Critical Thinking - Bug Bounty Podcast (@ctbbpodcast) / X

Critical Thinking - Bug Bounty Podcast

2,682 posts

Critical Thinking - Bug Bounty Podcast

@ctbbpodcast

A 'by Hackers for Hackers' podcast focused on technical bug bounty content. Exploits, techniques, stories, bounties. Hosts: @rhynorater, @rez0__, @gr3pme

getting intimate with your app

criticalthinkingpodcast.io

Joined December 2022

Following

26.1K

Followers

Pinned
Critical Thinking - Bug Bounty Podcast
@ctbbpodcast
Jan 11, 2025
Useful links: - Our Discord: ctbb.show/discord-pinned - Our Critical Thinkers Tier (MasterClasses, Exclusive Tools, 0-day -> bug bounty services, MUCH more): ctbb.show/cters-pinned - Our Full-time Bug Hunter's Guild (application only): ctbb.show/fthg-pinned
31K
Critical Thinking - Bug Bounty Podcast
@ctbbpodcast
Aug 7, 2023
IIS Hacking tips from the latest episode with the master himself @infosec_au: 1. NEVER leave that blue IIS page un-touched "You see that blue page that comes up when you hit an IIS server? That should be your point where you think, I'm gonna find criticals on this bad boy.
92K
Critical Thinking - Bug Bounty Podcast
@ctbbpodcast
Jan 9, 2023
We've released the first episode! Check it out here and at MOST of your favorite podcast provider locations. Apple and Google are being a bit slow... but should be up by the end of the week at the latest. Hope you all enjoy and shoot us some feedback!
rss.com
Free Podcast Hosting – Unlimited Episodes & Audio | RSS.com
Start your podcast free with RSS.com! Unlimited episodes, RSS feed, analytics, and tools to grow and monetize your show.
74K
Critical Thinking - Bug Bounty Podcast
@ctbbpodcast
May 15, 2025
Sharon Brizinov made ~$64k by recovering secrets from deleted files in public Git repos. Even after using git rm, files remain in the history stored in the .git/objects dir until garbage collection runs. Here's the command to use:
22K
Critical Thinking - Bug Bounty Podcast
@ctbbpodcast
Dec 15, 2024
How to earn $100k in your first year of bug bounty hunting! In a recent tweet, @Rhynorater outlined his roadmap for hitting $100k in his first year of bug bounty hunting (if he had to start from scratch). Here's what he'd do:
31K
Critical Thinking - Bug Bounty Podcast
@ctbbpodcast
Nov 25, 2024
How to find the manifest.json file of any Chrome extension: 1. Go to chrome://extensions 2. Turn on Developer mode 3. Copy the extension ID 4. Go to ~/Library/Application Support/Google/Chrome/Default/Extensions 5. Find the matching ID then find the manifest.json file!
00:00
27K
Critical Thinking - Bug Bounty Podcast
@ctbbpodcast
Jul 1, 2025
If the target sets X-Frame-Options: DENY, you can’t iframe it to abuse session context. But @slonser_ points out a slick workaround: use the fetchLater() API to schedule deferred requests that execute even after the page is closed or navigated away from.
30K
Critical Thinking - Bug Bounty Podcast
@ctbbpodcast
Sep 3, 2024
Frans Rosen was on the pod last week and dropped some mind-bending X-Correlation Injection research on us. Including these gems on how to test for it... 1/7
29K
Critical Thinking - Bug Bounty Podcast
@ctbbpodcast
Jan 29, 2025
Windows ANSI-to-Unicode conversions can break apps! Best-fit mappings may misinterpret characters (￥ → \\), creating unexpected bugs. Always make sure to test these encoding edge cases for vulnerabilities! (credit: @orange_8361 and @_splitline_)
16K
Critical Thinking - Bug Bounty Podcast
@ctbbpodcast
Aug 15, 2024
7 methods to find all parameters in a page's JS: url.searchParams url.searchParams.get url.searchParams.has window.location.href window.location.search history.pushState history.replaceState There are a ton more but this is a good place to start!
00:00
13K
Critical Thinking - Bug Bounty Podcast
@ctbbpodcast
May 28, 2024
Huge XSS dropped affecting PDF.js - the default PDF viewer for Firefox! Caused by insecure glyph rendering, where PDF content is directly eval'ed into JS, allowing execution of payloads embedded in font definitions like this: /FontMatrix [1 2 3 4 5 (0\\); alert\\('foobar')]
23K
Critical Thinking - Bug Bounty Podcast
@ctbbpodcast
Dec 5, 2023
<script> x.y(1, INJECT) </script> Where x is undefined and you can't use "<". How do you pop this XSS? JS Hoisting.
00:00
33K
Critical Thinking - Bug Bounty Podcast
@ctbbpodcast
Oct 2, 2024
If you're struggling to trigger XSS via a file upload, this is for you! The mime type RFC has exploitable quirks that allow XSS through unexpected content types. Here are some of those types: (Shout out to @Black2Fan for this research!)
12K
Critical Thinking - Bug Bounty Podcast
@ctbbpodcast
Aug 6, 2024
This JS function = XSS as a Service!
00:00
19K