Best Sam Johanes Podcasts (2024)

1
Episode 83: Brainstorming Proxy Plugins 54:50

12m ago54:50

54:50

Episode 83: In this episode of Critical Thinking - Bug Bounty Podcast Joel and Justin are brainstorming new features and improvements for Caido, such as the implementation of a 403 bypassing workflow, a text expander, Tracing Cookies, and more. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any fee…

1
Episode 82: Part-Time Bug Bounty 36:32

17m ago36:32

36:32

Episode 82: In this episode of Critical Thinking - Bug Bounty Podcast Joel Margolis discusses strategies and tips for part-time bug bounty hunting. He covers things like finding (and enforcing) balance, picking programs and goals, and streamlining your process to optimize productivity. Follow us on twitter at: @ctbbpodcast We're new to this podcast…

1
Episode 81: Crushing Client-Side on Any Scope with MatanBer 2:04:48

7d ago2:04:48

2:04:48

Episode 81: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by MatanBer to go over some recent bug reports, as well as share some tips and tricks on client-side hacking and using DevTools effectively. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@…

1
The Ministry of Ungentlemanly Warfare (2024) with Author Damien Lewis 1:34:18

13d ago1:34:18

1:34:18

Hello! Welcome to another edition of the exclusiveaudio commentary podcast hosted by David Hughes. For this episode, I’m joined by Damien Lewis, author of the non-fiction book The Ministry of Ungentlemanly Warfare, the first third of which is now a major motion picture directed by Guy Ritchie. I read – no, devoured the book before I saw the film, b…

1
Episode 80: Pwn2Own VS H1 Live Hacking Event (feat SinSinology) 2:49:26

8d ago2:49:26

2:49:26

Episode 80: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by Sina Kheirkhah to talk about the start of his hacking journey and explore the differences between the Pwn2Own and HackerOne Events Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@critica…

1
Episode 79: The State of CSS Injection - Leaking Text Nodes & HTML Attributes 1:10:25

21d ago1:10:25

1:10:25

Episode 79: In this episode of Critical Thinking - Bug Bounty Podcast we deepdive CSS injection, and explore topics like sequential import chaining, font ligatures, and attribute exfiltration. Follow us on twitter at: @ctbbpodcast Send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Li…

1
The Last Screenwriter (2024) with Director Peter Luisi 1:13:57

8d ago1:13:57

1:13:57

Hello! Welcome to another edition of the exclusive audio commentary podcast hosted by me, David Hughes. For this episode, we’re joined by Swiss director Peter Luisi for a fascinating discussion about his new film The Last Screenwriter, the first film scripted entirely by A.I. – specifically ChatGPT4.0 Now, before you grab your pitchforks and burnin…

1
Episode 78: Less Writing, More Hacking - Reporting Efficiency Techniques 1:06:25

29d ago1:06:25

1:06:25

Episode 78: In this episode of Critical Thinking - Bug Bounty Podcast we’re talking about writing reports. We share some tips that we’ve learned, and discuss ways that AI can (and can’t) help with that process. We also talk about the benefit of using tools like Fabric, Loom, and ShareX. Follow us on twitter at: @ctbbpodcast We're new to this podcas…

1
Episode 77: Bug Bounty Mental - Practical Tips for Staying Sharp & Motivated 1:50:26

19d ago1:50:26

1:50:26

Episode 77: In this episode of Critical Thinking - Bug Bounty Podcast Joel and Justin discuss some fresh writeups including some MongoDB injections, ORMs, and exploits in Kakao and iOS before pivoting into a conversation about staying motivated and avoiding burnout while hunting. Follow us on twitter at: @ctbbpodcast We're new to this podcasting th…

1
Episode 76: Match & Replace - HTTP Proxies' Most Underrated Feature 1:34:43

1M ago1:34:43

1:34:43

Episode 76: In this episode of Critical Thinking - Bug Bounty Podcast we’re talking about Match and Replace and the often overlooked use cases for it, like bypassing paywalls, modifying host headers, and storing payloads. We also talk about the HackerOne Ambassador World Cup and the issues with dupe submissions, and go through some write-ups. Follo…

