Critical Thinking - Bug Bounty Podcast

Justin Gardner (Rhynorater), Joseph Thacker (Rez0), & Brandyn Murtagh (gr3pme)

Bug Bounty

Bug Bounty Hunting

Cybersecurity

XSS Vulnerabilities

Wordfence

Live Hacking Events

Portswigger

Collaboration In Security Research

XSS

Graphql

Hacking Techniques

Remote Code Execution

Automation

Race Condition Testing

HTTP Request Smuggling

HTML

Microsoft Teams

S3 Buckets

ASP.NET

Request Smuggling

A "by Hackers for Hackers" podcast focused on technical content ranging from bug bounty tips, to write-up explanations, to the latest hacking techniques.

538 ratings

Publishes	Weekly	Episodes	166	Founded	3 years ago
Number of Listeners		Category	Technology

Listen to this Podcast

Guests Hosts Reviews Charts Talking Points

Latest Episodes

Episode 166: Rez0’s Top Claude Skill Secrets

Episode 166: In this episode of Critical Thinking - Bug Bounty Podcast we talk about Rez0’s Claude Skill Secrets, when AI Generated reports fall apart, and agents vs filters.

Got any ideas and sugg... more

19 Mar 2026 • 53 min

Episode 165: Protobuf Hacking, AI-Powered Bug Hunting, and Self-Improving Claude Workflows

Episode 165: In this episode of Critical Thinking - Bug Bounty Podcast Justin recaps his Zero Trust World experience, before we dive into Permissions issues client-side bugs, New Hardware Hacking Classes, and using AI to hack.

12 Mar 2026 • 44 min

YouTube

Episode 164: Tommy DeVoss: From Black Hat to Bug Bounty LEGEND

Episode 164: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Tommy DeVoss to talk about his origin story, Yahoo bugs, and how Tommy first got Justin into Bug Bounty

5 Mar 2026 • 1 hr 11 min

YouTube

Episode 163: Best Technical Takeaways from Portswigger Top 10 2025

Episode 163: In this episode of Critical Thinking - Bug Bounty Podcast It’s that time of year again! We’re looking at the Portswigger Research list of top 10 web hacking techniques of 2025.

Got any... more

26 Feb 2026 • 1 hr 8 min

YouTube

Key Facts

Accepts Guests

Accepts Sponsors

Contact Information

Podcast Host

Number of Listeners

Find out how many people listen to this podcast per episode and each month.

Similar Podcasts

People also subscribe to these shows.

HackedHacked

CyberWire DailyN2K Networks

Darknet DiariesJack Rhysider

Hacking HumansN2K Networks

Risky BusinessRisky Business Media

Recent Guests

Tommy DeVoss

veteran hacker turned bug bounty researcher and educator

Independent security researcher / Bug Bounty hunter

Episode: Episode 164: Tommy DeVoss: From Black Hat to Bug Bounty LEGEND

Darby Hopkins

Security Engineer at Google Cloud

Google Cloud

Episode: Episode 159: Avoiding Downgrades on Google Cloud VRP with Cote and Darby Hopkins

Michael Cote

Security Engineer at Google Cloud

Google Cloud

Episode: Episode 159: Avoiding Downgrades on Google Cloud VRP with Cote and Darby Hopkins

Enrique HyperDude

Experienced hacker with a focus on kernel exploits and Pwn2Own

CoffinSec

Episode: Episode 157: Crushing Pwn2Own & H1 with Kernel Driver Exploits

Matt Brown

Expert in hardware hacking and bug bounties

Episode: Episode 153: Hacking the Robots of the Future: Hardware, AI, and Bug Bounties with Matt Brown

Sasi Levi

Expert in AI vulnerabilities and bug bounty hunter

Noma Security

Episode: Episode 152: GeminiJack and Agentic Security with Sasi Levi

Vitor Falcão

A bug bounty hunter and member of the Critical Thinking Bug Bounty Discord

Independent Bug Bounty Hunter

Episode: Episode 144: Google’s Top AI Hackers: Busfactor and Monke

Nick Copi

Active member of the Critical Thinking community and client-side hacking expert

Episode: Episode 141: Hacking the Pod - Google Docs 0-day & React CreateElement Exploits with Nick Copi (7urb0)

Jack Cable

Top bug bounty hunter and co-founder of Corridor.dev.

