Critical Thinking - Bug Bounty Podcast

By: Justin Gardner (Rhynorater) & Joel Margolis (teknogeek)
Listen for free

  • Summary

  • A "by Hackers for Hackers" podcast focused on technical content ranging from bug bounty tips, to write-up explanations, to the latest hacking techniques.
    Critical Thinking Podcast
    Show more Show less
activate_Holiday_promo_in_buybox_DT_T2
Episodes
  • Episode 91: Zero to LHE in 9 Months (feat gr3pme)

    Episode 91: Zero to LHE in 9 Months (feat gr3pme)
    Oct 3 2024

    Episode 91: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner sits down with Critical Thinking’s own HackerNotes writer Brandyn Murtagh (gr3pme) to talk about his journey with Bug Bounty. We cover mentorship, networking and LHEs, ecosystem hacking, emotional regulation, and the need for self-care. Then we wrap up with some fun bugs.

    Follow us on twitter at: @ctbbpodcast

    We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

    Shoutout to YTCracker for the awesome intro music!

    ------ Links ------

    Find the Hackernotes: https://blog.criticalthinkingpodcast.io/

    Follow your hosts Rhynorater & Teknogeek on twitter:

    https://twitter.com/0xteknogeek

    https://twitter.com/rhynorater

    ------ Ways to Support CTBBPodcast ------

    Hop on the CTBB Discord at https://ctbb.show/discord!

    We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

    Shop our new swag store at ctbb.show/swag

    Today’s Sponsor: Project Discovery - tldfinder: https://www.criticalthinkingpodcast.io/tldfinder

    Today’s guest: https://x.com/gr3pme

    Resources:

    Lessons Learned for LHEs

    https://x.com/Rhynorater/status/1579499221954473984

    Timestamps:

    (00:00:00) Introduction

    (00:07:02) Mentorship in Bug Bounty

    (00:16:30) LHE lessons, takeaways, and the benefit of feedback and networking

    (00:41:28) Choosing Targets

    (00:49:03) Vuln Classes

    (00:58:54) Bug Reports
    Show more Show less
    1 hr and 23 mins
  • Episode 90: 5k Clickjacking, Encryption Oracles, and Cursor for PoCs

    Episode 90: 5k Clickjacking, Encryption Oracles, and Cursor for PoCs
    Sep 26 2024

    Episode 90: In this episode of Critical Thinking - Bug Bounty Podcast Joel and Justin recap some of their recent hacking ups and downs and have a lively chat about Cursor. Then they cover some some research about SQL Injections, Clickjacking in Google Docs, and how to steal your Telegram account in 10 seconds.

    Follow us on twitter at: @ctbbpodcast

    We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

    Shoutout to YTCracker for the awesome intro music!

    ------ Links ------

    Find the Hackernotes: https://blog.criticalthinkingpodcast.io/

    Follow your hosts Rhynorater & Teknogeek on twitter:

    https://twitter.com/0xteknogeek

    https://twitter.com/rhynorater

    ------ Ways to Support CTBBPodcast ------

    Hop on the CTBB Discord at https://ctbb.show/discord!

    We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

    Shop our new swag store at ctbb.show/swag

    Today’s Sponsor: Project Discovery - tldfinder: https://www.criticalthinkingpodcast.io/tldfinder

    Resources:

    Breaking Down Barriers: Exploiting Pre-Auth SQL Injection in WhatsUp Gold

    Content-Type that can be used for XSS

    Clickjacking Bug in Google Docs

    Justin's Gadget Link

    https://www.youtube.com/signin?next=https%3A%2F%2Faccounts.youtube.com%2Faccounts%2FSetSID%3Fcontinue%3Dhttps%3A%2F%2Fwww.google.com%252Famp%252fpoc.rhynorater.com

