Critical Thinking - Bug Bounty Podcast
by Justin Gardner (Rhynorater), Joseph Thacker (Rez0), & Brandyn Murtagh (gr3pme)
Is this your podcast?Insights from recent episode analysis
Audience Interest
Podcast Focus
Publishing Consistency
Platform Reach
Insights are generated by CastFox AI using publicly available data, episode content, and proprietary models.
Most discussed topics
Brands & references
Total monthly reach
Estimated from 11 chart positions in 11 markets.
By chart position
- 🇨🇦CA · Technology#1235K to 30K
- 🇰🇷KR · Technology#1801K to 10K
- 🇻🇳VN · Technology#703K to 10K
- 🇧🇪BE · Technology#753K to 10K
- 🇦🇪AE · Technology#883K to 10K
- Per-Episode Audience
Est. listeners per new episode within ~30 days
5.4K to 26K🎙 Daily cadence·170 episodes·Last published 6d ago - Monthly Reach
Unique listeners across all episodes (30 days)
18K to 88K🇨🇦34%🇰🇷11%🇻🇳11%+8 more - Active Followers
Loyal subscribers who consistently listen
7.2K to 35K
Market Insights
Platform Distribution
Reach across major podcast platforms, updated hourly
Total Followers
—
Total Plays
—
Total Reviews
—
* Data sourced directly from platform APIs and aggregated hourly across all major podcast directories.
On the show
From 17 epsHosts
Recent guests
Recent episodes
Episode 179: Maintaining Motivation in Post-AI Bug Bounty World
Jun 18, 2026
Unknown duration
Episode 178: 600k in ~3 months - BruteCat pt 2
Jun 11, 2026
1h 23m 56s
Episode 177: 2x Google RCE with VRP Legend Brutecat
Jun 4, 2026
1h 25m 27s
Episode 176: 600+ CVEs on Adobe AEM with Jim Green (GreenJam)
May 28, 2026
1h 50m 49s
Episode 175: Rhyno’s Hackbot Setup, Sick Bugs, and ZDI Drama
May 21, 2026
49m 50s
Social Links & Contact
Official channels & resources
Official Website
Login
RSS Feed
Login
| Date | Episode | Topics | Guests | Brands | Places | Keywords | Sponsor | Length | |
|---|---|---|---|---|---|---|---|---|---|
| 6/18/26 | Episode 179: Maintaining Motivation in Post-AI Bug Bounty World | Episode 179: In this episode of Critical Thinking - Bug Bounty Podcast we talk about how to stay motivated and keep the vibes strong during this trying time for Bug Bounty.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/ Need a Pentest? We just launched CTBB Pentests!https://pentest.ctbb.show/Hack full time? Check out the Full-Time Hunter’s Guild!https://ctbb.show/fthg====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor: Check out Zero Trust Cloud Access:https://www.threatlocker.com/capabilities/zero-trust-cloud-access====== Timestamps ======(00:00:00) Introduction(00:04:57) Managing Hacker Motivation(00:10:45) Community, Competition, & Curosity(00:16:54) Using AI with Passion(00:23:10) The LHE Method & Sharing Wins(00:28:01) Video POCs, Scripts, & Talking about Bugs(00:40:49) Watching your health & stopping mid-hack | — | ||||||
| 6/11/26 | Episode 178: 600k in ~3 months - BruteCat pt 2✨ | hackingAI+4 | BruteCat | GoogleCritical Research Lab+5 | — | bug bountyhacking+5 | — | 1h 23m 56s | |
| 6/4/26 | Episode 177: 2x Google RCE with VRP Legend Brutecat✨ | bug bountyhacking+3 | BruteCat | GoogleYouTube+3 | — | bug bountyGoogle Cloud+3 | ThreatLocker | 1h 25m 27s | |
| 5/28/26 | Episode 176: 600+ CVEs on Adobe AEM with Jim Green (GreenJam)✨ | Adobe AEMbug bounty+4 | Jim Green | Critical Research LabCTBB Pentests+4 | — | Adobe AEMbug bounty+5 | AdobeCTBB063026 | 1h 50m 49s | |
