logo
episode-header-image
Feb 2023
1h 39m

Episode 6: Mobile Hacking Attack Vectors...

Justin Gardner (Rhynorater) & Joseph Thacker (Rez0)
About this episode

Episode 6: In this episode of Critical Thinking - Bug Bounty Podcast we sit down with mobile hacking legend Joel Margolis and get the scoop on his approach to popping bugs on Android.

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

Joel’s HackerOne Android Hacking Introduction:

https://t.ly/f87D

Android Pixel Lock Screen Bypass

https://t.ly/Q_qq

Exploiting Deeplink URLs:

https://inesmartins.github.io/exploiting-deep-links-in-android-part1/index.html

Joel’s get_schemas tool:

https://github.com/teknogeek/get_schemas

Example AndroidManfest.xml we referenced:

https://t.ly/mcN1

https://t.ly/ErVV

Android docs for intent filters:

https://developer.android.com/guide/components/intents-filters.html

Android docs for “setAllowContentaccess”:

https://t.ly/hXOZ

Android docs for “setAllowFileAccess”:

https://developer.android.com/reference/android/webkit/WebSettings#setAllowFileAccess(boolean)

Add JavaScript Interface to Webview:

https://developer.android.com/reference/android/webkit/WebView#addJavascriptInterface(java.lang.Object,%20java.lang.String)

Joel’s SSL Pinning Bypass:

https://gist.github.com/teknogeek/4dc35fb3801bd7f13e5f0da5b784c725

Google Chrome Docs for Intent URLs:

https://developer.chrome.com/docs/multidevice/android/intents/#considerations

Joel’s Bug Bounty Report:

https://hackerone.com/reports/423467

Up next
Yesterday
Episode 143: New Cohost + Client-Side Gadgets, LHE Meta — Instant Global Admin in Entra!
Episode 143: In this episode of Critical Thinking - Bug Bounty Podcast Justin brings Brandyn back to announce him as our newest co-host. We chat about recent LHE experiences, and then break down some news. Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and sugges ... Show More
1h 4m
Oct 2
Episode 142: Gr3pme's Full-Time Hunting Journey Update, Insane AI research, And Some Light News
Episode 142: In this episode of Critical Thinking - Bug Bounty Podcast Rez0 and Gr3pme join forces to discuss Websocket research, Meta’s $111750 Bug, PROMISQROUTE, and the opportunities afforded by going full time in Bug Bounty.Follow us on twitter at: https://x.com/ctbbpodcastGo ... Show More
54m 50s
Sep 25
Episode 141: Hacking the Pod - Google Docs 0-day & React CreateElement Exploits with Nick Copi (7urb0)
Episode 141: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Nick Copi to talk about CSPT, React, CSS Injections and how Nick hacked the pod.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any f ... Show More
1h 23m
Recommended Episodes
Apr 2022
Getting Lost in Git and Goodbye tsc
It's been a while since Chuck and Robbie dove headfirst into trending tech topics without a guest to bounce their ideas off of. Today, they discuss the latest in TypeScript and Git, the evolution of JavaScript over the years, developer pet peeves, and what success means on a team ... Show More
50m 48s
Nov 2023
CyanogenMod and the Death of the Android ROM
Today we've got another special episode! Don't worry, there will be another regular episode on Friday. In today's episode David tries to find out what happened to Android ROMming? There was a time when flashing the latest nightly on your phone had an entire community built around ... Show More
1h 46m
Feb 2024
E167: Nvidia smashes earnings (again), Google's Woke AI disaster, Groq's LPU breakthrough & more
(0:00) Bestie intros: Banana boat! (2:34) Nvidia smashes expectations again: understanding its terminal value and bull/bear cases in the context of the history of the internet (27:26) Groq's big week, training vs. inference, LPUs vs. GPUs, how to succeed in deep tech (49:37) Goog ... Show More
1h 20m
Feb 2024
Episode 108 - Diving into Amazon Q Builder with Clare Liguori
🚀 Dive into the world of AI with Morgan Willis, Principal Cloud Technologist for AWS, as she interviews Clare Liguori, a Senior Principal Software Engineer at AWS and one of the visionaries behind Amazon Q. Discover the secrets behind this groundbreaking Generative AI conversati ... Show More
48m 6s
Feb 2024
WORST EXCUSES FOR CHEATING?! | EP 369 | ShxtsNGigs Podcast
#Ad GRAB YOUR WHOOP NOW https://join.whoop.com/en-uk/SNG SNG LIVE AT THE O2!!:https://www.axs.com/uk/events/518134/shxtsngigs-tickets?skin=theo2 CHECK OUT JAMES' STREAMS:https://www.twitch.tv/sng_james This Week The Guys Discuss: SUBSCRIBE TO OUR REACTION CHANNEL: https://www.you ... Show More
55m 52s
Nov 2023
Some 40 Series Getting Discontinued
► Thanks to ProtoArc for sponsoring today’s video! Use code UFD10 to get 10% off! Check out their HUB Mouse & XK01 Folding Keyboard here: https://geni.us/MGmAY & https://geni.us/lZnRV ► Check out today's hottest tech deals here: https://www.ufd.deals/ https://howl.me/ck1lO9QW ... Show More
22m 3s
Feb 2024
Empowering Innovation: Oxolo's €13M Funding Boosts AI-Driven Video Platform
Explore the transformative potential of Oxolo's €13M funding round, fueling innovation and pushing the boundaries of AI-driven video technology. Get on the AI Box Waitlist: https://AIBox.ai/ Join our ChatGPT Community: ⁠https://www.facebook.com/groups/739308654562189/⁠ Follow ... Show More
8m 18s
Feb 2024
#55 How To Walk On Water With Jesus
CELSIUSBrandPartner CELSIUSLiveFit @CelsiusOfficial Find CELSIUS near you: https://www.celsius.com/buy-locate/ Use my code GEORGE20 to get 20% off your order at https://lifecykel.com! Text Me! (602) 932-8118 Follow George! Instagram: https://www.instagram.com/georgejanko Twitter: ... Show More
59m 2s
Feb 2024
Google DeepMind C.E.O. Demis Hassabis on the Path From Chatbots to A.G.I.
This week’s episode is a conversation with Demis Hassabis, the head of Google’s artificial intelligence division. We talk about Google’s latest A.I. models, Gemini and Gemma; the existential risks of artificial intelligence; his timelines for artificial general intelligence; and ... Show More
56m 37s
Listen to millions of songs and podcasts on Anghami