Critical Thinking - Bug Bounty Podcast
Justin Gardner (Rhynorater), Joseph Thacker (Rez0), & Brandyn Murtagh (gr3pme)

Dernier épisode
184 épisodes
- Episode 182: In this episode of Critical Thinking - Bug Bounty Podcast we talk about some recent bugs involving WPM, MCP, and a possible emerging bug class using Wayback. We also talk about some GraphQL Hackbot finds, and what AI’s #1 mission should be.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
https://x.com/Rhynorater
https://x.com/rez0__
https://x.com/gr3pme
Critical Research Lab:
https://lab.ctbb.show/
Need a Pentest? We just launched CTBB Pentests!
https://pentest.ctbb.show/
Hack full time? Check out the Full-Time Hunter’s Guild!
https://ctbb.show/fthg
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
====== This Week in Bug Bounty ======
LeHack 2026 Recap
https://event.yeswehack.com/events/lehack-2026
Don’t eat the ChocoPoCs! How vulnerability researchers were repeatedly targeted by trojanised exploits
https://www.yeswehack.com/fr/news/chocopocs-vulnerability-researchers-trojanised-exploits
Navigating the AI Wave: How We're Keeping Security Research Meaningful
https://www.hackerone.com/blog/ai-driven-report-volume-insights-and-actions
====== Resources ======
Caido Skills
https://github.com/caido/skills/pull/22
Hunting For AWS Cognito Security
Misconfigurations
https://www.yassineaboukir.com/talks/NahamConEU2022.pdf
X MCP
https://docs.x.com/tools/mcp
US South Summer Sessions: Hack the Heat
https://h1.community/events/details/hackerone-us-south-hackerone-club-presents-us-south-summer-sessions-hack-the-heat/
====== Timestamps ======
(00:00:00) Introduction
(00:08:31) WPM Bug & Wayback to Guest Bearer
(00:18:42) GraphQL Hackbot Finds, Fable Updates, & AI's #1 Mission
(00:29:45) MCP, US South H1 Event, & AI Sandbox Escapes - Episode 181: In this episode of Critical Thinking - Bug Bounty Podcast Joseph and XSSDoctor talk about building a Hackbot.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
https://x.com/Rhynorater
https://x.com/rez0__
https://x.com/gr3pme
Critical Research Lab:
https://lab.ctbb.show/
Need a Pentest? We just launched CTBB Pentests!
https://pentest.ctbb.show/
Hack full time? Check out the Full-Time Hunter’s Guild!
https://ctbb.show/fthg
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today's Sponsor: Check out Zero Trust Network Access:
https://www.criticalthinkingpodcast.io/tl-ztna
====== Resources ======
Are bug bounties cooked?
https://hakluke.com/are-bug-bounties-cooked
We built a Hackbot
https://josephthacker.com/hacking/2026/07/01/we-built-a-hackbot.html
====== Timestamps ======
(00:00:00) Introduction
(00:07:22) Manual vs. AI Hacking
(00:17:27) Building a Hackbot
(00:23:53) Negatives of Hackbots
(00:31:34) Logistics and Problems of Singularity
(00:46:21) Successes - Episode 180: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Steve Hernandez, founder of the Bug Bounty Maturity Framework (BBMF), to walk us through the inaugural State of Bug Bounty Maturity Posture Report. We go through the scores and cover Asset Hygiene, Operational Signal, how to re-engage the relationship between trust and researcher participation.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
https://x.com/Rhynorater
https://x.com/rez0__
https://x.com/gr3pme
Critical Research Lab:
https://lab.ctbb.show/
Need a Pentest? We just launched CTBB Pentests!
https://pentest.ctbb.show/
Hack full time? Check out the Full-Time Hunter’s Guild!
https://ctbb.show/fthg
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today’s Guest: https://x.com/SteveHernandezM
Email Steve at info@bugbountymaturity.com
Fill out this form to enter a Critical Thinkers raffle
https://forms.ctbb.show/mdaz
====== Resources ======
State of Bug Bounty Maturity Posture
https://bugbountymaturity.com/research/state-of-bug-bounty-maturity-posture-2026
Take the Bug Bounty Maturity Assessment
https://bugbountymaturity.com/assessment
AI Is Compressing the Bug Bounty Maturity Curve
https://bugbountymaturity.com/research/ai-is-compressing-the-bug-bounty-maturity-curve
====== Timestamps ======
(00:00:00) Introduction
(00:04:09) State of Bug Bounty Maturity Posture
(00:22:33) Researcher Interface & Program Trust
(00:44:38) Maturity Bands and Scoring
(01:08:19) AI Is Compressing the Bug Bounty Maturity Curve - Episode 179: In this episode of Critical Thinking - Bug Bounty Podcast we talk about how to stay motivated and keep the vibes strong during this trying time for Bug Bounty.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
https://x.com/Rhynorater
https://x.com/rez0__
https://x.com/gr3pme
Critical Research Lab:
https://lab.ctbb.show/
Need a Pentest? We just launched CTBB Pentests!
https://pentest.ctbb.show/
Hack full time? Check out the Full-Time Hunter’s Guild!
https://ctbb.show/fthg
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today's Sponsor: Check out Zero Trust Cloud Access:
https://www.threatlocker.com/capabilities/zero-trust-cloud-access
====== Timestamps ======
(00:00:00) Introduction
(00:04:57) Managing Hacker Motivation
(00:10:45) Community, Competition, & Curosity
(00:16:54) Using AI with Passion
(00:23:10) The LHE Method & Sharing Wins
(00:28:01) Video POCs, Scripts, & Talking about Bugs
(00:40:49) Watching your health & stopping mid-hack - Episode 178: In this episode of Critical Thinking - Bug Bounty Podcast we’re back with BruteCat to finish up our discussion on hacking Google. This week we hit AI.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
https://x.com/Rhynorater
https://x.com/rez0__
https://x.com/gr3pme
Critical Research Lab:
https://lab.ctbb.show/
Need a Pentest? We just launched CTBB Pentests!
https://pentest.ctbb.show/
Hack full time? Check out the Full-Time Hunter’s Guild!
https://ctbb.show/fthg
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today’s Guest: https://x.com/brutecat
====== Resources ======
Hacking Google with AI
https://brutecat.com/articles/hacking-google-with-ai/
====== Timestamps ======
(00:00:00) Introduction
(00:03:07) Discovery Docs Refresher & AI at BugSWAT Mexico
(00:30:49) Auth & Enumeration of Referer and Origin
(00:45:59) Pwning Google Stories
(01:09:32) Batch Execute & GraphQL
Plus de podcasts Technologies
Podcasts tendance de Technologies
À propos de Critical Thinking - Bug Bounty Podcast
A "by Hackers for Hackers" podcast focused on technical content ranging from bug bounty tips, to write-up explanations, to the latest hacking techniques.
Site web du podcastÉcoutez Critical Thinking - Bug Bounty Podcast, On refait le Mac - ORLM ou d'autres podcasts du monde entier - avec l'app de radio.fr

Obtenez l’app radio.fr gratuite
- Ajout de radios et podcasts en favoris
- Diffusion via Wi-Fi ou Bluetooth
- Carplay & Android Auto compatibles
- Et encore plus de fonctionnalités
Obtenez l’app radio.fr gratuite
- Ajout de radios et podcasts en favoris
- Diffusion via Wi-Fi ou Bluetooth
- Carplay & Android Auto compatibles
- Et encore plus de fonctionnalités


Critical Thinking - Bug Bounty Podcast
Scannez le code,
Téléchargez l’app,
Écoutez.
Téléchargez l’app,
Écoutez.




