| 5/21/26 | Episode 175: Rhyno’s Hackbot Setup, Sick Bugs, and ZDI Drama✨ | Hackbot setupsZDI drama+3 | — | Critical Research LabZero Trust Cloud Access+2 | — | HackbotZDI+4 | ThreatLocker | 49m 50s | |
| 5/14/26 | Episode 174: Saving Bug Bounty Programs + AMPScript, tessl & GPT-5.5✨ | bug bounty programsAI in security+3 | — | Searchlight CyberwatchTowr+5 | — | bug bountycybersecurity+3 | — | 1h 09m 57s | |
| 5/7/26 | Episode 173: Bug Bounty is Dead and AI Killed it.✨ | AI impactBug Bounty+3 | — | Critical Research Lab | — | AIBug Bounty+3 | Zero Trust Cloud Access | 1h 01m 30s | |
| 4/30/26 | Episode 172: Source Code Review Meta Analysis✨ | Source Code ReviewMeta Analysis+3 | — | — | — | source code reviewbug bounty+5 | AdobeCTBB063026 | 51m 01s | |
| 4/23/26 | Episode 171: Path-Scoped Cookie Hacks with Uppercase & Post-based Raw Protobuf XSS✨ | bug bountyhacking tips+4 | — | Critical Research LabYesWeHack | — | bug bountyhacking+5 | ThreatLocker | 22m 44s | |
| 4/16/26 | Episode 170: Claude Code + Tmux, Websockets, and Other Korea LHE Takeaways✨ | bug bountytechnology+4 | — | Critical Research Lab | Korea | bug bountyKorea+5 | — | 32m 50s | |
Want analysis for the episodes below?Free for Pro Submit a request, we'll have your selected episodes analyzed within an hour. Free, at no cost to you, for Pro users. | |||||||||
| 4/9/26 | Episode 169: Attacking OAuth 2.1✨ | OAuth 2.1bug bounty+4 | gr3pme | IntigritiCloudflare+6 | — | OAuthbug bounty+5 | ThreatLockerCODE | 30m 16s | |
| 4/2/26 | Episode 168: XSSDoctor - Client-side Path Traversal Research✨ | Client-side Path TraversalBug Bounty+4 | Jonathan | XSSDoctorYTCracker+2 | — | XSSClient-side+6 | — | 1h 35m 55s | |
| 3/26/26 | Episode 167: Stealing Bugs with Valeriy Shevchenko✨ | bug bountyprogram management+4 | Valeriy Shevchenko | HackerOneIntigriti+2 | — | bug bountyprogram management+8 | ThreatLocker | 51m 40s | |
| 3/19/26 | Episode 166: Rez0’s Top Claude Skill Secrets✨ | AI Generated reportsClaude Skill Secrets+4 | Rez0 | IntigritiCritical Research Lab+1 | — | bug bountyAI reports+5 | Adobe | 53m 02s | |
| 3/12/26 | Episode 165: Protobuf Hacking, AI-Powered Bug Hunting, and Self-Improving Claude Workflows✨ | Protobuf HackingAI-Powered Bug Hunting+4 | — | Critical Research LabHackerOne+2 | — | bug bountyAI hacking+4 | ThreatLocker | 44m 23s | |
| 3/5/26 | Episode 164: Tommy DeVoss: From Black Hat to Bug Bounty LEGEND✨ | bug bountyhacking+4 | Tommy DeVoss | YahooYTCracker+2 | — | bug bountyhacking+5 | — | 1h 11m 56s | |
| 2/26/26 | Episode 163: Best Technical Takeaways from Portswigger Top 10 2025✨ | web hackingsecurity techniques+3 | — | Portswigger | — | web hacking techniquesPortswigger+3 | — | 1h 08m 23s | |
| 2/19/26 | Episode 162: HackerOne Training AI on Bug Bounty Data?✨ | bug bountyAI+3 | Alex Rice | HackerOneCritical Research Lab | — | bug bountyHackerOne+5 | Zero Trust WorldZTWCTBB26 | 53m 22s | |
| 2/12/26 | Episode 161: Cross-Consumer Attacks & DTMF Tone Exfil | Episode 161: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gives us some quick hits regarding CSRF and Cross Consumer Attacks, and also touches on some breaking questions surrounding HackerOneFollow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/ ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor: Join Justin at Zero Trust World in March and get $200 off registration with Code ZTWCTBB26https://ztw.com/====== This Week in Bug Bounty ======AS Watsonhttps://app.intigriti.com/programs/aswatson/watsons/detailYesWeHack 