Episode 158: In this episode of Critical Thinking - Bug Bounty Podcast we talk about our takeaways from the CTBB Charity Hackalong, and then break down some InsertScript POCs, what a $55,000 bug can look like, and if Smart People Ever Say They’re Smart.

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater, rez0 and gr3pme on X:

Crit Research Lab:

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag!

Today's Sponsor: Join Justin at Zero Trust World in March and get $200 off registration with Code ZTWCTBB26

https://ztw.com/

====== Resources ======

InsertScript - XSS Challenge Solution

InsertScript - Redirect AuthHeader

CRLF injection on a 302 redirect

Multiple XSS in Meta Conversion API Gateway Leading to Zero-Click Account Takeover

Arcanum Hack Tips

Trail of Bits Releases Claude Skills

what a $55,000 bug can look like

Pwning Claude Code in 8 Different Ways

Do Smart People Ever Say They’re Smart?

====== Timestamps ======

(00:00:00) Introduction

(00:04:18) Takeaways from CT Charity Hackalong

(00:22:21) InsertScript POCs & Rez0 and teknogeek's IOT Adventures

(00:32:16) CRLF injection on a 302 redirect & Multiple XSS in Meta

(00:41:00) Trail of Bits, what a $55,000 bug can look like, & Pwning Claude Code

(00:54:16) Do Smart People Ever Say They’re Smart?

Episode 157: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Hypr to talk about hacking Mediatek and his experiences with HackerOne and Pwn2Own Ecosystems.

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater, rez0 and gr3pme on X:

https://x.com/Rhynorater

https://x.com/rez0__

https://x.com/gr3pme

Critical Research Lab:

https://lab.ctbb.show/

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today’s Guest: https://x.com/hyprdude

====== This Week in Bug Bounty ======

Top 10 web hacking techniques of 2025: call for nominations

https://portswigger.net/research/top-10-web-hacking-techniques-of-2025-nominations-open

CVE-2025-13467

https://access.redhat.com/security/cve/cve-2025-13467

====== Resources ======

Hypr's Blog

https://blog.coffinsec.com

mediatek? more like media-rekt, amirite.

https://blog.coffinsec.com/0days/2025/12/15/more-like-mediarekt-amirite.html

kernel-utils

https://github.com/mellow-hype/kernel-utils

====== Timestamps ======

(00:00:00) Introduction

(00:03:23) Heap Overflow in Mediatek Kernel Drivers

(00:19:23) Kernel Debugging & ioctl Handlers

(00:43:30) Input Structs, Sync to Source, & Privilege Escalation

(00:51:30) HackerOne Ecosystem vs Pwn2Own Ecosystem

(01:17:00) Kernel Utils

(01:26:46) Real World Bugs for Exploit Development vs CTFs

Episode 156: In this episode of Critical Thinking - Bug Bounty Podcast we answer some fantastic questions from over at bugbounty.forum

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater, rez0 and gr3pme on X:

https://x.com/Rhynorater

https://x.com/rez0__

https://x.com/gr3pme

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

====== Resources ======

Critical Thinking Lab

lab.ctbb.show

Cross-Site ETag Length Leak

https://blog.arkark.dev/2025/12/26/etag-length-leak

Clawdbot

https://github.com/clawdbot/clawdbot/

Post from Steve Caldwell

https://x.com/moreconfetti/status/2006494133159162008

====== Timestamps ======

(00:00:00) Introduction

(00:00:58) Crit Lab update

(00:04:36) Cross-Site ETag Length Leak

(00:13:26) Clawdbot

(00:16:56) Will bug hunting become obsolete, LHE invitations, and Fulltime vs Part time?

(00:30:52) 10 bugs at $5k or 1 bug at $5k, CTBB Background, & Future Plans

(00:38:32) Mentoring, Conquering Classes, and what angles we implement from the podcast

(00:49:27) Best approach on new targets, tips for making 500k in a year, AI/Vibecoding & Human in the Loop

(00:59:07) Mentally mapping the target, anti-patterns that waste time, and BB beliefs that were wrong.

(01:10:12) Tackling small scope, staying on one program, picking up after a break, & moving on

(01:17:41) Invisible elements that make the difference between $2k and $20k

Episode 155: In this episode of Critical Thinking - Bug Bounty Podcast Justin, Joseph, and Brandyn reflect on last year of Bug Bounty, and list their goals and predictions for what 2026 holds.

