Episode 146: In this episode of Critical Thinking - Bug Bounty Podcast Justin, Joseph, and Brandyn all sit down to celebrate the spooky season by swapping their scariest bug stories. From frightening fails and firings to hacks with chilling and critical consequences. Grab your flashlight and a blanket for this one!

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater, rez0 and gr3pme on X:

https://x.com/Rhynorater

https://x.com/rez0__

https://x.com/gr3pme

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today's Sponsor: ThreatLocker. Check out ThreatLocker Network Control

https://www.criticalthinkingpodcast.io/tl-nc

====== This Week in Bug Bounty ======

Methodology tips from top Bug Bounty hunters

YesWeHack marks first year of partnership with Singapore’s Government

HackerOne Hacker-Powered Security Report

====== Resources ======

Critical Research Lab

Hacking the World Poker Tour: Inside ClubWPT Gold’s Back Office

File Creation via SQLite Injection

====== Timestamps ======

(00:00:00) Introduction

(00:10:11) Crit Research Lab News

(00:21:31) Hacking the World Poker Tour & File Creation via SQLite Injection

(00:30:40) Brandyn's Spooky Bug

(00:38:02) Joseph's Spooky Bug

(00:44:18) Justin's Spooky Bug

(00:54:44) Banking Bugs, LHE Scares, and Workday weirdness.

(01:14:52) Firings and failures

(01:22:49) Bank Bug Redux

(01:35:55) Wedding planning/registry app & Amazon Rufus bugs

(01:40:52) New Relic bug

Episode 145: In this episode of Critical Thinking - Bug Bounty Podcast Brandyn lets us in on some of his notetaking tips, including his Templates, Threat Modeling, and ways he uses notes to help with collaboration.

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater, Rez0, & gr3pme on Twitter:

https://x.com/Rhynorater

https://x.com/rez0__

https://x.com/gr3pme

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today's Sponsor: ThreatLocker. Check out ThreatLocker Network Control

https://www.criticalthinkingpodcast.io/tl-nc

====== This Week in Bug Bounty ======

The minefield between syntaxes

https://www.yeswehack.com/learn-bug-bounty/syntax-confusion-ambiguous-parsing-exploits

====== Resources ======

Brandyn's Notion Template

https://terrific-dart-70e.notion.site/Example-Target-CTBB-294f4ca0f42481cca0b0ca6ac0a7c81d

====== Timestamps ======

(00:00:00) Introduction

(00:07:25) Templates, Target, and Tech Stack

(00:13:33) Threat Modeling and Attack Vectors

Episode 144: In this episode of Critical Thinking - Bug Bounty Podcast Joseph is joined by Vitor Falcão and Ciarán Cotter to discuss their success at the recent Mexico LHE, as well as their journey and routines in fulltime hacking.

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater and Rez0 on Twitter:

https://x.com/Rhynorater

https://x.com/rez0__

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today's Sponsor: ThreatLocker. Check out ThreatLocker DAC

https://www.criticalthinkingpodcast.io/tl-dac

Today’s Guests:

Vitor Falcão

https://x.com/busf4ctor

Ciarán Cotter

https://x.com/monkehack

====== This Week in Bug Bounty======

Securing the Age of AI Autonomy: Priorities for 2026

https://www.hackerone.com/events/bionic-hacking

====== Resources ======

AI Vulnerability Reward Program Rules

https://bughunters.google.com/about/rules/google-friends/5222232590712832/ai-vulnerability-reward-program-rules

My First 3 Months as a Full-Time Bug Bounty Hunter

https://vitorfalcao.com/posts/3-months-as-a-full-time-bug-bounty-hunter/

====== Timestamps ======

(00:00:00) Introduction

(00:02:32) Client side Bug Story & Vitor's BB journey

(00:13:59) Google LHE Mexico takeaways

(00:26:55) Full-time hunting reflections

(00:33:39) Hacking routines

(00:42:56) Hacking AI