2026 Reporthttps://choose.yeswehack.com/bug-bounty-report-2026-trends-and-key-insights-yeswehack?utm_source=youtube&utm_medium=sponsor-critical-thinking&utm_campaign=yeswehack-report-2026 ====== Resources ======PhoneLeak: Data Exfiltration in Gemini via Phone Callhttps://blog.starstrike.ai/posts/phoneleak-data-exfiltration-in-gemini-via-phone-call/Max's Tweet about decreasing bountieshttps://x.com/0xw2w/status/2020788164378427483HackerOne General Terms and Conditionshttps://www.hackerone.com/terms/generalResearch Review #-2: RCE in Google's AI code editor Antigravity (sudi)https://www.youtube.com/watch?v=JqvJSF2UMyY====== Timestamps ======(00:00:00) Introduction(00:03:26) YesWeHack 2026 Report(00:09:12) CSRF Realizations & Data Exfiltration in Gemini via Phone Call(00:14:38) 7urb0's Youtube, HackerOne decreasing bounties and Section 3.1 controversy.(00:19:06) Cross Consumer Attacks | — | ||||||
| 2/5/26 | Episode 160: Cloudflare Zero-days & Mail Unsubscribing for XSS | Episode 160: In this episode of Critical Thinking - Bug Bounty Podcast Joseph and Brandyn. Chat through some news, Including a Cloudflare Zero-day, Turning List-Unsubscribe into an SSRF/XSS Gadget, & Magic String Denial of Service in Claude.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/ ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today’s Sponsor: Adobe.Use code CTBB040126, and get a 10% bonus on your bounty for any AI vulnerability which is mapped to the OWASP LLM top 10.Valid on Adobe Acrobat Web - AI Assistant / PDF Spaces / Content Creation and presentation features using ExpressAdobe Express AI Assistant. Valid through April 1st, 2026Also we have a Google Cloud VRP Swag Bonus! Mention the podcast in any rewarded (cash or credit) VRP report submission before the end of April to receive bonus swag!====== Resources ======Cloudflare Zero-dayhttps://fearsoff.org/research/cloudflare-acmeTurning List-Unsubscribe into an SSRF/XSS Gadgethttps://security.lauritz-holtmann.de/post/xss-ssrf-list-unsubscribe/Breaking Multi-Tenant Isolation in Heroku Postgreshttps://allistair.sh/blog/breaking-heroku-postgres/Parse and Parse: MIME Validation Bypass to XSS via Parser Differentialhttps://lab.ctbb.show/research/parse-and-parse-mime-validation-bypass-to-xss-via-parser-differentialClaude Magic String Denial of Servicehttps://x.com/Frichette_n/status/2013988503336415522From WebView to Remote Code Injectionhttps://djini.ai/from-webview-to-remote-code-injection/DOM XSS Is Not Dead: The Rise of Polyglot Payloadshttps://blogs.jsmon.sh/dom-xss-is-not-dead-the-rise-of-polyglot-payloads/====== Timestamps ======(00:00:00) Introduction(00:06:17) Cloudflare Zero-day & Turning List-Unsubscribe into an SSRF/XSS Gadget(00:16:57) Breaking Multi-Tenant Isolation in Heroku Postgres & CTBB Research(00:25:46) Claude Magic String Denial of Service & From WebView to Remote Code Injection | — | ||||||
| 1/29/26 | Episode 159: Avoiding Downgrades on Google Cloud VRP with Cote and Darby Hopkins | Episode 159: In this episode of Critical Thinking - Bug Bounty Podcast we sit down with the Google Cloud VRP Team to deep-dive policy and reward changes, what the panel process looks like, and how to best configure for success.Follow us on XGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X:====== Ways to Support CTBBPodcast ======Hop on the CTBB DiscordWe also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Get