Rephonic
Artwork for Critical Thinking

Critical Thinking - Bug Bounty Podcast

Justin Gardner (Rhynorater), Joseph Thacker (Rez0), & Brandyn Murtagh (gr3pme)
Bug Bounty
Bug Bounty Hunting
Bug Bounty Programs
Cybersecurity
Live Hacking Events
Threatlocker
Portswigger
XSS
Google
AI Security
Hackerone
Hacking Techniques
Prompt Injection
XSS Vulnerabilities
Vulnerabilities
Web Security
Automation
Cross-Site Scripting (XSS)
Javascript
Cloudflare

A "by Hackers for Hackers" podcast focused on technical content ranging from bug bounty tips, to write-up explanations, to the latest hacking techniques.

555 ratings
PublishesWeeklyEpisodes179Founded3 years ago
Number of ListenersCategory
Technology

Listen to this Podcast

Listen on Apple PodcastsListen on SpotifyListen on CastboxListen on Podcast AddictListen on Pocket CastsListen on OvercastListen on YouTube MusicListen on RSS
Artwork for Critical Thinking
 Guests Hosts Reviews Charts Talking Points

Latest Episodes

Episode 179: Maintaining Motivation in Post-AI Bug Bounty World

Episode 179: In this episode of Critical Thinking - Bug Bounty Podcast we talk about how to stay motivated and keep the vibes strong during this trying time for Bug Bounty.

Follow us on twitter at: x.com/ctbbpodcast

Got any ideas and sugges... more

18 Jun 202646 min
YouTube

Episode 178: 600k in ~3 months - BruteCat pt 2

Episode 178: In this episode of Critical Thinking - Bug Bounty Podcast we’re back with BruteCat to finish up our discussion on hacking Google. This week we hit AI.

Follow us on twitter at: x.com/ctbbpodcast

Got any ideas and suggestions? Fe... more

11 Jun 20261 hr 23 min Most popular
YouTube

Episode 177: 2x Google RCE with VRP Legend Brutecat

Episode 177: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by BruteCat to talk about his journey hacking Google Cloud, Gmail, Youtube, and Google Phone.

Follow us on twitter at: x.com/ctbbpodcast

Got any ideas and s... more

4 Jun 20261 hr 25 min Popular
YouTube

Episode 176: 600+ CVEs on Adobe AEM with Jim Green (GreenJam)

Episode 176: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by top Adobe hacker Jim Green to deep-dive AEM. We talk through Sling selectors, Permissions, and how to spot AEM Red Flags.

Follow us on twitter at: x.com/c... more

28 May 20261 hr 50 min
YouTube

Key Facts

Accepts Guests
Accepts Sponsors
Contact Information
Podcast Host
Number of Listeners
Find out how many people listen to this podcast per episode and each month.

Similar Podcasts

People also subscribe to these shows.

Darknet Diaries
Darknet DiariesJack Rhysider
Risky Business
Risky BusinessRisky Business Media
Smashing Security
Smashing SecurityGraham Cluley
Hacked
HackedHacked
CyberWire Daily
CyberWire DailyN2K Networks

Recent Guests

Jim Green
Adobe AEM security researcher, top bug hunter known as GreenJam
Adobe
Episode: Episode 176: 600+ CVEs on Adobe AEM with Jim Green (GreenJam)
XSS Doctor
A cardiologist turned bug bounty researcher and a longtime hackalong organizer
CTPB community / Bug Bounty researcher
Episode: Episode 168: XSSDoctor - Client-side Path Traversal Research
Valeriy Kravetko
Bug bounty researcher and investigator discussed as a guest on the show
SEMrush
Episode: Episode 167: Stealing Bugs with Valeriy Shevchenko
Tommy DeVoss
veteran hacker turned bug bounty researcher and educator
Independent security researcher / Bug Bounty hunter
Episode: Episode 164: Tommy DeVoss: From Black Hat to Bug Bounty LEGEND
Darby Hopkins
Security Engineer at Google Cloud
Google Cloud
Episode: Episode 159: Avoiding Downgrades on Google Cloud VRP with Cote and Darby Hopkins
Michael Cote
Security Engineer at Google Cloud
Google Cloud
Episode: Episode 159: Avoiding Downgrades on Google Cloud VRP with Cote and Darby Hopkins
Enrique HyperDude
Experienced hacker with a focus on kernel exploits and Pwn2Own
CoffinSec
Episode: Episode 157: Crushing Pwn2Own & H1 with Kernel Driver Exploits
Sasi Levi
Expert in AI vulnerabilities and bug bounty hunter
Noma Security
Episode: Episode 152: GeminiJack and Agentic Security with Sasi Levi
Vitor Falcão
A bug bounty hunter and member of the Critical Thinking Bug Bounty Discord
Independent Bug Bounty Hunter
Episode: Episode 144: Google’s Top AI Hackers: Busfactor and Monke