1
Episode 75: Rerun of The OG Bug Bounty King - Frans Rosen 2:44:52

2M ago2:44:52

2:44:52

Episode 75: In this episode of Critical Thinking - Bug Bounty Podcast, Justin and Joel are sick, So instead of a new full episode, we're going back 30 episodes to review. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the …

1
Episode 74: Supply Chain Attack Primer - Popping RCE Without an HTTP Request (feat 0xLupin) 1:38:20

2M ago1:38:20

1:38:20

Episode 74: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Roni "Lupin" Carta for a deep dive into supply chain attacks and dependency confusion. We explore the supply chain attacks, the ethical considerations surrounding maintainers and hosting packages on public registries, and chat about the vision and uses of hi…

1
Episode 73: Sandboxed IFrames and WAF Bypasses 31:13

1M ago31:13

31:13

Episode 73: In this episode of Critical Thinking - Bug Bounty Podcast we give a brief recap of Nahamcon and then touch on some topics like WAF bypass tools, sandboxed iframes, and programs redacting your reports. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkin…

1
Episode 72: Research TLDRs & Smuggling Payloads in Well Known Data Types 52:49

2M ago52:49

52:49

Episode 72: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel discuss some hot research from the past couple months. This includes ways to smuggle payloads in phone numbers and IPv6 Addresses, the NextJS SSRF, the PDF.JS PoC drop, and a GitHub Enterprise Indirect Method Information bug. Also, we have an attack vector feature…

1
Episode 71: More VDP Chats & AI Bias Bounty Strats with Keith Hoodlet 1:45:21

2M ago1:45:21

1:45:21

Episode 71: In this episode of Critical Thinking - Bug Bounty Podcast Keith Hoodlet joins us to weigh in on the VDP Debate. He shares some of his insights on when VDPs are appropriate in a company's security posture, and the challenges of securing large organizations. Then we switch gears and talk about AI bias bounties, where Keith explains the ap…

1
Episode 70: NahamCon and CSP Bypasses Everywhere 43:08

2M ago43:08

43:08

Episode 70: In this episode of Critical Thinking - Bug Bounty Podcast we’re once again joined by Ben Sadeghipour to talk about some Nahamcon news, as well as discuss a couple other LHE’s taking place. Then they cover CI/CD and drop some cool CSP Bypasses. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send…

1
Episode 69: Johan Carlsson - 3 Month Check-in on Full-time Bug Bounty. 1:49:04

3M ago1:49:04

1:49:04

Episode 69: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Johan Carlsson to hear about some updates on his bug hunting journey. We deep-dive a CSP bypass he found in GitHub, a critical he found in GitLab's pipeline, and also talk through his approach to using script gadgets and adapting to highly CSP'd environments. Then…

1
Episode 68: 0-days & HTMX-SS with Mathias 1:03:53

3M ago1:03:53

1:03:53

Episode 68: In this episode of Critical Thinking - Bug Bounty Podcast Mathias is back with some fresh HTMX research, including CSP bypass using HTMX triggers, converting client-side response header injection to XSS, bypassing HTMX disable, and the challenges of using HTMX in larger applications and the potential performance trade-offs. We also talk…

1
Episode 67: VDPs & Accidental Program VS Hacker Debate Part 2 1:19:51

3M ago1:19:51

1:19:51

Episode 67: In this episode of Critical Thinking - Bug Bounty Podcast we deepdive on the topic of Vulnerability Disclosure Programs (VDPs) and whether they are beneficial or not. We also touch on the topic of leaderboard accuracy, and continue the Program VS Hacker debate regarding allocating funds for bounties. Follow us on twitter at: @ctbbpodcas…

1
Episode 66: CDN-CGI Research, Intent To Ship, and Louis Vuitton 58:20

4M ago58:20

58:20

Episode 66: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel discuss the recent YesWeHack Louis Vuitton LHE, the importance of failure as growth in bug bounty, and Justin shares his research on CDN CGI. Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@…

1
Baghead (2023) with Director Alberto Corredor 1:30:17

4M ago1:30:17

1:30:17

Hello! Welcome to another edition of the exclusiveaudio commentary podcast hosted by David Hughes. For this episode, I’m delighted to be joined by director Alberto Corredor for a peek under the hood of his terrific 2023 horror movie BAGHEAD. When I first saw the film, reviewing it for Time Out, it had a very late embargo, which normally means you c…

