logo
episode-header-image
Today
1h 4m

Episode 143: New Cohost + Client-Side Ga...

Justin Gardner (Rhynorater) & Joseph Thacker (Rez0)
About this episode

Episode 143: In this episode of Critical Thinking - Bug Bounty Podcast Justin brings Brandyn back to announce him as our newest co-host. We chat about recent LHE experiences, and then break down some news.

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater and Rez0 on Twitter:

https://x.com/Rhynorater

https://x.com/rez0__

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

====== This Week in Bug Bounty ======

YesWeHack won the European commission: https://www.yeswehack.com/news/european-commission-tender-won-yeswehack

YesWeHack now have authorised cve numbering authority: https://www.yeswehack.com/news/yeswehack-authorised-cve-numbering-authority

A wide range of highly used open source bug bounty program such as Log4J, Systemd, GNOME and a lot more:

https://event.yeswehack.com/events/open-the-code-source-the-bounty

====== Resources ======

Attributes reference inside HTML

Explaining XSS without parentheses and semi-colons

Beyond Sandbox Domains: Rendering Untrusted Web Content with SafeContentFrame

One Token to rule them all

flareprox

Caido 101: How to master it

====== Timestamps ======

(00:00:00) Introduction

(00:03:16) LHE approaches and accomplishments

(00:30:54) Attributes reference inside HTML & Explaining XSS without parentheses and semi-colons

(00:44:33) One Token to rule them all

(00:57:13) Flareprox & Caido 101

Up next
Oct 2
Episode 142: Gr3pme's Full-Time Hunting Journey Update, Insane AI research, And Some Light News
Episode 142: In this episode of Critical Thinking - Bug Bounty Podcast Rez0 and Gr3pme join forces to discuss Websocket research, Meta’s $111750 Bug, PROMISQROUTE, and the opportunities afforded by going full time in Bug Bounty.Follow us on twitter at: https://x.com/ctbbpodcastGo ... Show More
54m 50s
Sep 25
Episode 141: Hacking the Pod - Google Docs 0-day & React CreateElement Exploits with Nick Copi (7urb0)
Episode 141: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Nick Copi to talk about CSPT, React, CSS Injections and how Nick hacked the pod.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any f ... Show More
1h 23m
Sep 18
Episode 140: Crit Research Lab Update & Client-Side Tricks Galore
Episode 140: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph give an update from The Crit Research Lab, as well as some writeups on postMessage vulnerabilities, Cookie Chaos, and more.Follow us on X at: https://x.com/ctbbpodcastGot any ideas and sugges ... Show More
57m 41s
Recommended Episodes
Mar 2016
Episode 214: 214: Atrophic Cohost
Sean, Kyle, and a chorus of small frogs discuss the Game Developers Conference, eating alone, atrophic organs, Slack vs Basecamp, the cost of abstractions, and tips for adding new team members. Braintree: An easy way to accept multiple payment types with one integration. Quick, k ... Show More
1h 23m
Sep 14
455: The Chicken Killer | The Official Podcast
Get 25% off HelixSleep sitewide: go to https://www.helixsleep.com/official Get 25% off your Fitbod subscription or try the app for free: go to https://www.fitbod.me/official Get additional episodes and bonus content with early access (try now with 7 DAYS FREE): go to https://www. ... Show More
1h 41m
Aug 13
How to Prompt GPT-5
Nearly a week into the GPT-5 era, users are still divided on its quality—but one thing’s clear: it’s more steerable than any previous model, and prompts make or break results. In this episode, we cut through the debate and share 11 practical prompting techniques you can use right ... Show More
29m 42s
Sep 29
#521: Red Teaming LLMs and GenAI with PyRIT
English is now an API. Our apps read untrusted text; they follow instructions hidden in plain sight, and sometimes they turn that text into action. If you connect a model to tools or let it read documents from the wild, you have created a brand new attack surface. In this episode ... Show More
1h 2m
Feb 2025
Freaky Friday: Episode 150
My Dog Found a Dead Body; Getting Away Twice; Precognitive Phenomena? And the Work Conference from Hell; Tales from the Night Shift; Knock, Knock, Knock; and The Time my Dog Caught a Fugitive. Get your fan code today, and grab your tickets starting Feb. 7 to join us for CrimeWave ... Show More
1h 15m
Jan 2025
10 Tools To Make 2025 Your Best Year Yet: Habits & Mindset Shifts Ft. Michael & Lauryn Bosstick
#792: New Year, New Goals – Make 2025 Your Best Year Yet! Join Michael & Lauryn Bosstick as they sit down to discuss their goals & intentions for the New Year, sharing actionable habits & meaningful changes to inspire your own journey. They cover everything from setting personal ... Show More
48m 25s
Feb 2025
96. Love is Blind S8 Eps. 1-6 Recap: Most Boring Season Yet?!
00:00 - LiB S8 Eps 1-6 Initial Reactions 09:10 - Early Season 8 Favorites 49:15 - Competing for Screen Time on LiB 55:39 - Episode 6 Cliffhanger Theories This episode is sponsored by: - Bumble: Wanna date on your terms? Date your way, on Bumble.  - Allara Health: Allara Health: G ... Show More
1h 4m
Listen to millions of songs and podcasts on Anghami