Critical Thinking - Bug Bounty Podcast

Episode 157: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Hypr to talk about hacking Mediatek and his experiences with HackerOne and Pwn2Own Ecosystems.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
https://x.com/Rhynorater
https://x.com/rez0__
https://x.com/gr3pme
Critical Research Lab:
https://lab.ctbb.show/
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today’s Guest: https://x.com/hyprdude
====== This Week in Bug Bounty ======
Top 10 web hacking techniques of 2025: call for nominations
https://portswigger.net/research/top-10-web-hacking-techniques-of-2025-nominations-open
CVE-2025-13467
https://access.redhat.com/security/cve/cve-2025-13467
====== Resources ======
Hypr's Blog
https://blog.coffinsec.com
mediatek? more like media-rekt, amirite.
https://blog.coffinsec.com/0days/2025/12/15/more-like-mediarekt-amirite.html
kernel-utils
https://github.com/mellow-hype/kernel-utils
====== Timestamps ======
(00:00:00) Introduction
(00:03:23) Heap Overflow in Mediatek Kernel Drivers
(00:19:23) Kernel Debugging & ioctl Handlers
(00:43:30) Input Structs, Sync to Source, & Privilege Escalation
(00:51:30) HackerOne Ecosystem vs Pwn2Own Ecosystem
(01:17:00) Kernel Utils
(01:26:46) Real World Bugs for Exploit Development vs CTFs

Episode 156: In this episode of Critical Thinking - Bug Bounty Podcast we answer some fantastic questions from over at bugbounty.forum
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
https://x.com/Rhynorater
https://x.com/rez0__
https://x.com/gr3pme
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
====== Resources ======
Critical Thinking Lab
lab.ctbb.show
Cross-Site ETag Length Leak
https://blog.arkark.dev/2025/12/26/etag-length-leak
Clawdbot
https://github.com/clawdbot/clawdbot/
Post from Steve Caldwell
https://x.com/moreconfetti/status/2006494133159162008
====== Timestamps ======
(00:00:00) Introduction
(00:00:58) Crit Lab update
(00:04:36) Cross-Site ETag Length Leak
(00:13:26) Clawdbot
(00:16:56) Will bug hunting become obsolete, LHE invitations, and Fulltime vs Part time?
(00:30:52) 10 bugs at $5k or 1 bug at $5k, CTBB Background, & Future Plans
(00:38:32) Mentoring, Conquering Classes, and what angles we implement from the podcast
(00:49:27) Best approach on new targets, tips for making 500k in a year, AI/Vibecoding & Human in the Loop
(00:59:07) Mentally mapping the target, anti-patterns that waste time, and BB beliefs that were wrong.
(01:10:12) Tackling small scope, staying on one program, picking up after a break, & moving on
(01:17:41) Invisible elements that make the difference between $2k and $20k

Episode 155: In this episode of Critical Thinking - Bug Bounty Podcast Justin, Joseph, and Brandyn reflect on last year of Bug Bounty, and list their goals and predictions for what 2026 holds.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
https://x.com/Rhynorater
https://x.com/rez0__
https://x.com/gr3pme
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
====== Resources ======
2024 Hacker Stats & 2025 Goals
https://blog.criticalthinkingpodcast.io/p/hackernotes-ep-104-2024-hacker-stats-2025-goals
====== Timestamps ======
(00:00:00) Introduction
(00:02:08) 2025 Full Time Hunting Retrospective
(00:10:19) Most Fulfilling Moments and Bugs
(00:17:56) Satisfaction with 2025 Stats
(00:45:28) Automation, Organization, and Collaboration
(00:48:55) Time and Motivation
(01:08:01) Goals and Predictions for Bug Bounty in 2026

Episode 154: In this episode of Critical Thinking - Bug Bounty Podcast Joseph and Brandyn talk through the transition from Bug Bounty hunting to Pentesting. We cover diversifying income streams, the challenges of pricing for Pentests, legal considerations, and what Bug Hunters can bring to the Pentesting world
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
https://x.com/Rhynorater
https://x.com/rez0__
https://x.com/gr3pme
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
====== Timestamps ======
(00:00:00) Introduction
(00:03:36) Starting a Pentesting Company
(00:12:25) Advantages of Pentesting as a Bug Bounty Hunter
(00:29:03) Pricing, Sales, and knowing your Market/Worth
(00:36:21) Compliance in Pentests & Rapid-Fire Takaways

Episode 153: In this episode of Critical Thinking - Bug Bounty Podcast Matt Brown returns to talk with us about hacking robots, IOT hackbots, and his Zero-to-Hero Hardware Hacking Guide.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater, rez0 and gr3pme on X:
https://x.com/Rhynorater
https://x.com/rez0__
https://x.com/gr3pme
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today’s Guest: Matt Brown
https://x.com/nmatt0
https://github.com/BrownFineSecurity/iothackbot
====== Resources ======
KeeYees USB Logic Analyzer Device
Saleae logic analyzer
XGecu
Hardware Hacking Tutorial by Make Me Hack
UART and SPI firmware extraction
UART Root Shell on Linux Router
UART Shell Jail and Unlocked Bootloader
Chinese IP Camera Firmware Extraction
Chip-Off Firmware Extraction
====== Timestamps ======
(00:00:00) Introduction
(00:01:22) Incremental Session Token Story and Matt Brown Intro
(00:10:42) Hardware Bug Bounty Scene & AI on Devices
(00:24:30) Hacking Human Robot
(00:41:33) Zero-to-Hero Hardware Hacking Guide
(01:01:47) IOT Hackbot