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater, rez0 and gr3pme on X:

https://x.com/Rhynorater

https://x.com/rez0__

https://x.com/gr3pme

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

====== Resources ======

2024 Hacker Stats & 2025 Goals

https://blog.criticalthinkingpodcast.io/p/hackernotes-ep-104-2024-hacker-stats-2025-goals

====== Timestamps ======

(00:00:00) Introduction

(00:02:08) 2025 Full Time Hunting Retrospective

(00:10:19) Most Fulfilling Moments and Bugs

(00:17:56) Satisfaction with 2025 Stats

(00:45:28) Automation, Organization, and Collaboration

(00:48:55) Time and Motivation

(01:08:01) Goals and Predictions for Bug Bounty in 2026

Episode 154: In this episode of Critical Thinking - Bug Bounty Podcast Joseph and Brandyn talk through the transition from Bug Bounty hunting to Pentesting. We cover diversifying income streams, the challenges of pricing for Pentests, legal considerations, and what Bug Hunters can bring to the Pentesting world

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater, rez0 and gr3pme on X:

https://x.com/Rhynorater

https://x.com/rez0__

https://x.com/gr3pme

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

====== Timestamps ======

(00:00:00) Introduction

(00:03:36) Starting a Pentesting Company

(00:12:25) Advantages of Pentesting as a Bug Bounty Hunter

(00:29:03) Pricing, Sales, and knowing your Market/Worth

(00:36:21) Compliance in Pentests & Rapid-Fire Takaways

Episode 153: In this episode of Critical Thinking - Bug Bounty Podcast Matt Brown returns to talk with us about hacking robots, IOT hackbots, and his Zero-to-Hero Hardware Hacking Guide.

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater, rez0 and gr3pme on X:

https://x.com/Rhynorater

https://x.com/rez0__

https://x.com/gr3pme

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today’s Guest: Matt Brown

• https://x.com/nmatt0
• https://github.com/BrownFineSecurity/iothackbot

====== Resources ======

KeeYees USB Logic Analyzer Device

Saleae logic analyzer

XGecu

Hardware Hacking Tutorial by Make Me Hack

UART and SPI firmware extraction

UART Root Shell on Linux Router

UART Shell Jail and Unlocked Bootloader

Chinese IP Camera Firmware Extraction

Chip-Off Firmware Extraction

====== Timestamps ======

(00:00:00) Introduction

(00:01:22) Incremental Session Token Story and Matt Brown Intro

(00:10:42) Hardware Bug Bounty Scene & AI on Devices

(00:24:30) Hacking Human Robot

(00:41:33) Zero-to-Hero Hardware Hacking Guide

(01:01:47) IOT Hackbot

Episode 152: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Sasi Levi from Noma Security to talk about AI and Agentic Security. We also talk about ForcedLeak, a Google Vertex Bug, and debate if Prompt Injection is a real Vuln.

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater, rez0 and gr3pme on X:

https://x.com/Rhynorater

https://x.com/rez0__

https://x.com/gr3pme

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

CHeck out our New Christmas Swag at https://ctbb.show/merch!

Today's Sponsor: ThreatLocker. Check out ThreatLocker Elevation Control

https://ctbb.show/tl-ec

And Noma Security! https://noma.security/

Today’s Guest: https://x.com/sasi2103

====== This Week in Bug Bounty ======

Vercel Platform Protection

Dedicated HackerOne program for Vercel WAF

YesWeHack Open Source Programs

Android recon for Bug Bounty hunters

====== Resources ======

Sasi's Tweet from 2015

ForcedLeak: AI Agent risks exposed in Salesforce AgentForce

Is Prompt Injection a Vulnerability?

====== Timestamps ======

(00:00:00) Introduction

(00:09:16) Google Vertex AI Bug

(00:29:28) Sasi's Background and Bug Bounty Journey

(00:38:55) Resources for AI and Agentic Security Methodology

(00:50:34) ForcedLeak

(01:02:06) Is Prompt Injection a Vuln?

Episode 151: In this episode of Critical Thinking - Bug Bounty Podcast we’re covering Client-side advanced topics. Justin talks Joseph (and us) through Third-Party Cookie Nuances, Iframe Tricks, URL Parsing, and more.

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater, rez0 and gr3pme on X:

https://x.com/Rhynorater

https://x.com/rez0__

https://x.com/gr3pme

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today's Sponsor: ThreatLocker. Check out ThreatLocker Elevation Control

https://ctbb.show/tl-ec

====== Resources ======

Nowasky's Tweet #1

https://x.com/nowaskyjr/status/1993421017381744974

Nowasky's Tweet #2

https://x.com/nowaskyjr/status/1992717862398800081

rep+ in Chrome DevTools

https://x.com/BourAbdelhadi/status/1992622964077179229

Terjanq Post from 2021

https://x.com/terjanq/status/1421093136022048775

====== Timestamps ======

(00:00:00) Introduction

(00:02:58) Client-side news & AI Updates

(00:12:02) Third-Party Cookie Nuances & PostMessages

(00:30:09) Iframe Tricks

(00:47:43) URL Parsing, CSPTS, and Client-side Routes