Episode 164: Tommy DeVoss: From Black Hat to Bug Bounty LEGEND
Critical Thinking - Bug Bounty Podcast5 Maalis

Episode 164: Tommy DeVoss: From Black Hat to Bug Bounty LEGEND

Episode 164: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Tommy DeVoss to talk about his origin story, Yahoo bugs, and how Tommy first got Justin into Bug Bounty


Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!



====== Links ======

Follow your hosts Rhynorater, rez0 and gr3pme on X:

https://x.com/Rhynorater

https://x.com/rez0__

https://x.com/gr3pme


Critical Research Lab:

https://lab.ctbb.show/


====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!


We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.


You can also find some hacker swag at https://ctbb.show/merch!


Today’s Guest: https://x.com/thedawgyg


====== This Week in Bug Bounty ======


Python pitfalls: Turning developer mistakes into vulnerabilities

https://www.yeswehack.com/learn-bug-bounty/python-pitfalls-turning-developer-mistakes?utm_source=critical-thinking&utm_medium=sponsored&utm_campaign=article-research-python-pitfalls


====== Timestamps ======

(00:00:00) Introduction

(00:06:22) Yahoo SSRF

(00:14:56) Tommy's Origin

(00:44:10) Bug Bounty

(00:51:47) SSRF Attraction, AI implementation, & Browser Hacking

Jaksot(164)

Episode 163: Best Technical Takeaways from Portswigger Top 10 2025

Episode 163: Best Technical Takeaways from Portswigger Top 10 2025

Episode 163: In this episode of Critical Thinking - Bug Bounty Podcast It’s that time of year again! We’re looking at the Portswigger Research list of top 10 web hacking techniques of 2025.Follow us o...

26 Helmi 1h 8min

Episode 162: HackerOne Training AI on Bug Bounty Data?

Episode 162: HackerOne Training AI on Bug Bounty Data?

Episode 162: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph sit down with HackerOne Founder & CTO Alex Rice to discuss concerns of Using Hacker Data for AI and decreasing ...

19 Helmi 53min

Episode 161: Cross-Consumer Attacks & DTMF Tone Exfil

Episode 161: Cross-Consumer Attacks & DTMF Tone Exfil

Episode 161: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gives us some quick hits regarding CSRF and Cross Consumer Attacks, and also touches on some breaking questions surroundin...

12 Helmi 24min

Episode 160: Cloudflare Zero-days & Mail Unsubscribing for XSS

Episode 160: Cloudflare Zero-days & Mail Unsubscribing for XSS

Episode 160: In this episode of Critical Thinking - Bug Bounty Podcast Joseph and Brandyn. Chat through some news, Including a Cloudflare Zero-day, Turning List-Unsubscribe into an SSRF/XSS Gadget, & ...

5 Helmi 45min

Episode 159: Avoiding Downgrades on Google Cloud VRP with Cote and Darby Hopkins

Episode 159: Avoiding Downgrades on Google Cloud VRP with Cote and Darby Hopkins

Episode 159: In this episode of Critical Thinking - Bug Bounty Podcast we sit down with the Google Cloud VRP Team to deep-dive policy and reward changes, what the panel process looks like, and how to ...

29 Tammi 1h 46min

Episode 158: 10hr Marathon Hack-Along Recap + $300k Client-side Bugs

Episode 158: 10hr Marathon Hack-Along Recap + $300k Client-side Bugs

Episode 158: In this episode of Critical Thinking - Bug Bounty Podcast we talk about our personal takeaways from the CTBB Charity Hackalong, and then break down some InsertScript POCs, what a $55,000 ...

22 Tammi 58min

Episode 157: Crushing Pwn2Own & H1 with Kernel Driver Exploits

Episode 157: Crushing Pwn2Own & H1 with Kernel Driver Exploits

Episode 157: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Hypr to talk about hacking Mediatek and his experiences with HackerOne and Pwn2Own Ecosystems.Follow us on twitte...

15 Tammi 1h 34min