Hosts

Justin
Host of multiple shows with a focus on critical thinking and bug bounty topics.
Rezo
Co-host and security researcher involved in bug bounty discussions.

Reviews

4.9 out of 5 stars from 555 ratings

  • The absolute bug & ai bounty goats.

    Podcast Addict
    5
    Ryot
    3 months ago
  • Solid!

    Real advice from real hackers. Every show links super sick articles and has either an interview or a unique concept to talk about, such as maximizing collaborations or doing well at live hacking events.

    The depth of knowledge about client-side security bugs is mind boggling to me. Much of the information in this podcast on client side concepts is very hard to find.

    One of the shows hosts is very much Christian and isn’t afraid to show it. Gotta love that ✝️❤️

    Apple Podcasts
    5
    Maxwell 'Strikeout' Dulin
    United Statesa year ago
  • A much needed resource

    The podcast and the community gave me a kind of plausibility structure, a mental model, where I could genuinely see myself being successful. And once I had that, I started consistently investing time. And it paid off.

    Apple Podcasts
    5
    Evan Connelly
    United Statesa year ago
  • Best Web Security Podcast In The History of All Security Podcasts

    I listen to this podcast every single day. You will absolutely not find a single podcast matching the quality here. From the seasoned veterans that share cutting edge research on the pod, to the hosts that are absolute legends in the industry, there is no reason why you shouldn’t be tuned in and listening if you consider yourself involved in web app security. Thanks to everyone who makes Critical Thinking happen, you are truly making history with this pod. Thank you so much.

    -Packet Surf3r

    Apple Podcasts
    5
    Packet Surf3r
    United Statesa year ago
  • Love to binge on my long trips to Mexico

    Terrific podcast

    Apple Podcasts
    5
    Reece O'Bryan
    United States2 years ago
Embed These Reviews on a Website

Listeners Say

Key themes from listener reviews, highlighting what works and what could be improved about the show.

Listeners praise the depth, actionable insights, and community feel, though some note audio quality varies.
Hosts mix technical discussions with industry updates, keeping content fresh and relevant.
The show is a practical deep dive into bug bounty with real world write-ups and useful tooling.

Chart Rankings

How this podcast ranks in the Apple Podcasts, Spotify and YouTube charts.

Apple Podcasts
#123
Canada/Technology
Apple Podcasts
#65
Belgium/Technology
Apple Podcasts
#80
United Arab Emirates/Technology
Apple Podcasts
#133
Indonesia/Technology
Apple Podcasts
#145
South Korea/Technology
Apple Podcasts
#164
Finland/Technology

Talking Points

Recent interactions between the hosts and their guests.

Episode 177: 2x Google RCE with VRP Legend Brutecat
Q: What specifically made the Google APIs and Discovery Docs a rich target for investigations?
BruteCat explains that protobuf endpoints, the way Google maps APIs to RPCs, and the availability of draft and discovery docs allowed him to systematically understand and test internal RPCs, obtain raw proto definitions, and identify misconfigurations that exposed sensitive data across Google services.
Episode 168: XSSDoctor - Client-side Path Traversal Research
Q: What are the most surprising findings from your eight-framework study?
One of the biggest surprises was how some frameworks consistently decode certain encodings by default, while others require explicit handling; notably, React and Next.js exhibit unique behaviors around useParams and await params, which can lead to secondary context path traversal when server-side routing is involved.
Episode 168: XSSDoctor - Client-side Path Traversal Research
Q: How did you approach researching client-side path traversals across different frameworks?
I started by building lab environments for each framework, testing path, query, and hash parameters, then used AI iteratively to locate the code paths, decode behaviors, and identify where URL-encoded values get decoded or retained, finally tracing the data flow from the URL to API calls and back-end validation.
Episode 167: Stealing Bugs with Valeriy Shevchenko
Q: What can platforms do to protect researchers' intellectual property?
Suggestions include limiting who can join the initial report, adding verifiable watermarks or markers, and enabling controlled sharing so dupes or collaborators cannot easily claim ownership or reveal the full exploit path.
Episode 167: Stealing Bugs with Valeriy Shevchenko
Q: How did you respond when you realized your research could be stolen?
He raised a mediation report with HackerOne, clarified ownership, and advocated for stronger protections around initial reports and collaboration access, while avoiding public exposure to prevent broader risk.