Corridor.dev

Episode: Episode 136: Hacking Cluely, AI Prod Sec, and How To Not Get Sued with Jack Cable

Hosts

Joseph

Co-host of the show, focused on bug bounty and security research discussions.

Justin

Co-host, providing analysis and commentary on bug bounty trends and security topics.

Reviews

4.9 out of 5 stars from 538 ratings

Solid!
Real advice from real hackers. Every show links super sick articles and has either an interview or a unique concept to talk about, such as maximizing collaborations or doing well at live hacking events.
The depth of knowledge about client-side security bugs is mind boggling to me. Much of the information in this podcast on client side concepts is very hard to find.
One of the shows hosts is very much Christian and isn’t afraid to show it. Gotta love that ✝️❤️
Apple Podcasts
5
Maxwell 'Strikeout' Dulin
United States9 months ago
A much needed resource
The podcast and the community gave me a kind of plausibility structure, a mental model, where I could genuinely see myself being successful. And once I had that, I started consistently investing time. And it paid off.
Apple Podcasts
5
Evan Connelly
United States10 months ago
Best Web Security Podcast In The History of All Security Podcasts
I listen to this podcast every single day. You will absolutely not find a single podcast matching the quality here. From the seasoned veterans that share cutting edge research on the pod, to the hosts that are absolute legends in the industry, there is no reason why you shouldn’t be tuned in and listening if you consider yourself involved in web app security. Thanks to everyone who makes Critical Thinking happen, you are truly making history with this pod. Thank you so much.
-Packet Surf3r
Apple Podcasts
5
Packet Surf3r
United Statesa year ago
Love to binge on my long trips to Mexico
Terrific podcast
Apple Podcasts
5
Reece O'Bryan
United Statesa year ago
Awesome content!
Awesome bug bounty content. Being a program manager myself and wannabe hunter, I love the content. I’m late to the party so I’m binge listening the episodes so I can be worthy of the sticker you gave me at defcon! Keep it up man love it.
Apple Podcasts
5
MaxGQC
Canadaa year ago

Embed These Reviews on a Website

Listeners Say

Key themes from listener reviews, highlighting what works and what could be improved about the show.

Audience appreciates guest diversity and actionable tools discussed.

Listeners praise the depth and practical takeaways for real-world bug hunting.

Feedback highlights the show's approachable yet technical vibe and community feel.

Some criticism around audio quality and pacing has been noted.

Many listeners say episodes are essential for staying current in bug bounty and web security.

Chart Rankings

How this podcast ranks in the Apple Podcasts, Spotify and YouTube charts.

Apple Podcasts	#221	United States/Technology
Apple Podcasts	#133	Canada/Technology
Apple Podcasts	#193	United Kingdom/Technology
Apple Podcasts	#108	Australia/Technology
Apple Podcasts	#207	France/Technology
Apple Podcasts	#40	New Zealand/Technology

Talking Points

Recent interactions between the hosts and their guests.

Episode 164: Tommy DeVoss: From Black Hat to Bug Bounty LEGEND

Q: How do you approach AI and fuzzing in your current workflow?

AI accelerates exploit development and RCA; I use it to build harnesses, automate testing paths, and draft explanations of what was tried and why it failed. It's not about replacing thinking, but about amplifying capabilities to explore more code paths quickly, especially in large targets like Chrome.

Episode 164: Tommy DeVoss: From Black Hat to Bug Bounty LEGEND

Q: What stood out about the Bug Bounty evolution and what's changed the most?

The biggest shift is from illicit activity and ad-hoc exploitation to formal programs with scope, rules, and payouts. More companies joined, competition increased, and the rewards scaled, especially with open-source VRP programs and big players like Google and Microsoft expanding incentives and responsible disclosure approaches.

Episode 164: Tommy DeVoss: From Black Hat to Bug Bounty LEGEND

Q: Can you summarize your path from early hacking to getting into bug bounties and security research?

I started in the 90s with IRC and botnets, moved through defacing sites, then shifted to more legitimate security research in the mid-2000s, which gradually led to bug bounty programs when Yahoo and Hack the Pentagon opened. A background in heavy experimentation and persistence helped me adapt to more structured, permitted testing and ultimately focus on high-value targets like Yahoo and Chrome VRP.

Episode 162: HackerOne Training AI on Bug Bounty Data?

