Critical Thinking - Bug Bounty Podcast
@ctbbpodcast
A 'by Hackers for Hackers' podcast focused on technical content ranging from bug bounty tips, to write-up explanations, to the latest exploitation techniques.
Useful links: - Our Discord: ctbb.show/discord-pinned - Our Critical Thinkers Tier (MasterClasses, Exclusive Tools, 0-day -> bug bounty services, MUCH more): ctbb.show/cters-pinned - Our Full-time Bug Hunter's Guild (application only): ctbb.show/fthg-pinned

Enjoyed @Rhynorater's and @rez0__ 's takes on our Christmas in July research on the CTBB podcast. Give it a listen for a good summary! We have two more blogs scheduled to publish this month, wrapping up our research push for Christmas in July. criticalthinkingpodcast.io/episode-131-ch…
Looking for new bypasses or gadgets in Chrome? Google publicly shares upcoming Chrome features through 'Intent to Ship' posts for community review. Definitely worth keeping an eye on 👇 groups.google.com/a/chromium.org… Shout-out to @ctbbpodcast for the tip!
HackerNotes TLDR for episode 130! — blog.criticalthinkingpodcast.io/p/hackernotes-… ►⠀HTML sanitiser bypass through tag nesting depth: Exploit sanitisers by wrapping malicious tags in multiple unclosed parent tags <p><p><p><p><p><audio/src/onerror=alert(1)>. Success rate may depend on the depth ratio…
Exploiting fetchLater() with Redirect Chaining
HackerNotes TLDR for episode 131! — blog.criticalthinkingpodcast.io/p/hackernotes-… ►⠀V1 Instance metadata Service Protections Bypass: An old writeup from 2019 with relevant takeaways in 2025. SSRF protections in Cloud providers can often be bypassed with URL validation discrepancies. Some neat…
New Episode is out! (and what a crazy one too) — youtu.be/z9sCrHTl_rM Justin is joined by Mathias Karlsson to discuss vulns associated with archives. They talk about his new tool, Archive Alchemist, explore topics like the significance of Unicode paths, symlinks, and TAR.
Clever Way to Weaponise AI Retrieval Systems
Check out @ctbbpodcast's Episode 120 to hear all about my new book "From Day Zero to Zero Day!" Thanks for having me, @Rhynorater 🙏 Watch now: youtube.com/watch?v=7ppNXE…
THIS is How You Bypass IP Allow-lists
don't hesitate to check out the latest episode of the pod, packed with the usual high-quality discussions and some great reads my latest article "Bug bounty, feedback, strategy, and alchemy" was mentioned along with some great insights/personal takeaways from Rhynorater and Rez0
Episode 131 is out! — youtu.be/r8K7T4kUGls In this episode we're covering Christmas in July with several banger articles from Searchlight Cyber, as well as covering things like Raycast for Windows, Third-Person prompting, and the recent McDonald's Leak!
Episode 131 is out! — youtu.be/r8K7T4kUGls In this episode we're covering Christmas in July with several banger articles from Searchlight Cyber, as well as covering things like Raycast for Windows, Third-Person prompting, and the recent McDonald's Leak!
From playing and hacking Minecraft to Google MVH!