Audience Metrics

Listeners, social reach, demographics and more for this podcast.

Listeners per Episode
Gender Skew
Location
Interests
Professions
Age Range
Household Income
Social Media Reach

Frequently Asked Questions About Critical Thinking

What is Critical Thinking about and what kind of topics does it cover?

A technically focused show by and for security researchers, hackers, and bug bounty practitioners. Episodes center on real-world write-ups, AI-assisted tooling, live hacking event takeaways, and debates about bug bounty program changes, disclosure ethics, and platform dynamics. The hosts frequently dissect tooling, workflows, and attack surfaces (from client-side vulnerabilities to OAuth and protobuf exploits), often featuring practitioner-level demonstrations and community updates. A standout trait is the mix of deep technical instruction with candid discussions about the bug bounty ecosystem, including sponsorships and community building opportunities. This makes it a practical listen for listeners aiming to sharpen hacking skills, triage... more

Where can I find podcast stats for Critical Thinking?

Rephonic provides a wide range of podcast stats for Critical Thinking. We scanned the web and collated all of the information that we could find in our comprehensive podcast database. See how many people listen to Critical Thinking and access YouTube viewership numbers, download stats, audience demographics, chart rankings, ratings, reviews and more.

How many listeners does Critical Thinking get?

Rephonic provides a full set of podcast information for three million podcasts, including the number of listeners. View further listenership figures for Critical Thinking, including podcast download numbers and subscriber numbers, so you can make better decisions about which podcasts to sponsor or be a guest on. You will need to upgrade your account to access this premium data.

What are the audience demographics for Critical Thinking?

Rephonic provides comprehensive predictive audience data for Critical Thinking, including gender skew, age, country, political leaning, income, professions, education level, and interests. You can access these listener demographics by upgrading your account.

How many subscribers and views does Critical Thinking have?

To see how many followers or subscribers Critical Thinking has on Spotify and other platforms such as Castbox and Podcast Addict, simply upgrade your account. You'll also find viewership figures for their YouTube channel if they have one.

Which podcasts are similar to Critical Thinking?

These podcasts share a similar audience with Critical Thinking:

1. Darknet Diaries
2. Risky Business
3. Smashing Security
4. Hacked
5. CyberWire Daily

How many episodes of Critical Thinking are there?

Critical Thinking launched 3 years ago and published 179 episodes to date. You can find more information about this podcast including rankings, audience demographics and engagement in our podcast database.

How do I contact Critical Thinking?

Our systems regularly scour the web to find email addresses and social media links for this podcast. We scanned the web and collated all of the contact information that we could find in our podcast database. But in the unlikely event that you can't find what you're looking for, our concierge service lets you request our research team to source better contacts for you.

Where can I see ratings and reviews for Critical Thinking?

Rephonic pulls ratings and reviews for Critical Thinking from multiple sources, including Spotify, Apple Podcasts, Castbox, and Podcast Addict.

View all the reviews in one place instead of visiting each platform individually and use this information to decide if a show is worth pitching or not.

How do I access podcast episode transcripts for Critical Thinking?

Rephonic provides full transcripts for episodes of Critical Thinking. Search within each transcript for your keywords, whether they be topics, brands or people, and figure out if it's worth pitching as a guest or sponsor. You can even set-up alerts to get notified when your keywords are mentioned.

What guests have appeared on Critical Thinking?

Recent guests on Critical Thinking include:

1. Jim Green
2. XSS Doctor
3. Valeriy Kravetko
4. Tommy DeVoss
5. Darby Hopkins
6. Michael Cote
7. Enrique HyperDude
8. Sasi Levi

To view more recent guests and their details, simply upgrade your Rephonic account. You'll also get access to a typical guest profile to help you decide if the show is worth pitching.

Find and pitch the right podcasts

We help savvy brands, marketers and PR professionals to find the right podcasts for any topic or niche. Get the data and contacts you need to pitch podcasts at scale and turn listeners into customers.
Try it free for 7 days