1
Episode 65: Motivation and Methodology with Sam Curry (Zlz) 2:29:05

3M ago2:29:05

2:29:05

Episode 65: In this episode of Critical Thinking - Bug Bounty Podcast we sit down with Sam Curry to discuss the ethical considerations and effectiveness of hacking, the importance of good intent, and the enjoyment Sam derives from pushing the boundaries to find bugs. He shares stories of his experiences, including hacking Tesla, online casinos,Star…

1
Moonstruck (1987) with Critic Jen Johans 1:42:10

4M ago1:42:10

1:42:10

Hello! Welcome to another edition of the exclusive audio commentary podcast hosted by me, David Hughes. For this episode, I’m thrilled to welcome Jen Johans, award-winning writer, film critics, essayist and historian, and host of the excellent Watch With Jen podcast. Now, that has really good guests, but Jen must be short forJenerous because she al…

1
Episode 64: .NET Remoting, CDN Attack Surface, and Recon vs Main App 1:08:04

4M ago1:08:04

1:08:04

Episode 64: In this episode of Critical Thinking - Bug Bounty Podcast we talk about Justin and Joel delve into .NET remoting and how it can be exploited, a recent bypass in the Dom Purify library and some interesting functionality in the Cloudflare CDN-CGI endpoint. They also touch on the importance of collaboration and knowledge sharing, JavaScrip…

1
Episode 63: JHaddix Returns 1:21:35

4M ago1:21:35

1:21:35

Episode 63: In this episode of Critical Thinking - Bug Bounty Podcast we welcome back Jason Haddix (From Episode 12) to talk about some updates to his The Bug Hunter's Methodology, as well as his own personal life and hacking journey. We talk about the start of his new company, and then venture into topics such as using threat intelligence and buyi…

1
Episode 62: Frontend Language Oddities 58:43

4M ago58:43

58:43

Episode 62: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel are back with some additional research resources that didn’t make the Portswigger Top-Ten, but that are worth looking at. Follow us on twitter at: @ctbbpodcast Feel free to send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the aw…

1
Episode 61: A Hacker on Wall Street - JR0ch17 1:27:00

4M ago1:27:00

1:27:00

Episode 61: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by Jasmin Landry to share some stories about startup security, bug bounty, and the challenges of balancing both. He also shares his methodology for discovering OAuth-related bugs, highlights some differences between structured learning and self-teaching, and then…

1
American Star (2024) with Screenwriter Nacho Faerna 1:47:13

5M ago1:47:13

1:47:13

Hello! Welcome to another edition of the exclusive audio commentary podcast hosted by me, ⁠⁠⁠David Hughes.⁠⁠⁠ For this episode, I’m delighted to welcome Gonzalo López-Gallego and José David Montero, director and cinematographer respectively of the terrific neo-noir American Star, in which Ian McShane plays an ex-soldier-turned-hitman who travels to…

1
American Star (2024) with Gonzalo López-Gallego & José David Montero 1:49:05

5M ago1:49:05

1:49:05

Hello! Welcome to another edition of the exclusive audio commentary podcast hosted by me, ⁠⁠David Hughes.⁠⁠ For this episode, I’m delighted to welcome Gonzalo López-Gallego and José David Montero, director and cinematographer respectively of the terrific neo-noir American Star, in which Ian McShane plays an ex-soldier-turned-hitman who travels to F…

1
Episode 60: Our Take on PortSwigger's Top 10 Web Hacking Techniques of 2023 1:24:37

5M ago1:24:37

1:24:37

Episode 60: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel review the Portswigger Research list of top 10 web hacking techniques of 2023. Follow us on twitter at: @ctbbpodcast Send us any feedback here: info@criticalthinkingpodcast.io Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts…

1
Episode 59: Bug Bounty Gadget Hunting & Hacker's Intuition 1:39:09

6M ago1:39:09

1:39:09

Episode 59: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel discuss the concept of gadgets and how they can be used to escalate the impact of vulnerabilities. We talk through things like HTML injection, image injection, CRLF injection, web cache deception, leaking window location, self-stored XSS, and much more. Follow us …