    Stealing your Telegram account in 10 seconds flat

    Timestamps

    (00:00:00) Introduction

    (00:08:28) Recent Hacks and Dupes

    (00:14:00) Cursor

    (00:25:02) Exploiting Pre-Auth SQL Injection in WhatsUp Gold

    (00:34:17) Content-Type that can be used for XSS

    (00:40:25) Caido updates

    (00:43:14) Clickjacking in Google Docs, and Stealing Telegram account
    Show more Show less
    52 mins
  • Episode 89: The Untapped Bug Bounty Landscape of IoT w/ Matt Brown

    Episode 89: The Untapped Bug Bounty Landscape of IoT w/ Matt Brown
    Sep 19 2024

    Episode 89: In this episode of Critical Thinking - Bug Bounty Podcast We’re joined live by Matt Brown to talk about his journey with hacking in the IoT. We cover the specializations and challenges in hardware hacking, and Matt’s personal Methodology. Then we switch over to touch on BGA Reballing, Certificate Pinning and Validation, and some of his own bug stories.

    Follow us on twitter at: @ctbbpodcast

    We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

    Shoutout to YTCracker for the awesome intro music!

    ------ Links ------

    Find the Hackernotes: https://blog.criticalthinkingpodcast.io/

    Follow your hosts Rhynorater & Teknogeek on twitter:

    https://twitter.com/0xteknogeek

    https://twitter.com/rhynorater

    ------ Ways to Support CTBBPodcast ------

    Hop on the CTBB Discord at https://ctbb.show/discord!

    We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

    Today’s Sponsor: Project Discovery - tldfinder: https://www.criticalthinkingpodcast.io/tldfinder

    Today’s Guess Matt Brown: https://x.com/nmatt0

    Resources:

    Decrypting SSL to Chinese Cloud Servers

    https://www.youtube.com/watch?v=3qSxxNvuEtg

    mitmrouter

    https://github.com/nmatt0/mitmrouter

    certmitm Automatic Exploitation of TLS Certificate Validation Vulns

    https://www.youtube.com/watch?v=w_l2q_Gyqfo

    and

    https://media.defcon.org/DEF%20CON%2031/DEF%20CON%2031%20presentations/Aapo%20Oksman%20-%20certmitm%20automatic%20exploitation%20of%20TLS%20certificate%20validation%20vulnerabilities.pdf

    https://github.com/aapooksman/certmitm

    HackerOne Detailed Platform Standards

    https://docs.hackerone.com/en/articles/8369826-detailed-platform-standards

    Timestamps:

    (00:00:00) Introduction

    (00:13:33) Specialization and Challenges of IOT Hacking

    (00:33:03) Decrypting SSL to Chinese Cloud Servers

    (00:47:00) General IoT Hacking Methodology

    (01:26:00) Certificate Pinning and Certificate Validation

    (01:34:35) BGA Reballing

    (01:43:26) Bug Stories
    Show more Show less
    1 hr and 58 mins
Show more Show less

What listeners say about Critical Thinking - Bug Bounty Podcast

Average customer ratings
Overall
  • 5 out of 5 stars
  • 5 Stars
    2
  • 4 Stars
    0
  • 3 Stars
    0
  • 2 Stars
    0
  • 1 Stars
    0
Performance
  • 5 out of 5 stars
  • 5 Stars
    2
  • 4 Stars
    0
  • 3 Stars
    0
  • 2 Stars
    0
  • 1 Stars
    0
Story
  • 5 out of 5 stars
  • 5 Stars
    2
  • 4 Stars
    0
  • 3 Stars
    0
  • 2 Stars
    0
  • 1 Stars
    0

Reviews - Please select the tabs below to change the source of reviews.

Audible.com reviews

Amazon reviews
Sort by:
Filter by:
  • Overall
    5 out of 5 stars
  • Performance
    5 out of 5 stars
  • Story
    5 out of 5 stars
Profile Image for Kris Roberts

great information

as someone who is still very new to the industry, I like listening to this podcast as I find the information very useful

Report this

Something went wrong. Please try again in a few minutes.

You voted on this review!

You reported this review!