logo
episode-header-image
Sep 2023
43m 29s

Episode 38: Mobile Hacking Maestro: Serg...

Justin Gardner (Rhynorater) & Joseph Thacker (Rez0)
About this episode

Episode 38: In this episode of Critical Thinking - Bug Bounty Podcast, we're thrilled to welcome mobile hacking maestro Sergey Toshin (aka @bagipro). We kick off with Sergey sharing his unexpected journey into mobile security, and how he rose to become the number one hacker in both Google Play Security and Samsung Bug Bounty programs. We then delve into the evolving perception of mobile bugs, a myriad of new and existing attack vectors, and discuss Sergey's creation of mobile security company Oversecured. You’re going to want to make time for this one!

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

Today's Guest:

https://twitter.com/_bagipro

Oversecured

https://oversecured.com/

Oversecured Blog

https://blog.oversecured.com/

jadx

https://github.com/skylot/jadx

'Golden Android Techniques'

https://hackerone.com/reports/431002

Timestamps:

(00:00:00) Introduction

(00:01:28) Sergey Toshin’s hacking journey and achievements

(00:08:20) Mobile hacking: Devices and attack vectors

(00:12:35) Using Jadx

(00:15:40) The creation of Oversecured

(00:23:10) The Oversecured Blog and Sharing Information

(00:28:08) New Spheres and Strategies of Mobile Hacking

(00:35:13) Tips for getting into Mobile Hacking

Up next
Aug 21
Episode 136: Hacking Cluely, AI Prod Sec, and How To Not Get Sued with Jack Cable
Episode 136: In this episode of Critical Thinking - Bug Bounty Podcast, Joseph Thacker sits down with Jack Cable to get the scoop on a significant bug in Cluely’s desktop application, as well as the resulting drama. They also talk about Jack’s background in government cybersecuri ... Show More
50m 53s
Aug 14
Episode 135: Akamai's Ryan Barnett on WAFs, Unicode Confusables, and Triage Stories
Episode 135: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Ryan Barnett for a deep dive on WAFs. We also recap his Exploiting Unicode Normalization talk from DEFCON, and get his perspective on bug hunting from his time at Akamai. Follow us on twi ... Show More
1h 26m
Aug 4
Episode 134: XBOW - AI Hacking Agent and Human in the Loop with Diego Djurado
Episode 134: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Diego Djurado to give us the scoop on XBOW. We cover a little about its architecture and approach to hunting, the challenges with hallucinations, and the future of AI in the BB landscape. Diego ... Show More
1h 53m
Recommended Episodes
Jan 2024
Hacker Saket Modi Returns: New Cyber Risks, Identity Thefts, Deep Fake Horrors | TRS 374
Check out BeerBiceps SkillHouse's Video Editing Course - https://bbsh.in/bb-launch-yt Use my referral code OFF50 to get a 50% Discount on a standard membership subscription. Valid Upto 15th January 2024 Only. Follow BeerBiceps SkillHouse's Social Media Handles: YouTube : https:// ... Show More
1h 24m
Mar 2022
130: Ethical Hacking with Ted Harrington
"Hacking" is a word that evokes awe from the public, laughter from developers, and pure fear from technology leaders.  But what really is hacking?  What does trust really mean and how do we acquire and keep trust on the Internet?  It turns out that, while hacking is associated wi ... Show More
1h 25m
Mar 2024
AI vs software devs
Daniel and Chris are out this week, so we’re bringing you conversations all about AI’s complicated relationship to software developers from other Changelog pods: JS Party, Go Time & The Changelog.Join the discussionChangelog++ members save 2 minutes on this episode because they m ... Show More
57 m
Jan 2024
Midnight Blizzard brings the storm.
Russian state hackers breach Microsoft. LockBit claims Subway restaurants hack. A Swedish datacenter is hit with ransomware. VMware patches a vulnerability targeted by Chinese espionage groups. Sentinel Labs warns of North Korean APTs focus on cybersecurity pros. FTC order anothe ... Show More
29m 59s
Sep 2023
TWiG 732: Unidentified Flying Skellington - New Android Branding, Twitter Spy
Britain Admits Defeat in Controversial Online Safety Bill When Tech Says "No" Apple Backs Down on Its Controversial Photo-Scanning Plans The FBI secretly launched an encrypted messaging system for criminals Former Twitter Employees Charged With Spying for Saudi Arabia Jeff Jarvis ... Show More
2h 14m
May 2024
763: Web Scraping + Reverse Engineering APIs
Web scraping 101! Dive into the world of web scraping with Scott and Wes as they explore everything from tooling setup and navigating protected routes to effective data management. In this Tasty Treat episode, you’ll gain invaluable insights and techniques to scrape (almost) any ... Show More
52m 33s
Nov 2023
198 - SUAVE Explained with Phil Daian & Andrew Miller
Phil Daian is a crypto-economic researcher! Phil is the lead author behind the landmark paper, “Flash Boys 2.0,” which introduced and defined the MEV problem in the Ethereum landscape, over 4 years ago. He is the cofounder of FlashBots, which is a research and dev organization wi ... Show More
1h 32m
Mar 2024
Linux Kernel Scheduler Developer | David Vernet
The linux kernel is something we all use but have you ever thought about what goes into it, well today we've got David Vernet on the show who has spent quite a bit of time focusing on one aspect, that being the scheduler. =========Guest Links========== Twitch: https://www.twi ... Show More
1h 55m
Feb 2024
Hacker une grosse entreprise : impossible ? Pas si sûr... (La Chronique de Micode)
Micode revient dans Popcorn mais pas tout seul. Il est venu avec une chronique pour nous expliquer pourquoi les grandes entreprises sont aussi très vulnérables aux problème de hacking. Pour voir l'émission rendez-vous sur Twitch et YouTube ! Vous pouvez aussi nous suivre sur nos ... Show More
21m 29s
Apr 2024
MKBHD vs. Humane AI Pin, Rabbit R1, AI Deception and more!
Bringing the old format back for a bit!  INSTAGRAM: https://www.instagram.com/throughtheweb.podcast/ WATCH THE EPISODE: https://youtu.be/V1b7o4Lm6mw Twitter: https://twitter.com/throughtheweb 00:00 - Intro 00:37 - What we've been up to 06:41 - Humane AI Pin 19:14 - Rabbit R1 ... Show More
1h 7m
Listen to millions of songs and podcasts on Anghami