Episode 158: In this episode of Critical Thinking - Bug Bounty Podcast we talk about our takeaways from the CTBB Charity Hackalong, and then break down some InsertScript POCs, what a $55,000 bug can look like, and if Smart People Ever Say They’re Smart.

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater, rez0 and gr3pme on X:

Crit Research Lab:

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag!

Today's Sponsor: Join Justin at Zero Trust World in March and get $200 off registration with Code ZTWCTBB26

https://ztw.com/

====== Resources ======

InsertScript - XSS Challenge Solution

InsertScript - Redirect AuthHeader

CRLF injection on a 302 redirect

Multiple XSS in Meta Conversion API Gateway Leading to Zero-Click Account Takeover

Arcanum Hack Tips

Trail of Bits Releases Claude Skills

what a $55,000 bug can look like

Pwning Claude Code in 8 Different Ways

Do Smart People Ever Say They’re Smart?

====== Timestamps ======

(00:00:00) Introduction

(00:04:18) Takeaways from CT Charity Hackalong

(00:22:21) InsertScript POCs & Rez0 and teknogeek's IOT Adventures

(00:32:16) CRLF injection on a 302 redirect & Multiple XSS in Meta

(00:41:00) Trail of Bits, what a $55,000 bug can look like, & Pwning Claude Code

(00:54:16) Do Smart People Ever Say They’re Smart?

Episode 157: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Hypr to talk about hacking Mediatek and his experiences with HackerOne and Pwn2Own Ecosystems.

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater, rez0 and gr3pme on X:

https://x.com/Rhynorater

https://x.com/rez0__

https://x.com/gr3pme

Critical Research Lab:

https://lab.ctbb.show/

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today’s Guest: https://x.com/hyprdude

====== This Week in Bug Bounty ======

Top 10 web hacking techniques of 2025: call for nominations

https://portswigger.net/research/top-10-web-hacking-techniques-of-2025-nominations-open

CVE-2025-13467

https://access.redhat.com/security/cve/cve-2025-13467

====== Resources ======

Hypr's Blog

https://blog.coffinsec.com

mediatek? more like media-rekt, amirite.

https://blog.coffinsec.com/0days/2025/12/15/more-like-mediarekt-amirite.html

kernel-utils

https://github.com/mellow-hype/kernel-utils

====== Timestamps ======

(00:00:00) Introduction

(00:03:23) Heap Overflow in Mediatek Kernel Drivers

(00:19:23) Kernel Debugging & ioctl Handlers

(00:43:30) Input Structs, Sync to Source, & Privilege Escalation

(00:51:30) HackerOne Ecosystem vs Pwn2Own Ecosystem

(01:17:00) Kernel Utils

(01:26:46) Real World Bugs for Exploit Development vs CTFs

Episode 156: In this episode of Critical Thinking - Bug Bounty Podcast we answer some fantastic questions from over at bugbounty.forum

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater, rez0 and gr3pme on X:

https://x.com/Rhynorater

https://x.com/rez0__

https://x.com/gr3pme

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

====== Resources ======

Critical Thinking Lab

lab.ctbb.show

Cross-Site ETag Length Leak

https://blog.arkark.dev/2025/12/26/etag-length-leak

Clawdbot

https://github.com/clawdbot/clawdbot/

Post from Steve Caldwell

https://x.com/moreconfetti/status/2006494133159162008

====== Timestamps ======

(00:00:00) Introduction

(00:00:58) Crit Lab update

(00:04:36) Cross-Site ETag Length Leak

(00:13:26) Clawdbot

(00:16:56) Will bug hunting become obsolete, LHE invitations, and Fulltime vs Part time?

(00:30:52) 10 bugs at $5k or 1 bug at $5k, CTBB Background, & Future Plans

(00:38:32) Mentoring, Conquering Classes, and what angles we implement from the podcast

(00:49:27) Best approach on new targets, tips for making 500k in a year, AI/Vibecoding & Human in the Loop

(00:59:07) Mentally mapping the target, anti-patterns that waste time, and BB beliefs that were wrong.

(01:10:12) Tackling small scope, staying on one program, picking up after a break, & moving on

(01:17:41) Invisible elements that make the difference between $2k and $20k