBloodz/CVE-2025-4123
What I learned from my first 100 HackerOne Reports
https://evanconnelly.com/post/my-first-100-hackerone-reports/
Root for your friends
https://josephthacker.com/personal/2025/05/13/root-for-your-friends.html
====== Timestamps ======
(00:00:00) Introduction
(00:02:30) The Ultimate Double-Clickjacking PoC, Grafana CVE, & Evan Connelly's first 100 bugs
(00:10:23) How to win at Live Hacking Events
(00:11:53) Pre-event
(00:11:45) Scope Call
(00:33:11) Dupe window Ends
(00:36:00) Onsite & and Day of Event
(00:42:46) Don't define your identity on the outcome