1
Deliver Us (2023) with Lee Roy Kunz 1:43:07

6M ago1:43:07

1:43:07

Hello! Welcome to another edition of the exclusive audio commentary podcast hosted by me, ⁠David Hughes.⁠ For this episode, I’m delighted to welcome Lee Roy Kunz, co-writer, co-director and star of the impressive horror movie Deliver Us (2023), which – as you know, because you wouldn’t listen to an audio commentary without seeing the film first – c…

1
Episode 58: Youssef Sammouda - Client-Side & ATO War Stories 1:54:51

6M ago1:54:51

1:54:51

Episode 58: In this episode of Critical Thinking - Bug Bounty Podcast we finally sit down with Youssef Samouda and grill him on his various techniques for finding and exploiting client-side bugs and postMessage vulnerabilities. He shares some crazy stories about race conditions, exploiting hash change events, and leveraging scroll to text fragments…

1
Episode 57: Technical breakdown from Miami Hacking Event - H1-305 32:34

5M ago32:34

32:34

Episode 57: In this episode of Critical Thinking - Bug Bounty Podcast, Justin and Joel are live from Miami, and recap their experience and share takeaways from the live hacking event. They highlight the importance of paying attention to client-side routing and the growing bug class of client-side path traversal. They also discuss the challenges of …

1
Episode 56: Using Data Science to win Bug Bounty - Mayonaise (aka Jon Colston) 1:47:40

5M ago1:47:40

1:47:40

Episode 56: Using Data Science to win Bug Bounty - Mayonaise (aka Jon Colston) Episode 56: In this episode of Critical Thinking - Bug Bounty Podcast, Justin sits down with Jon Colston to discuss how his background in digital marketing and data science has influenced his hunting methodology. We dive into subjects like data sources, automation, worki…

1
Episode 55: Popping WordPress Plugins - Methodology Braindump 1:44:04

6M ago1:44:04

1:44:04

Episode 55: In this episode of Critical Thinking - Bug Bounty Podcast, Justin is joined by Wordpress Security Researcher Ram Gall to discuss both functionality and vulnerabilities within Wordpress Plugins. Follow us on twitter Send us any feedback here: Shoutout to YTCracker for the awesome intro music! ------ Links ------ Follow your hosts Rhynora…

1
Episode 54: White Box Formulas - Vulnerable Coding Patterns 1:12:38

6M ago1:12:38

1:12:38

Episode 54: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel are back with news items and new projects. Joel shares about his personal scraping project to gather data on bug bounty programs and distribution Next, they announce the launch of HackerNotes, a podcast companion that will summarize the main technical points of ea…

1
Episode 53: 500k/yr as Full-Time Bug Hunter & Content Creator - Nahamsec 1:40:47

7M ago1:40:47

1:40:47

Episode 53: In this episode of Critical Thinking - Bug Bounty Podcast,we’re joined by none other than NahamSec. We start by discusses the challenges he faced on his journey in bug bounty hunting and content creation, including personal struggles and the pressure of success.We also talk about finding balance and managing mental energy, going the ext…

1
The Big Man and Other Stories (1990) with Director David Leland 1:57:24

7M ago1:57:24

1:57:24

Hello, and welcome to the latest edition of the exclusive audio commentary podcast hosted by me, ⁠David Hughes.⁠ This is a bittersweet episode; basically an edited and extended version of the audio commentary I recorded with director David Leland eighteen months before his death on Christmas Eve at the age of 82. The commentary was ostensibly for h…

1
Episode 52: Best Technical Content from Year 1 of CTBB Podcast 3:00:00

7M ago3:00:00

3:00:00

Episode 52: In this episode of Critical Thinking - Bug Bounty Podcast we're going back and highlighting some of the best technical moments from the past year! Hope you enjoy this best of 2023 Supercut! Follow us on twitter at: @ctbbpodcast We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io…

1
Episode 51: Hacker Stats 2023 & 2024 Goals 1:21:31

7M ago1:21:31

1:21:31

Episode 51: In this episode of Critical Thinking - Bug Bounty Podcast, Justin and Joel are back for the last episode of 2023. We discuss some noteworthy news items including a Hacker One Crit, Caido updates, and some Blind CSS. Then we dive into our own personal ‘Hackers Wrapped’ recap of the year, before laying out some goals for 2024. Follow us o…