some hacker swagToday's Sponsor: Join Justin at Zero Trust World in March and get $200 off registration with Code ZTWCTBB26https://ztw.com/Google Cloud VRP Swag Bonus! Mention the podcast in any rewarded (cash or credit) VRP report submission before the end of April to receive bonus swag!Today’s Guests:Darby HopkinsMichael Cote====== This Week in Bug Bounty ======AI Red Teaming Explained by AI Red TeamersGood Faith AI Research Safe HarborJoin the Adobe LHE at NULLCON GOA====== Resources ======‘Legendary Guy’ - Jakub DomerackiGoogle Cloud VRP rewards rulesGoogle Cloud VRP product tiersBug Hunters blog on the 2025 Google Cloud VRP bugSWATGoogle VRP DiscordGoogle VRP on X====== Timestamps ======(00:00:00) Introduction(00:10:03) CloudVRP Bugswat Event Breakdown(00:16:40) VRP Policy & Rewards Changes(00:04:50) Panel Process(01:00:08) Configuring for Success & Avoiding Downgrades(01:33:47) Scenarios for Success | — | ||||||
| 1/22/26 | Episode 158: 10hr Marathon Hack-Along Recap + $300k Client-side Bugs | Episode 158: In this episode of Critical Thinking - Bug Bounty Podcast we talk about our personal takeaways from the CTBB Charity Hackalong, and then break down some InsertScript POCs, what a $55,000 bug can look like, and if Smart People Ever Say They’re Smart.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/ ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor: Join Justin at Zero Trust World in March and get $200 off registration with Code ZTWCTBB26https://ztw.com/====== Resources ======InsertScript - XSS Challenge Solutionhttps://insert-script.blogspot.com/2020/03/xss-challenge-solution-refresh-header.htmlInsertScript - Redirect AuthHeaderhttps://www.insert-script.com/examples/redirectAuthHeader/send.htmlCRLF injection on a 302 redirecthttps://x.com/0xdef1ant/status/2009040359482118500Multiple XSS in Meta Conversion API Gateway Leading to Zero-Click Account Takeoverhttps://ysamm.com/uncategorized/2025/01/13/capig-xss.htmlArcanum Hack Tipshttps://github.com/Arcanum-Sec/hack_tipsTrail of Bits Releases Claude Skillshttps://x.com/dguido/status/2011541318229533063what a $55,000 bug can look likehttps://x.com/the_IDORminator/status/2007480636244697237Pwning Claude Code in 8 Different Wayshttps://flatt.tech/research/posts/pwning-claude-code-in-8-different-ways/Do Smart People Ever Say They’re Smart?https://labs.watchtowr.com/do-smart-people-ever-say-theyre-smart-smartertools-smartermail-pre-auth-rce-cve-2025-52691/====== Timestamps ======(00:00:00) Introduction(00:04:18) Technical takeaways from CT Charity Hackalong(00:22:21) InsertScript POCs & Rez0 and teknogeek's IOT Adventures(00:32:16) CRLF injection on a 302 redirect & Multiple XSS in Meta(00:41:00) Trail of Bits, what a $55,000 bug can look like, & Pwning Claude Code(00:54:16) Do Smart People Ever Say They’re Smart? | — | ||||||
| 1/15/26 | Episode 157: Crushing Pwn2Own & H1 with Kernel Driver Exploits | Episode 157: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Hypr to talk about hacking Mediatek and his experiences with HackerOne and Pwn2Own Ecosystems.