Episode 164: Tommy DeVoss: From Black Hat to Bug Bounty LEGEND

Critical Thinking - Bug Bounty Podcast

Mar 05, 2026•1 hr 12 min•Season 1Ep. 164

--:--

Listen in podcast apps:

Apple Podcasts

Spotify

Download

Listen to this episode in Metacast mobile app

Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

Episode 164: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Tommy DeVoss to talk about his origin story, Yahoo bugs, and how Tommy first got Justin into Bug Bounty

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater, rez0 and gr3pme on X:

https://x.com/Rhynorater

https://x.com/rez0__

https://x.com/gr3pme

Critical Research Lab:

https://lab.ctbb.show/

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today’s Guest: https://x.com/thedawgyg

====== This Week in Bug Bounty ======

Python pitfalls: Turning developer mistakes into vulnerabilities

https://www.yeswehack.com/learn-bug-bounty/python-pitfalls-turning-developer-mistakes?utm_source=critical-thinking&utm_medium=sponsored&utm_campaign=article-research-python-pitfalls

====== Timestamps ======

(00:00:00) Introduction

(00:06:22) Yahoo SSRF

(00:14:56) Tommy's Origin

(00:44:10) Bug Bounty

(00:51:47) SSRF Attraction, AI implementation, & Browser Hacking

For the best experience, listen in Metacast app for iOS or Android