
Episode 169: Attacking OAuth 2.1
From Critical Thinking - Bug Bounty Podcast by Justin Gardner (Rhynorater), Joseph Thacker (Rez0), & Brandyn Murtagh (gr3pme)
April 9, 2026 · 30 min · Season 1 · Episode 169
About this episode
In this episode, the hosts discuss the changes from OAuth 2.0 to 2.1 and how hackers can exploit these changes.
Episode 169: In this episode of Critical Thinking - Bug Bounty Podcast gr3pme goes over some of the changes from OAuth 2.0 vs 2.1 and how Hackers can capitalize. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynorater https://x.com/rez0__ https://x.com/gr3pme Critical Research Lab: https://lab.ctbb.show/ ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord ! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch ! Today's Sponsor: Check out ThreatLocker Ringfencing https://www.criticalthinkingpodcast.io/tl-rf ====== This Week in Bug Bounty ====== Intigriti is providing free Burp Pro for Hackers! https://www.intigriti.com/blog/news/intigriti-collaborates-with-portswigger-to-support-ethical-hacking-excellence ======…
People in this episode
Hosts: Justin Gardner, Joseph Thacker, Brandyn Murtagh
Guest: gr3pme
Topics covered
- OAuth 2.1
- bug bounty
- ethical hacking
- security vulnerabilities
- account takeover
- PKCE Bypass
Keywords
- OAuth
- bug bounty
- security
- vulnerabilities
- ethical hacking
- account takeover
- PKCE
Sponsors
ThreatLocker
Mentioned in this episode
Organizations: Intigriti, Cloudflare, ZeroPath, Django-allauth, PortsWigger, Critical Research Lab
Books & works: OAuth 2.0, OAuth 2.1
More episodes of Critical Thinking - Bug Bounty Podcast
- Episode 178: 600k in ~3 months - BruteCat pt 2 · June 11, 2026 · 1h 24m
- Episode 177: 2x Google RCE with VRP Legend Brutecat · June 4, 2026 · 1h 25m
- Episode 176: 600+ CVEs on Adobe AEM with Jim Green (GreenJam) · May 28, 2026 · 1h 51m
- Episode 175: Rhyno’s Hackbot Setup, Sick Bugs, and ZDI Drama · May 21, 2026 · 50 min
- Episode 174: Saving Bug Bounty Programs + AMPScript, tessl & GPT-5.5 · May 14, 2026 · 1h 10m
- Episode 173: Bug Bounty is Dead and AI Killed it. · May 7, 2026 · 1h 2m
Explore listener stats, chart rankings, contacts and more on the Critical Thinking - Bug Bounty Podcast podcast page.