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/ ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today’s Guest: https://x.com/hyprdude====== This Week in Bug Bounty ======Top 10 web hacking techniques of 2025: call for nominationshttps://portswigger.net/research/top-10-web-hacking-techniques-of-2025-nominations-openCVE-2025-13467https://access.redhat.com/security/cve/cve-2025-13467====== Resources ======Hypr's Bloghttps://blog.coffinsec.commediatek? more like media-rekt, amirite.https://blog.coffinsec.com/0days/2025/12/15/more-like-mediarekt-amirite.htmlkernel-utilshttps://github.com/mellow-hype/kernel-utils====== Timestamps ======(00:00:00) Introduction(00:03:23) Heap Overflow in Mediatek Kernel Drivers(00:19:23) Kernel Debugging & ioctl Handlers (00:43:30) Input Structs, Sync to Source, & Privilege Escalation (00:51:30) HackerOne Ecosystem vs Pwn2Own Ecosystem (01:17:00) Kernel Utils(01:26:46) Real World Bugs for Exploit Development vs CTFs | — | ||||||
| 1/8/26 | Episode 156: Chill AMA from bugbounty.forum | Episode 156: In this episode of Critical Thinking - Bug Bounty Podcast we answer some fantastic questions from over at bugbounty.forumFollow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X:https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pme====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!====== Resources ======Critical Thinking Lablab.ctbb.showCross-Site ETag Length Leakhttps://blog.arkark.dev/2025/12/26/etag-length-leakClawdbothttps://github.com/clawdbot/clawdbot/Post from Steve Caldwellhttps://x.com/moreconfetti/status/2006494133159162008====== Timestamps ======(00:00:00) Introduction(00:00:58) Crit Lab update(00:04:36) Cross-Site ETag Length Leak(00:13:26) Clawdbot(00:16:56) Will bug hunting become obsolete, LHE invitations, and Fulltime vs Part time?(00:30:52) 10 bugs at $5k or 1 bug at $5k, CTBB Background, & Future Plans(00:38:32) Mentoring, Conquering Classes, and what angles we implement from the podcast(00:49:27) Best approach on new targets, tips for making 500k in a year, AI/Vibecoding & Human in the Loop(00:59:07) Mentally mapping the target, anti-patterns that waste time, and BB beliefs that were wrong.(01:10:12) Tackling small scope, staying on one program, picking up after a break, & moving on(01:17:41) Invisible elements that make the difference between $2k and $20k | — | ||||||
| 1/1/26 | Episode 155: 2025 Hacker Stats & 2026 Goals | Episode 155: In this episode of Critical Thinking - Bug Bounty Podcast Justin, Joseph, and Brandyn reflect on last year of Bug Bounty, and list their goals and predictions for what 2026 holds.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pme====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!====== Resources ======2024 Hacker Stats & 2025 Goalshttps://blog.criticalthinkingpodcast.io/p/hackernotes-ep-104-2024-hacker-stats-2025-goals====== Timestamps ======(00:00:00) Introduction(00:02:08) 2025 Full Time Hunting Retrospective(00:10:19) Most Fulfilling Moments and Bugs(00:17:56) Satisfaction with 2025 Stats(00:45:28) Automation, Organization, and Collaboration(00:48:55) Time and Motivation(01:08:01) Goals and Predictions for Bug Bounty in 2026 | — | ||||||
Showing 25 of 179
Pitch Fit is a Pro feature
See how bookable this show is for guests, which brands already advertise, the per-episode ad value, and the best-fit guest and sponsor profile. The numbers are blurred on the free plan.
How readily this show books outside guests like you.
How proven this show is for host-read sponsorships.
For Guests
ProFor Advertisers
ProUpgrade to Pro to unlock guest cadence, sponsor categories, fit scores, and per-episode ad value for this show.
Chart Positions
11 placements across 11 markets.
Chart Positions
11 placements across 11 markets.