Q: Can you provide some clarification about why that is in your terms of service and how you guys are using report data right now?

Alex explains that they are not training AI models on researcher submissions and discusses the reasons behind their terms of service.

Episode 160: Cloudflare Zero-days & Mail Unsubscribing for XSS

Q: What vulnerabilities did you find recently?

The major ones discussed were related to misconfigurations in Cloudflare's WAF and the use of list unsubscribe headers for SSRF and XSS attacks.

Audience Metrics

Listeners, social reach, demographics and more for this podcast.

Listeners per Episode
Gender Skew
Location
Interests
Professions
Age Range
Household Income
Social Media Reach

Frequently Asked Questions About Critical Thinking

What is Critical Thinking about and what kind of topics does it cover?

The show centers on practical bug bounty strategies, hands-on exploitation techniques, and real-world security research. Episodes frequently feature expert guests and hosts sharing high-signal insights—from parser quirks and client-side attacks to AI-assisted security and live-hacking event takeaways. With a friendly, technically deep vibe, it's likely to appeal to security researchers, bug bounty hunters, and developers who want actionable guidance and up-to-date industry perspectives. A notable strength is the blend of technical depth with community-driven content, guest conversations, and practical demonstrations that often translate into real-world hunting and program interaction tactics.

Where can I find podcast stats for Critical Thinking?

Rephonic provides a wide range of podcast stats for Critical Thinking. We scanned the web and collated all of the information that we could find in our comprehensive podcast database. See how many people listen to Critical Thinking and access YouTube viewership numbers, download stats, audience demographics, chart rankings, ratings, reviews and more.

How many listeners does Critical Thinking get?

Rephonic provides a full set of podcast information for three million podcasts, including the number of listeners. View further listenership figures for Critical Thinking, including podcast download numbers and subscriber numbers, so you can make better decisions about which podcasts to sponsor or be a guest on. You will need to upgrade your account to access this premium data.

What are the audience demographics for Critical Thinking?

Rephonic provides comprehensive predictive audience data for Critical Thinking, including gender skew, age, country, political leaning, income, professions, education level, and interests. You can access these listener demographics by upgrading your account.

How many subscribers and views does Critical Thinking have?

To see how many followers or subscribers Critical Thinking has on Spotify and other platforms such as Castbox and Podcast Addict, simply upgrade your account. You'll also find viewership figures for their YouTube channel if they have one.

Which podcasts are similar to Critical Thinking?

These podcasts share a similar audience with Critical Thinking:

1. Hacked
2. CyberWire Daily
3. Darknet Diaries
4. Hacking Humans
5. Risky Business

How many episodes of Critical Thinking are there?

Critical Thinking launched 3 years ago and published 166 episodes to date. You can find more information about this podcast including rankings, audience demographics and engagement in our podcast database.

How do I contact Critical Thinking?

Our systems regularly scour the web to find email addresses and social media links for this podcast. We scanned the web and collated all of the contact information that we could find in our podcast database. But in the unlikely event that you can't find what you're looking for, our concierge service lets you request our research team to source better contacts for you.

Where can I see ratings and reviews for Critical Thinking?

Rephonic pulls ratings and reviews for Critical Thinking from multiple sources, including Spotify, Apple Podcasts, Castbox, and Podcast Addict.

View all the reviews in one place instead of visiting each platform individually and use this information to decide if a show is worth pitching or not.

How do I access podcast episode transcripts for Critical Thinking?

Rephonic provides full transcripts for episodes of Critical Thinking. Search within each transcript for your keywords, whether they be topics, brands or people, and figure out if it's worth pitching as a guest or sponsor. You can even set-up alerts to get notified when your keywords are mentioned.

What guests have appeared on Critical Thinking?

Recent guests on Critical Thinking include:

1. Tommy DeVoss
2. Darby Hopkins
3. Michael Cote
4. Enrique HyperDude
5. Matt Brown
6. Sasi Levi
7. Vitor Falcão
8. Nick Copi

To view more recent guests and their details, simply upgrade your Rephonic account. You'll also get access to a typical guest profile to help you decide if the show is worth pitching.

Find and pitch the right podcasts

We help savvy brands, marketers and PR professionals to find the right podcasts for any topic or niche. Get the data and contacts you need to pitch podcasts at scale and turn listeners into customers.

Try it free for 7 days