

Critical Thinking - Bug Bounty Podcast
Justin Gardner (Rhynorater) & Joseph Thacker (Rez0)
A "by Hackers for Hackers" podcast focused on technical content ranging from bug bounty tips, to write-up explanations, to the latest hacking techniques.
Episodes
Mentioned books

Oct 26, 2023 • 59min
Episode 42: Renniepak Interview & Intigriti LHE Recap
In this episode, the podcast covers topics like NFT vulnerability, XSS attacks, hacker tattoos, and the correlation between creativity and hacking. They also discuss shared workspaces, managing finances as bug bounty hunters, and different approaches to hacking and vulnerability types.

Oct 19, 2023 • 17min
Episode 41: Mini Masterclass: Attack Vector Ideation
Learn how to think like a human instead of just a hacker to uncover vulnerabilities in web applications. Explore techniques for reading documentation, finding vulnerabilities in applications, and attack vector ideation in bug bounty programs. Discover the power of thorough testing, human-like usage, exploring GitHub issues, and modifying UI elements for bug discovery. Emphasize the importance of investigating the application from a user's perspective and not shying away from investing in bug bounties.

Oct 12, 2023 • 1h 32min
Episode 40: Bug Bounty Mentoring
In this episode, the podcast explores the world of bug bounty mentorships. They discuss the importance of mentorship, challenges of transitioning from being mentored to self-education, and the necessity of continuous learning in bug bounty. The speakers also share their experiences with bug bounties, the significance of motivation and hard work, finding passion in bug bounty hunting, and collaborating with other hackers and mentors.

Oct 5, 2023 • 1h 21min
Episode 39: The Art of Architectures
In this podcast, they discuss new updates from Chrome, GPT-4 and SAML presentations. They also talk about using blind trust in web architecture, different web architectures, and the possibility of a secure storage API. Additionally, they share their experiences with Macs and non-Apple laptops for audio production, and discuss hacking Google Flights.

Sep 28, 2023 • 43min
Episode 38: Mobile Hacking Maestro: Sergey Toshin
Renowned mobile hacking maestro Sergey Toshin shares his unexpected journey into mobile security and his rise to becoming the top hacker in Google Play Security and Samsung Bug Bounty programs. They discuss evolving perception of mobile bugs, new attack vectors, and creation of mobile security company Oversecured.

Sep 21, 2023 • 1h 15min
Episode 37: Tokyo Hacking & Interview with 0xLupin
In this episode, 0xLupin, a security researcher and bug bounty enthusiast, joins the show. They discuss the Tokyo LHE, their journey into security research, and the benefits of collaboration. They also touch on pair hacking, joining a team, and starting a business together. The podcast covers some great tools for collaboration and offers valuable insights into the world of bug bounty hunting.

Sep 14, 2023 • 1h 4min
Episode 36: Bug Bounty Ethics & CT Exclusive Bug Reports
On this episode, the hosts discuss bug bounty ethics, including going out of scope. They also share a suspenseful story of Justin getting shot at. Other topics covered include setting up a mobile intercept proxy, Google open redirects, recent XSS exploitation, and bug reports from both hosts.

Sep 7, 2023 • 1h 25min
Episode 35: King of Collaboration: Douglas Day
Renowned bug bounty hunter, Douglas Day, shares his unique methodologies and collaborative spirit. Topics discussed include finding new endpoints, exploiting Intercom widgets, collaboration preferences at live hacking events, justifying hobbies, and finding enjoyment in the bug hunting process.

Aug 31, 2023 • 2h 11min
Episode 34: Program vs Hacker Debate
In this episode of a bug bounty podcast, the hosts have a debate representing hackers and program managers. They discuss topics such as Disclosures, Dupes, Zero-Day Policy, payouts, budgets, Triage, and Retesting. They also touch on domains, transparency, bug severity ratings, budget allocation, retesting vulnerabilities, bug fix verification, bug report handling process, promoting security, changing contracting models, and live hacking events.

Aug 24, 2023 • 1h 22min
Episode 33: The Master of Hacker Show&Tell: Inti De Ceukelaire
Episode 33: In this episode of Critical Thinking - Bug Bounty Podcast, we welcome Inti De Ceukelaire, a seasoned bug hunter known for his creative storytelling and impactful show-and-tell bugs…and let us tell you, his stories do not disappoint! From his bug bounty journey to some pretty wild hacks, Inti captivates us as only Inti can. We discuss the potential life-saving impact of bug bounty reports, especially in areas such as transportation and medical devices. We also cover hacker mentality, the benefits of objective-based challenges, and the need for collaboration and alignment within the bug bounty community. It’s a mesmerizing episode, so sit back and be swept away by Inti’s tales.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterToday’s Guest:https://twitter.com/securintiInti's Shopify Show-and-Tellhttps://hackerone.com/reports/1086108Hakluke's article on Bug Bounty Standardshttps://github.com/hakluke/bug-bounty-standardsResearching MissingNo Glitch in Pokemonhttps://youtu.be/p8OBktd42GIIntigritihttps://www.intigriti.com/Timestamps:(00:00:00) Introduction(00:03:01) Show-and-Tells and Storytelling in Live Hacking Events(00:08:30) Impact Assessment and the potential real-life significance of reporting vulnerabilities.(00:13:50) Ethical dilemmas, gaming the systems, and safe harbor.(00:23:30) Inti’s Hacking Journey(00:27:26) Hacker mentality, brainstorming, and goal-setting.(00:46:28) The benefit of mental resets, fresh perspectives, and ‘surprise collaboration’(00:52:55) Inti’s Story 1: CSS Injection bugs(01:06:20) Inti’s Story 2: The Ticket Trick(01:14:00) Inti’s Story 3: The Gotcha PasswordBug(01:18:30) Upcoming Intigriti Live Hacking Event