1
Episode 50: Mathias "Fall in a well" Karlsson - Bug Bounty Prophet 2:24:31

8M ago2:24:31

2:24:31

Episode 50: In this episode of Critical Thinking - Bug Bounty Podcast, Justin catches up with hacking master Mathias Karlsson, and talks about burnout, collaboration, and the importance of specialization. Then we dive into the technical details of MXSS and XSLT, character encoding, and give some predictions of what Bug Bounty might look like in the…

1
Episode 49: Getting Live Hacking Event Invites & Bug Bounty Collab with Nagli 51:33

8M ago51:33

51:33

Episode 49: In this episode of Critical Thinking - Bug Bounty Podcast, Justin Gardner is once again joined by Nagli to discuss some of their recent hacking discoveries. They talk about finding and exploiting a backup file in an ASP.NET app, discovering vulnerabilities through Swagger files, and debating the vulnerability of a specific ‘undisclosed’…

1
Episode 48: MVH, DEFCON Black Badge, Googler - Sam Erb 1:36:45

8M ago1:36:45

1:36:45

Episode 48: In this episode, joined by the spectacular Sam Erb, Google Security Engineer and DEFCON Black Badge winner. We talk about the importance of understanding how systems work to find vulnerabilities, and how his engineering background influences his hunting style and methodologies. Then we jump over to his Career Development and his work wi…

1
Episode 47: CSP Research, Iframe Hopping, and Client-side Shenanigans 1:31:52

8M ago1:31:52

1:31:52

Episode 47: In this episode of Critical Thinking - Bug Bounty Podcast, the holidays are fast approaching, and Justin and Joel discuss some of the struggles of getting back into the hacking groove during and after breaks. We also celebrate the newly launched Critical Thinking Discord Community before diving into Iframe Sandwhiches, JS Hoisting, CSP …

1
Episode 46: The SAML Ramble 43:40

8M ago43:40

43:40

Episode 46: In this episode of Critical Thinking - Bug Bounty Podcast, Justin is deep diving the topic of SAML (Security Assertion Markup Language), and walks through what it is and why it can be intimidating, before going over some key attack vectors to look for. Then he closes out with a commentary on a sample payload, and some HackerOne reports.…

1
Episode 45: The OG Bug Bounty King - Frans Rosen 2:36:35

9M ago2:36:35

2:36:35

Episode 45: In this episode of Critical Thinking - Bug Bounty Podcast, we're thrilled to welcome Frans Rosén, an OG bug bounty hunter and co-founder of Detectify. We kick off with Frans sharing his journey bug bounty and security startups, before diving headfirst into a host of his blog posts. We also cover the value of pseudo-code for bug exploita…

1
Episode 44: URL Parsing & Auth Bypass Magic 1:11:27

9M ago1:11:27

1:11:27

Episode 44: In this episode of Critical Thinking - Bug Bounty Podcast, the topic is URL structure, and Justin and Joel break down the elements that make up a URL and some common tips and tricks surrounding them which allow for all sorts of bypasses. We also round out the episode with some new tools, ato stories, and some controversial current event…

1
Episode 43: Caido - The Up-And-Coming HTTP Proxy 1:00:34

9M ago1:00:34

1:00:34

Episode 43: In this episode of Critical Thinking - Bug Bounty Podcast, we're joined by Emile from Caido, who shares his journey into the bug bounty and ethical hacking world. We kick off with a hilarious incident involving Joel, a child on an airplane, and an unfortunate cough. We then dive into the challenges of building an HTTP proxy tool, balanc…

1
Episode 42: Renniepak Interview & Intigriti LHE Recap 59:03

10M ago59:03

59:03

Episode 42: In this episode of Critical Thinking - Bug Bounty Podcast, we're live from a hacking event in Portugal, and joined by the extremely talented René de Sain! He helps us cover a host of topics like NFT, XSS, LHE, and tips for success. We also talk about the correlation between creativity and hacking, shared workspaces, and last but certain…

Podcasts Worth a Listen

Sam Johanes Podcasts

Podcasts Worth a Listen

Quick Reference Guide